Differentiate between JRE and JDK

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
anchore · Apr 5, 2024 · d2094d0 · d2094d0
1 parent 1e31356
commit d2094d0
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 20 deletions.
diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -608,32 +608,32 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			logicalFixture: "java-jre-openjdk/1.8.0_352-b08/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0_352-b08",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0_352-b08",
+				PURL:      "pkg:generic/java/jre@1.8.0_352-b08",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
 		},
 		{
 			logicalFixture: "java-jre-openjdk/11.0.17/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "11.0.17+8-LTS",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@11.0.17%2B8-LTS",
+				PURL:      "pkg:generic/java/jre@11.0.17%2B8-LTS",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-openjdk", "java"),
 			},
 		},
 		{
 			logicalFixture: "java-graal-openjdk/17.0.3+7-jvmci-22.1-b06/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/graalvm",
 				Version:   "17.0.3+7-jvmci-22.1-b06",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@17.0.3%2B7-jvmci-22.1-b06",
+				PURL:      "pkg:generic/java/graalvm@17.0.3%2B7-jvmci-22.1-b06",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-graalvm", "java"),
 			},
@@ -643,10 +643,10 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
@@ -656,25 +656,36 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
 			logicalFixture: "java-jre-oracle/19.0.1/darwin",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "19.0.1+10-21",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@19.0.1%2B10-21",
+				PURL:      "pkg:generic/java/jre@19.0.1%2B10-21",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-oracle", "java"),
 			},
 		},
 		{
 			logicalFixture: "java-jre-ibm/1.8.0_391/linux-amd64",
 			expected: pkg.Package{
-				Name:      "java",
+				Name:      "java/jre",
 				Version:   "1.8.0-foreman_2023_10_12_13_27-b00",
 				Type:      "binary",
-				PURL:      "pkg:generic/java@1.8.0-foreman_2023_10_12_13_27-b00",
+				PURL:      "pkg:generic/java/jre@1.8.0-foreman_2023_10_12_13_27-b00",
 				Locations: locations("java"),
 				Metadata:  metadata("java-binary-ibm", "java"),
 			},
 		},
+		{
+			logicalFixture: "java-jdk-openjdk/21.0.2+13-LTS/linux-amd64",
+			expected: pkg.Package{
+				Name:      "java/jdk",
+				Version:   "21.0.2+13-LTS",
+				Type:      "binary",
+				PURL:      "pkg:generic/java/jdk@21.0.2%2B13-LTS",
+				Locations: locations("jdb"),
+				Metadata:  metadata("java-binary-jdk", "java"),
+			},
+		},
 		{
 			logicalFixture: "rust-libstd/1.50.0/linux-amd64",
 			expected: pkg.Package{

diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go
@@ -93,8 +93,8 @@ func DefaultClassifiers() []Classifier {
 				// Equivalent to the following regexp with lookahead support:
 				// (?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<release>[0-9]+[.0-9]*) (?P<version>[0-9]+[^-\x00]+(-(?!jvmci)[^-\x00]+)+)
 				`(?m)\x00openjdk\x00java\x00(?P<release>[0-9]+[.0-9]*)\x00(?P<version>[0-9]+[^-\s]+(-([^-j\x00][^-\x00]?|[^-\x00][^-v\x00][^-\x00]?|[^-\x00][^-\x00][^-m\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-c\x00][^-\x00]?|[^-\x00][^-\x00][^-\x00][^-\x00][^-i\s].?|[^-\x00]{6,}))+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			// TODO the updates might need to be part of the CPE Attributes, like: 1.8.0:update152
 			CPEs: singleCPE("cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*"),
 		},
@@ -104,8 +104,8 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]java[NUL]1.8[NUL][NUL][NUL][NUL]1.8.0-foreman_2022_09_22_15_30-b00[NUL]
 				`(?m)\x00java\x00(?P<release>[0-9]+[.0-9]+)\x00{4}(?P<version>[0-9]+[-._a-zA-Z0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"),
 		},
 		{
@@ -114,19 +114,28 @@ func DefaultClassifiers() []Classifier {
 			EvidenceMatcher: FileContentsVersionMatcher(
 				// [NUL]19.0.1+10-21[NUL]
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[+][-0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/jre",
+			PURL:    mustPURL("pkg:generic/java/jre@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*"),
 		},
 		{
 			Class:    "java-binary-graalvm",
 			FileGlob: "**/java",
 			EvidenceMatcher: FileContentsVersionMatcher(
 				`(?m)\x00(?P<version>[0-9]+[.0-9]+[.0-9]+\+[0-9]+-jvmci-[0-9]+[.0-9]+-b[0-9]+)\x00`),
-			Package: "java",
-			PURL:    mustPURL("pkg:generic/java@version"),
+			Package: "java/graalvm",
+			PURL:    mustPURL("pkg:generic/java/graalvm@version"),
 			CPEs:    singleCPE("cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"),
 		},
+		{
+			Class:    "java-binary-jdk",
+			FileGlob: "**/jdb",
+			EvidenceMatcher: FileContentsVersionMatcher(
+				`(?m)\x00(?P<version>[0-9]+\.[0-9]+\.[0-9]+(\+[0-9]+)?([-._a-zA-Z0-9]+)?)\x00`),
+			Package: "java/jdk",
+			PURL:    mustPURL("pkg:generic/java/jdk@version"),
+			CPEs:    singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"),
+		},
 		{
 			Class:    "nodejs-binary",
 			FileGlob: "**/node",

diff --git a/.../binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb b/.../binary/test-fixtures/classifiers/snippets/java-jdk-openjdk/21.0.2+13-LTS/linux-amd64/jdb
diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@@ -211,6 +211,14 @@ from-images:
     paths:
       - /opt/java/bin/java
 
+  - name: java-jdk-openjdk
+    version: 21.0.2+13-LTS
+    images:
+      - ref: eclipse-temurin:21.0.2_13-jdk-alpine@sha256:b5d37df8ee5bb964bb340acca83957f9a09291d07768fba1881f6bfc8048e4f5
+        platform: linux/amd64
+    paths:
+      - opt/java/openjdk/bin/jdb
+
 
 # TODO: this is not the original binary used in the test fixture
 #  - version: 5.12.5