Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dotnet PE binary cataloger is detecting false positives #3469

Open
wagoodman opened this issue Nov 20, 2024 · 1 comment
Open

Dotnet PE binary cataloger is detecting false positives #3469

wagoodman opened this issue Nov 20, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@wagoodman
Copy link
Contributor

What happened:
Originally reported https://github.com/anchore/vulnerability-match-exclusion-database/issues/240#issuecomment-2489341204

syft -q ~/Downloads/jruby-exec.zip 
NAME   VERSION  TYPE     
JRuby  1.0      dotnet  

What you expected to happen:
Jruby is not a .NET application, thus should not be detected as so (should find no packages)

Steps to reproduce the issue:
Download jruby binary and scan it with syft.

Anything else we need to know?:
Proposed fix: scan the PE binary for indications of the .NET framework.
Partial fix implemented: https://github.com/anchore/syft/compare/filter-dotnet-pe

@wagoodman wagoodman added the bug Something isn't working label Nov 20, 2024
@osiagwe
Copy link

osiagwe commented Nov 20, 2024

Hey Alex! CBP also went on to note that the same issue affects jrubyw.exe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: No status
Development

No branches or pull requests

2 participants