aquasecurity · kovacs-levent · Apr 19, 2024 · Apr 19, 2024 · Apr 19, 2024 · Apr 19, 2024
@@ -509,12 +509,16 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
  analyzers = append(analyzers, analyzer.TypeHistoryDockerfile)
  }
 
- // Skip executable file analysis if Rekor isn't a specified SBOM source.
+ return analyzers
+}
+
+func disabledHandlers(opts flag.Options) []ftypes.HandlerType {
+ var handlers []ftypes.HandlerType
+ // Skip unpackaged executable file analysis with Rekor if Rekor isn't a specificed SBOM source
  if !slices.Contains(opts.SBOMSources, types.SBOMSourceRekor) {
- analyzers = append(analyzers, analyzer.TypeExecutable)
+ handlers = append(handlers, ftypes.UnpackagedPostHandler)
  }
-
- return analyzers
+ return handlers
 }
 
 func filterMisconfigAnalyzers(included, all []analyzer.Type) ([]analyzer.Type, error) {
@@ -626,6 +630,7 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi
  },
  ArtifactOption: artifact.Option{
  DisabledAnalyzers: disabledAnalyzers(opts),
+ DisabledHandlers: disabledHandlers(opts),
  FilePatterns: opts.FilePatterns,
  Parallel: opts.Parallel,
  Offline: opts.OfflineScan,

