github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/README.md

github.com/anchore/syft@v1.4.2-0.20240516191711-1bec1fc5d397/syft/pkg/cataloger/binary/test-fixtures/elf-test-fixtures/README.md (about)

     1  ## Summary
     2  This image illustrates a few examples of how ELF executables can be assembled and illustrated in an SBOM.
     3  
     4  ### Example 1: elf-test-fixtures/elfbinwithsisterlib
     5  This example builds two binaries with srcs found in elfsrc1 and elfsrc2.
     6  
     7  
     8  
     9  - 3 separate libs, two with the same name, 1 different, all different locations, but same output when:
    10  
    11  
    12  
    13  ```
    14  objdump -s -j .note.package  /usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so
    15  
    16  /usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so:     file format elf64-littleaarch64
    17  
    18  Contents of section .note.package:
    19   0000 7b227479 7065223a 20227465 73746669  {"type": "testfi
    20   0010 78747572 65222c22 6c696365 6e736522  xture","license"
    21   0020 3a224d49 54222c22 636f6d6d 6974223a  :"MIT","commit":
    22   0030 22353533 34633338 64306666 65663961  "5534c38d0ffef9a
    23   0040 33663833 31353466 30623761 37666236  3f83154f0b7a7fb6
    24   0050 61623061 62366462 62222c22 736f7572  ab0ab6dbb","sour
    25   0060 63655265 706f223a 22687474 70733a2f  ceRepo":"https:/
    26   0070 2f676974 6875622e 636f6d2f 736f6d65  /github.com/some
    27   0080 6f6e652f 736f6d65 77686572 652e6769  one/somewhere.gi
    28   0090 74222c22 76656e64 6f72223a 20227379  t","vendor": "sy
    29   00a0 6674222c 22737973 74656d22 3a202273  ft","system": "s
    30   00b0 79667473 7973222c 226e616d 65223a20  yftsys","name":
    31   00c0 226c6962 68656c6c 6f5f776f 726c642e  "libhello_world.
    32   00d0 736f222c 22766572 73696f6e 223a2022  so","version": "
    33   00e0 302e3031 222c2270 75726c22 3a202270  0.01","purl": "p
    34   00f0 6b673a67 656e6572 69632f73 79667473  kg:generic/syfts
    35   0100 79732f73 79667474 65737466 69787475  ys/syfttestfixtu
    36   0110 72654030 2e303122 2c226370 65223a20  re@0.01","cpe":
    37   0120 22637065 3a2f6f3a 73796674 3a737966  "cpe:/o:syft:syf
    38   0130 74737973 5f746573 74666978 74757265  tsys_testfixture
    39   0140 5f737966 74746573 74666978 74757265  _syfttestfixture
    40   0150 3a302e30 31227d0a                    :0.01"}.
    41  ```
    42  
    43  ### Binaries
    44  ```
    45  /usr/local/bin/elftests/elfbinwithnestedlib/bin/elfbinwithnestedlib
    46  /usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin2
    47  /usr/local/bin/elftests/elfbinwithsisterlib/bin/elfwithparallellibbin1
    48  ```
    49  
    50  #### Libraries
    51  ```
    52  /usr/local/bin/elftests/elfbinwithnestedlib/bin/lib/libhello_world.so
    53  /usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world.so
    54  /usr/local/bin/elftests/elfbinwithsisterlib/lib/libhello_world2.so
    55  ```
    56  
    57  #### Binaries related to Libraries
    58  The resulting SBOM shoult show the following relationships:
    59  ```
    60  elfbinwithnestedlib -> libhello_world.so
    61  elfwithparallellibbin2 -> libhello_world.so
    62  elfwithparallellibbin1 -> libhello_world2.so
    63  ```
    64  #### Desired State
    65  We want to drop the package to file relationships and instead do package to package
    66  
    67  Single relationship
    68  ElfPackage `libhellp_world.so` -> ElfPackage `syfttestfixture` library
    69  
    70  Also relationship between the binaries and the rpm packages transitive dependencies that come from the library
    71  
    72  #### Actual state
    73  ```mermaid
    74  flowchart
    75      nested(.../bin/elfbinwithnestedlib)
    76      parallel1(.../bin/elfwithparallellibbin1)
    77      parallel2(.../bin/elfwithparallellibbin2)
    78      
    79      nestedLib(.../nested/bin/lib/libhello_world.so)
    80      sisterLib1(.../sister/lib/libhello_world.so)
    81      sisterLib2(.../sister/lib/libhello_world2.so)
    82      
    83      libc(libc.so.6)
    84      libstdc(libstdc++.so.6)
    85  
    86      nested --> |imports ../bin/lib/libhello_world.so| nestedLib
    87      nested --> |imports libhello_world.so| sisterLib1
    88      nested --> |imports libstdc++.so.6| libstdc
    89      nested --> |imports libc.so.6| libc
    90  
    91      nestedLib --> |imports libc.so.6| libc
    92      sisterLib1 --> |imports libc.so.6| libc
    93  
    94      parallel1 --> nestedLib
    95      parallel1 --> sisterLib1
    96      parallel1 --> libstdc
    97      parallel1 --> libc
    98  
    99      parallel2 --> |imports ../lib/libhello_world2.so| sisterLib2
   100      parallel2 --> |imports libhello_world2.so| sisterLib2
   101      parallel2 --> libstdc
   102      parallel2 --> libc
   103  
   104  
   105      sisterLib2 --> libc
   106  ```
   107  
   108  #### Desired relationships
   109  ```mermaid
   110  flowchart LR
   111      %% Data sync workflow...
   112  
   113      subgraph logicalAppPackage [ELF Package - 'syfttestfixture']
   114          nested(.../bin/elfbinwithnestedlib)
   115          parallel1(.../bin/elfwithparallellibbin1)
   116          parallel2(.../bin/elfwithparallellibbin2)
   117      end
   118  
   119  
   120      subgraph logicalLibPackage [ELF Package - 'libhello_world.so']
   121          nestedLib(.../nested/bin/lib/libhello_world.so)
   122          sisterLib1(.../sister/lib/libhello_world.so)
   123          sisterLib2(.../sister/lib/libhello_world2.so)
   124      end
   125  
   126  
   127      logicalLibPackage --> |dependency-of| logicalAppPackage
   128  
   129    
   130      %% RPM packages
   131  
   132      libstdc(libstdc++) --> |dependency-of| logicalAppPackage
   133      glibc(glibc) --> |dependency-of| logicalAppPackage
   134      glibc(glibc) --> |dependency-of| logicalLibPackage
   135  ```