Haskell Cabal packages crash syft

[fgaz]

Please provide a set of steps on how to reproduce the issue

$ mkdir mypkg
$ cd mypkg/
$ cabal init -n
[Log] Guessing dependencies...
[Log] Using cabal specification: 3.8
[Warning] unknown license type, you must put a copy in LICENSE yourself.
[Log] Creating fresh file CHANGELOG.md...
[Log] Creating fresh directory ./app...
[Log] Creating fresh file app/Main.hs...
[Log] Creating fresh file mypkg.cabal...
[Warning] No synopsis given. You should edit the .cabal file and add one.
[Info] You may want to edit the .cabal file and add a Description field.

$ cabal freeze
Resolving dependencies...
Wrote freeze file: /tmp/mypkg/cabal.project.freeze
$ syft .
 ⠋ Indexing .              [file: /tmp/mypkg]
 ⠋ Cataloging packages     [packages 0]panic: runtime error: slice bounds out of range [:-1]

goroutine 40 [running]:
github.com/anchore/syft/syft/pkg/cataloger/haskell.parseCabalFreeze({0xa?, 0xc0005de068?}, 0xc00075c150?, {{{{0xc0014020cb, 0x14}, {0x0, 0x0}}, {0x0, 0x0}, {0x5, ...}}, ...})
        github.com/anchore/syft/syft/pkg/cataloger/haskell/parse_cabal_freeze.go:37 +0x5d8
github.com/anchore/syft/syft/pkg/cataloger/generic.(*Cataloger).Catalog(0xc00075d3e0, {0x28efdd0, 0xc000474070})
        github.com/anchore/syft/syft/pkg/cataloger/generic/cataloger.go:127 +0x70e
github.com/anchore/syft/syft/pkg/cataloger.Catalog({0x28efdd0?, 0xc000474070}, 0x8?, {0xc00017c2c0, 0x16, 0x0?})
        github.com/anchore/syft/syft/pkg/cataloger/catalog.go:54 +0x3ec
github.com/anchore/syft/syft.CatalogPackages(0xc000242300, {{0x1, 0x0, {0x2504036, 0x8}}, {0x0, 0x0, 0x0}})
        github.com/anchore/syft/syft/lib.go:72 +0x5a5
github.com/anchore/syft/cmd/syft/cli/eventloop.generateCatalogPackagesTask.func1(0xc000bfa4e0, 0x0?)
        github.com/anchore/syft/cmd/syft/cli/eventloop/tasks.go:49 +0xdc
github.com/anchore/syft/cmd/syft/cli/eventloop.RunTask(0x0?, 0x0?, 0x0?, 0xc001414000, 0xc000090680?)
        github.com/anchore/syft/cmd/syft/cli/eventloop/tasks.go:223 +0x85
created by github.com/anchore/syft/cmd/syft/cli/packages.buildRelationships
        github.com/anchore/syft/cmd/syft/cli/packages/packages.go:121 +0x65

What happened: syft crashed

What you expected to happen: syft completes the scan successfully

Anything else we need to know?:

Environment:

• Output of syft version: syft 0.60.3
• OS (e.g: cat /etc/os-release or similar): NixOS 22.05
• cabal-install --version:

  cabal-install version 3.8.1.0
  compiled using version 3.8.1.0 of the Cabal library
  

[spiffcs]

Looks like we're not handling cabal freeze correctly - I've reproduced this on my machine and will get a quick patch added onto main

[spiffcs]

@fgaz I'll be on holiday, but we should have this new patched version along with some other fixes released come Monday.

Feel free to try it out using the tip of main for now. If you have any other bugs or questions just let me know and thanks for filing!