@@ -0,0 +1,76 @@
+// Ported from https://github.com/golang/go/blob/b5a861782312d2b3a4f71e33d9a0c2b01a40fe5f/src/debug/buildinfo/buildinfo.go
+
+package executable
+
+import (
+ "bytes"
+ "debug/elf"
+ "errors"
+ "fmt"
+ "io"
+)
+
+var errUnrecognizedFormat = errors.New("unrecognized file format")
+
+// An exe is a generic interface to an OS executable (ELF, Mach-O, PE, XCOFF).
+type Exe interface {
+ // ReadData reads and returns up to size byte starting at virtual address addr.
+ ReadData(addr, size uint64) ([]byte, error)
+
+ // DataStart returns the writable data segment start address.
+ DataStart() (uint64, uint64)
+}
+
+// openExe opens file and returns it as an exe.
+func OpenExe(r io.ReaderAt) (Exe, error) {
+ ident := make([]byte, 16)
+ if n, err := r.ReadAt(ident, 0); n < len(ident) || err != nil {
+ return nil, errUnrecognizedFormat
+ }
+
+ switch {
+ case bytes.HasPrefix(ident, []byte("\x7FELF")):
+ f, err := elf.NewFile(r)
+ if err != nil {
+ return nil, errUnrecognizedFormat
+ }
+ return &elfExe{f}, nil
+ default:
+ return nil, errUnrecognizedFormat
+ }
+
+ return nil, errUnrecognizedFormat
+}
+
+// elfExe is the ELF implementation of the exe interface.
+type elfExe struct {
+ f *elf.File
+}
+
+func (x *elfExe) ReadData(addr, size uint64) ([]byte, error) {
+ for _, prog := range x.f.Progs {
+ if prog.Vaddr > addr || addr > prog.Vaddr+prog.Filesz-1 {
+ continue
+ }
+ n := prog.Vaddr + prog.Filesz - addr
+ if n > size {
+ n = size
+ }
+ data := make([]byte, n)
+ _, err := prog.ReadAt(data, int64(addr-prog.Vaddr))
+ if err != nil {
+ return nil, err
+ }
+ return data, nil
+ }
+ return nil, fmt.Errorf("address not mapped")
+}
+
+func (x *elfExe) DataStart() (uint64, uint64) {
+ for _, s := range x.f.Sections {
+ if s.Name == ".rodata" {
+ return s.Addr, s.SectionHeader.Size
+ }
+ }
+ return 0, 0
+}
@@ -0,0 +1,70 @@
+// Ported from https://github.com/golang/go/blob/e9c96835971044aa4ace37c7787de231bbde05d9/src/cmd/go/internal/version/version.go
+
+package nodejsparser
+
+import (
+ "bytes"
+ "regexp"
+
+ "golang.org/x/xerrors"
+
+ "github.com/aquasecurity/trivy/pkg/dependency"
+ exe "github.com/aquasecurity/trivy/pkg/dependency/parser/executable"
+ ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+ xio "github.com/aquasecurity/trivy/pkg/x/io"
+)
+
+var (
+ ErrUnrecognizedExe = xerrors.New("unrecognized executable format")
+)
+
+type Parser struct{}
+
+func NewParser() *Parser {
+ return &Parser{}
+}
+
+// Parse scans file to try to report the NodeJS version.
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
+ x, err := exe.OpenExe(r)
+ if err != nil {
+ return nil, nil, ErrUnrecognizedExe
+ }
+
+ mod, vers := findVers(x)
+ if vers == "" {
+ return nil, nil, nil
+ }
+
+ var libs []ftypes.Package
+ libs = append(libs, ftypes.Package{
+ ID: dependency.ID(ftypes.NodeJsExecutable, mod, vers),
+ Name: mod,
+ Version: vers,
+ })
+
+ return libs, nil, nil
+}
+
+// findVers finds and returns the NodeJS version in the executable x.
+func findVers(x exe.Exe) (vers, mod string) {
+ text, size := x.DataStart()
+ data, err := x.ReadData(text, size)
+ if err != nil {
+ return
+ }
+
+ re := regexp.MustCompile(`node\.js\/v(\d{1,3}\.\d{1,3}\.\d{1,3})`)
+ // split by null characters
+ items := bytes.Split(data, []byte("\000"))
+ for _, s := range items {
+ // Extract the version number
+ match := re.FindSubmatch(s)
+ if match != nil {
+ vers = string(match[1])
+ break
+ }
+ }
+
+ return "node", vers
+}
@@ -0,0 +1,54 @@
+package nodejsparser
+
+import (
+ "os"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "github.com/aquasecurity/trivy/pkg/fanal/types"
+)
+
+func TestParse(t *testing.T) {
+ tests := []struct {
+ name string
+ inputFile string
+ want []types.Package
+ wantDep []types.Dependency
+ wantErr string
+ }{
+ {
+ name: "ELF12",
+ inputFile: "testdata/node.12.elf",
+ want: []types.Package{
+ {
+ ID: "[email protected]",
+ Name: "node",
+ Version: "12.16.3",
+ },
+ },
+ },
+ {
+ name: "sad path",
+ inputFile: "testdata/dummy",
+ wantErr: "unrecognized executable format",
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ f, err := os.Open(tt.inputFile)
+ require.NoError(t, err)
+ parser := NewParser()
+ got, _, err := parser.Parse(f)
+ if tt.wantErr != "" {
+ require.Error(t, err)
+ require.ErrorContains(t, err, tt.wantErr)
+ return
+ }
+
+ require.NoError(t, err)
+ assert.Equal(t, tt.want, got)
+ })
+ }
+}
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
@@ -0,0 +1,71 @@
+// Ported from https://github.com/golang/go/blob/e9c96835971044aa4ace37c7787de231bbde05d9/src/cmd/go/internal/version/version.go
+
+package phpparser
+
+import (
+ "bytes"
+ "regexp"
+
+ "golang.org/x/xerrors"
+
+ "github.com/aquasecurity/trivy/pkg/dependency"
+ exe "github.com/aquasecurity/trivy/pkg/dependency/parser/executable"
+ ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+ xio "github.com/aquasecurity/trivy/pkg/x/io"
+)
+
+var (
+ ErrUnrecognizedExe = xerrors.New("unrecognized executable format")
+ ErrNonPythonBinary = xerrors.New("non Python binary")
+)
+
+type Parser struct{}
+
+func NewParser() *Parser {
+ return &Parser{}
+}
+
+// Parse scans file to try to report the Python version.
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {
+ x, err := exe.OpenExe(r)
+ if err != nil {
+ return nil, nil, ErrUnrecognizedExe
+ }
+
+ name, vers := findVers(x)
+ if vers == "" {
+ return nil, nil, nil
+ }
+
+ var libs []ftypes.Package
+ libs = append(libs, ftypes.Package{
+ ID: dependency.ID(ftypes.PhpExecutable, name, vers),
+ Name: name,
+ Version: vers,
+ })
+
+ return libs, nil, nil
+}
+
+// findVers finds and returns the PHP version in the executable x.
+func findVers(x exe.Exe) (vers, mod string) {
+ text, size := x.DataStart()
+ data, err := x.ReadData(text, size)
+ if err != nil {
+ return
+ }
+
+ re := regexp.MustCompile(`(?m)X-Powered-By: PHP\/(?P<version>[0-9]+\.[0-9]+\.[0-9]+(beta[0-9]+|alpha[0-9]+|RC[0-9]+)?)`)
+ // split by null characters
+ items := bytes.Split(data, []byte("\000"))
+ for _, s := range items {
+ // Extract the version number
+ match := re.FindSubmatch(s)
+ if match != nil {
+ vers = string(match[1])
+ break
+ }
+ }
+
+ return "php", vers
+}
@@ -0,0 +1,54 @@
+package phpparser
+
+import (
+ "os"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+
+ "github.com/aquasecurity/trivy/pkg/fanal/types"
+)
+
+func TestParse(t *testing.T) {
+ tests := []struct {
+ name string
+ inputFile string
+ want []types.Package
+ wantErr string
+ }{
+ {
+ name: "ELF",
+ inputFile: "testdata/php.elf",
+ want: []types.Package{
+ {
+ ID: "[email protected]",
+ Name: "php",
+ Version: "8.0.7",
+ },
+ },
+ },
+ {
+ name: "sad path",
+ inputFile: "testdata/dummy",
+ wantErr: "unrecognized executable format",
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ f, err := os.Open(tt.inputFile)
+ require.NoError(t, err)
+
+ parser := NewParser()
+ got, _, err := parser.Parse(f)
+ if tt.wantErr != "" {
+ require.Error(t, err)
+ require.ErrorContains(t, err, tt.wantErr)
+ return
+ }
+
+ require.NoError(t, err)
+ assert.Equal(t, tt.want, got)
+ })
+ }
+}
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA