fix(binary): support deno versions 1.10.3 - 1.32.2 in binary cataloger#4904
Open
tjhub1983 wants to merge 2 commits into
Open
fix(binary): support deno versions 1.10.3 - 1.32.2 in binary cataloger#4904tjhub1983 wants to merge 2 commits into
tjhub1983 wants to merge 2 commits into
Conversation
Added test case for deno 1.10.3 which uses a Rust-embedded version string (different from newer deno versions that use Deno/X.Y.Z format). The test verifies that syft correctly identifies the version from binary snippets containing patterns like 'deno 1.10.3' in the Rust binary string table. Signed-off-by: tjhub1983 <tjhub1983@users.noreply.github.com>
Fixes anchore#4865. The deno-binary classifier only matched the Deno/X.Y.Z string pattern found in newer deno binaries (1.32.3+). Versions 1.10.3 through 1.32.2 embed the version differently (via Rust binary metadata in the string table), causing syft to report 'deno' with no version. Added a secondary FileContentsVersionMatcher pattern to detect 'deno X.Y.Z' in older Rust binary string tables. This covers versions 1.10.3 through 1.32.2. Before: syft denoland/deno:1.32.2 -> deno (no version) After: syft denoland/deno:1.32.2 -> deno@1.32.2 Signed-off-by: tjhub1983 <tjhub1983@users.noreply.github.com>
Author
|
Hi @kzantow, Ill address all cases in the issue and add comprehensive test cases covering the full version range (1.10.3 - 1.32.2). Ill update the PR with the test data shortly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #4865.
Problem: The
deno-binaryclassifier only matched theDeno/X.Y.Zstring pattern found in newer deno binaries (1.32.3+). Versions 1.10.3 through 1.32.2 embed the version differently (via Rust binary metadata), causing syft to reportdenowith no version.Before:
syft denoland/deno:1.32.2->deno(no version)After:
syft denoland/deno:1.32.2->deno@1.32.2Fix: Added a secondary
FileContentsVersionMatcherpattern to detectdeno X.Y.Zin older Rust binary string tables, covering versions 1.10.3 through 1.32.2.DCO Sign-off: Each commit includes proper
Signed-off-by: tjhub1983 <tjhub1983@users.noreply.github.com>as required by the DCO.Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com