Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: align binary java detection with jvm cataloger + support IBM #4046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 22, 2025
Merged

fix: align binary java detection with jvm cataloger + support IBM #4046

merged 5 commits into from
Jul 22, 2025

Conversation

@kzantow
Copy link
Contributor

@kzantow kzantow commented Jul 2, 2025
edited
Loading

Description

This PR makes some changes to binary detection of Java packages:

  • a sequential/branching evidence matcher is introduced, where the first result stops further packages from being surfaced for the same file
  • the package names, PURLs, and CPEs have been updated to match what the JVM cataloger returns

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

kzantow
kzantow commented Jul 2, 2025
View reviewed changes
syft/pkg/cataloger/binary/classifiers.go
cpe.Must("cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
},
{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All the java classifiers have been moved to a separate file 👇

@kzantow kzantow marked this pull request as ready for review July 2, 2025 18:29
wagoodman
wagoodman reviewed Jul 22, 2025
View reviewed changes
@kzantow
chore: address PR feedback
1213823 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow merged commit 48bf81c into main Jul 22, 2025
12 checks passed
@kzantow kzantow deleted the fix/oracle-jdk-misidentification branch July 22, 2025 16:06
@kzantow kzantow linked an issue Jul 24, 2025 that may be closed by this pull request
Improve JVM Scan Accuracy for JDK and JRE Detection #4071
Closed
@kzantow kzantow mentioned this pull request Jul 24, 2025
Closed
@BrewTestBot BrewTestBot mentioned this pull request Jul 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve JVM Scan Accuracy for JDK and JRE Detection Azul JDK classified as Oracle JRE

2 participants

@kzantow @wagoodman