search

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Apache License 2.0
5.93k stars 545 forks source link

Support bitnami/mysql:8.x #3025

Open witchcraze opened 1 month ago

witchcraze commented 1 month ago

What would you like to be added:

Support MySQL 8.x in binary detection // Since current check target file is mysql (not mysqld), I check file - mysql in this time.

Additional context:

$ syft bitnami/mysql:8.4 | grep mysql
 ✔ Loaded image                                                                                      bitnami/mysql:8.4  
 ✔ Parsed image                                sha256:4caaa8e835734a48368f180071cf416fdedec7a712f6c05c1c3a901684930910
 ✔ Cataloged contents                                 fd9f3d4ed4691b2840ea58cd8a4724c74246441acf668168e4aa0d9d561d6e77
   ├── ✔ Packages                        [141 packages]
   ├── ✔ File digests                    [5,607 files]
   ├── ✔ File metadata                   [5,607 locations]
   └── ✔ Executables                     [1,196 executables]

$ syft bitnami/mysql:8.0 | grep mysql
 ✔ Pulled image
 ✔ Loaded image                                                                                      bitnami/mysql:8.0
 ✔ Parsed image                                sha256:a33bc1da8a94144b0233826dcc003664c4890c2ed0a38471ee775d9b30a47abe
 ✔ Cataloged contents                                 849eb46e9d7fcb381519b9a2f1d49f44fdfccb2ff01fb7b2f38ab8c4fd3f9570
   ├── ✔ Packages                        [141 packages]
   ├── ✔ File digests                    [5,607 files]
   ├── ✔ File metadata                   [5,607 locations]
   └── ✔ Executables                     [1,017 executables] 
$ docker run -it --rm bitnami/mysql:8.0 mysql --version
mysql 13:45:23.94 INFO  ==>
mysql 13:45:23.94 INFO  ==> Welcome to the Bitnami mysql container
mysql 13:45:23.95 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 13:45:23.95 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 13:45:23.95 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
mysql 13:45:23.95 INFO  ==>

mysql  Ver 8.0.38 for Linux on x86_64 (Source distribution)

$ docker run -it --rm bitnami/mysql:8.0 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '8\.0\.38'
UNKNOWN_USER
shutdown
8.0.38
mysql_real_escape_string_quote
mysql_real_escape_string
$ docker run -it --rm bitnami/mysql:8.1 mysql --version
mysql 13:48:58.97
mysql 13:48:58.97 Welcome to the Bitnami mysql container
mysql 13:48:58.97 Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 13:48:58.97 Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 13:48:58.98

mysql  Ver 8.1.0 for Linux on x86_64 (Source distribution)

$ docker run -it --rm bitnami/mysql:8.1 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '8\.1\.0'
UNKNOWN_USER
shutdown
8.1.0
mysql_real_escape_string_quote
mysql_real_escape_string
$ docker run -it --rm bitnami/mysql:8.2 mysql --version
mysql 13:50:11.32 INFO  ==>
mysql 13:50:11.32 INFO  ==> Welcome to the Bitnami mysql container
mysql 13:50:11.32 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 13:50:11.33 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 13:50:11.33 INFO  ==>

mysql  Ver 8.2.0 for Linux on x86_64 (Source distribution)

$ docker run -it --rm bitnami/mysql:8.2 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '8\.2\.0'
UNKNOWN_USER
shutdown
8.2.0
mysql_real_escape_string_quote
mysql_real_escape_string
$ docker run -it --rm bitnami/mysql:8.3 mysql --version
mysql 13:51:13.87 INFO  ==>
mysql 13:51:13.87 INFO  ==> Welcome to the Bitnami mysql container
mysql 13:51:13.88 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 13:51:13.88 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 13:51:13.88 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
mysql 13:51:13.88 INFO  ==>

mysql  Ver 8.3.0 for Linux on x86_64 (Source distribution)

$ docker run -it --rm bitnami/mysql:8.3 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '8\.3\.0'
mysql_change_user
UNKNOWN_USER
8.3.0
mysql_real_escape_string_quote
mysql_real_escape_string
$ docker run -it --rm bitnami/mysql:8.4 mysql --version
mysql 13:52:44.91 INFO  ==>
mysql 13:52:44.91 INFO  ==> Welcome to the Bitnami mysql container
mysql 13:52:44.92 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 13:52:44.92 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 13:52:44.92 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
mysql 13:52:44.92 INFO  ==>

mysql  Ver 8.4.1 for Linux on x86_64 (Source distribution)

$ docker run -it --rm bitnami/mysql:8.4 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '8\.4\.1'
shutdown
SHOW PROCESSLIST
8.4.1
mysql_real_escape_string_quote
mysql_real_escape_string
witchcraze commented 1 month ago

9.x may be same status

$ syft bitnami/mysql:9.0 | grep mysql
 ✔ Loaded image                                                              bitnami/mysql:9.0   
 ✔ Parsed image                    sha256:852a5f421e215520df9bdb43cafda02eaa265e5edc1d572323fd
 ✔ Cataloged contents              2b1aa5928ee0f57620f4de8f4b82ab8934d235a4623d4cfb1d98d88c394
   ├── ✔ Packages                        [141 packages]
   ├── ✔ File digests                    [5,607 files]
   ├── ✔ File metadata                   [5,607 locations]
   └── ✔ Executables                     [1,199 executables]
$
$ docker run -it --rm bitnami/mysql:9.0 mysql --version
mysql 11:48:06.47 INFO  ==>
mysql 11:48:06.47 INFO  ==> Welcome to the Bitnami mysql container
mysql 11:48:06.48 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
mysql 11:48:06.48 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
mysql 11:48:06.48 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
mysql 11:48:06.48 INFO  ==>

mysql  Ver 9.0.0 for Linux on x86_64 (Source distribution)
$
$ docker run -it --rm bitnami/mysql:9.0 strings /opt/bitnami/mysql/bin/mysql | grep -C 2 -E '9\.0\.0'
shutdown
SHOW PROCESSLIST
9.0.0
mysql_real_escape_string_quote
mysql_real_escape_string