chore: pick more detailed PE product or file versions

Signed-off-by: Keith Zantow <[email protected]>
anchore · Nov 29, 2023 · fe83ea8 · fe83ea8
1 parent 495575d
commit fe83ea8
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 8 deletions.
diff --git a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable.go
@@ -135,11 +135,14 @@ func findVersion(versionResources map[string]string) string {
 		return fileVersion
 	}
 
-	if containsNumber(productVersion) && containsDot(productVersion) {
+	productVersionDetail := punctuationCount(productVersion)
+	fileVersionDetail := punctuationCount(fileVersion)
+
+	if containsNumber(productVersion) && productVersionDetail >= fileVersionDetail {
 		return productVersion
 	}
 
-	if containsNumber(fileVersion) && containsDot(fileVersion) {
+	if containsNumber(fileVersion) && fileVersionDetail > 0 {
 		return fileVersion
 	}
 
@@ -154,17 +157,19 @@ func findVersion(versionResources map[string]string) string {
 	return productVersion
 }
 
-func containsNumber(out string) bool {
-	return strings.ContainsAny(out, "1234567890")
+func containsNumber(s string) bool {
+	return numberRegex.MatchString(s)
 }
 
-func containsDot(out string) bool {
-	return strings.ContainsRune(out, '.')
+func punctuationCount(s string) int {
+	return len(versionPunctuationRegex.FindAllString(s, -1))
 }
 
 var (
 	// spaceRegex includes nbsp (#160) considered to be a space character
-	spaceRegex = regexp.MustCompile(`[\s\xa0]+`)
+	spaceRegex              = regexp.MustCompile(`[\s\xa0]+`)
+	numberRegex             = regexp.MustCompile(`\d`)
+	versionPunctuationRegex = regexp.MustCompile(`[.,]+`)
 )
 
 func findName(versionResources map[string]string) string {

diff --git a/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go b/syft/pkg/cataloger/dotnet/parse_dotnet_portable_executable_test.go
@@ -169,6 +169,30 @@ func TestParseDotnetPortableExecutable(t *testing.T) {
 				Version: "80.1.7.92",
 			},
 		},
+		{
+			name: "Better product version",
+			versionResources: map[string]string{
+				"FileDescription": "Better version",
+				"FileVersion":     "80.1.7",
+				"ProductVersion":  "80.1.7.92",
+			},
+			expectedPackage: pkg.Package{
+				Name:    "Better version",
+				Version: "80.1.7.92",
+			},
+		},
+		{
+			name: "Better file version",
+			versionResources: map[string]string{
+				"FileDescription": "Better version",
+				"FileVersion":     "80.1.7.92",
+				"ProductVersion":  "80.1.7",
+			},
+			expectedPackage: pkg.Package{
+				Name:    "Better version",
+				Version: "80.1.7.92",
+			},
+		},
 	}
 
 	for _, tc := range tests {

diff --git a/test/integration/catalog_packages_cases_test.go b/test/integration/catalog_packages_cases_test.go
@@ -82,7 +82,7 @@ var imageOnlyTestCases = []testCase{
 		pkgType:     pkg.DotnetPkg,
 		pkgLanguage: pkg.Dotnet,
 		pkgInfo: map[string]string{
-			"DocuSign.eSign": "6.8.0",
+			"DocuSign.eSign": "6.8.0.0",
 		},
 	},
 }