mirror of
https://github.com/anchore/syft.git
synced 2026-07-04 18:18:26 +02:00
feat: elastic beats bin classifier (#4969)
Signed-off-by: Rez Moss <hi@rezmoss.com>
This commit is contained in:
parent
9c321691d4
commit
52a4c3b594
@ -786,6 +786,56 @@ catalogers:
|
||||
cpes:
|
||||
- cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/filebeat'
|
||||
packages:
|
||||
- class: filebeat-binary
|
||||
name: filebeat
|
||||
purl: pkg:generic/filebeat
|
||||
cpes:
|
||||
- cpe:2.3:a:elastic:filebeat:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/metricbeat'
|
||||
packages:
|
||||
- class: metricbeat-binary
|
||||
name: metricbeat
|
||||
purl: pkg:generic/metricbeat
|
||||
cpes:
|
||||
- cpe:2.3:a:elastic:metricbeat:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/heartbeat'
|
||||
packages:
|
||||
- class: heartbeat-binary
|
||||
name: heartbeat
|
||||
purl: pkg:generic/heartbeat
|
||||
cpes:
|
||||
- cpe:2.3:a:elastic:heartbeat:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/packetbeat'
|
||||
packages:
|
||||
- class: packetbeat-binary
|
||||
name: packetbeat
|
||||
purl: pkg:generic/packetbeat
|
||||
cpes:
|
||||
- cpe:2.3:a:elastic:packetbeat:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/auditbeat'
|
||||
packages:
|
||||
- class: auditbeat-binary
|
||||
name: auditbeat
|
||||
purl: pkg:generic/auditbeat
|
||||
cpes:
|
||||
- cpe:2.3:a:elastic:auditbeat:*:*:*:*:*:*:*:*
|
||||
type: BinaryPkg
|
||||
- method: glob
|
||||
criteria:
|
||||
- '**/elastic-agent'
|
||||
|
||||
@ -2557,6 +2557,83 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
|
||||
Metadata: metadata("ingress-nginx-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "filebeat/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "filebeat",
|
||||
Version: "9.4.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/filebeat@9.4.2",
|
||||
Locations: locations("filebeat"),
|
||||
Metadata: metadata("filebeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "filebeat/8.18.4/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "filebeat",
|
||||
Version: "8.18.4",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/filebeat@8.18.4",
|
||||
Locations: locations("filebeat"),
|
||||
Metadata: metadata("filebeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "filebeat/8.11.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "filebeat",
|
||||
Version: "8.11.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/filebeat@8.11.2",
|
||||
Locations: locations("filebeat"),
|
||||
Metadata: metadata("filebeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "metricbeat/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "metricbeat",
|
||||
Version: "9.4.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/metricbeat@9.4.2",
|
||||
Locations: locations("metricbeat"),
|
||||
Metadata: metadata("metricbeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "heartbeat/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "heartbeat",
|
||||
Version: "9.4.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/heartbeat@9.4.2",
|
||||
Locations: locations("heartbeat"),
|
||||
Metadata: metadata("heartbeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "packetbeat/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "packetbeat",
|
||||
Version: "9.4.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/packetbeat@9.4.2",
|
||||
Locations: locations("packetbeat"),
|
||||
Metadata: metadata("packetbeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "auditbeat/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
Name: "auditbeat",
|
||||
Version: "9.4.2",
|
||||
Type: "binary",
|
||||
PURL: "pkg:generic/auditbeat@9.4.2",
|
||||
Locations: locations("auditbeat"),
|
||||
Metadata: metadata("auditbeat-binary"),
|
||||
},
|
||||
},
|
||||
{
|
||||
logicalFixture: "elastic-agent/9.4.2/linux-amd64",
|
||||
expected: pkg.Package{
|
||||
|
||||
@ -28,6 +28,18 @@ func DefaultClassifiers() []binutils.Classifier {
|
||||
// ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
|
||||
`(?m)ruby (?P<version>[0-9]+\.[0-9]+\.[0-9]+((p|preview|rc|dev)[0-9]*)?) `)
|
||||
|
||||
// all Elastic Beats (filebeat, metricbeat, heartbeat, packetbeat, auditbeat)
|
||||
var elasticBeatsMatcher = binutils.MatchAny(
|
||||
// 9.x: forcestdinsetupTest 9.4.2%s %w (filebeat/metricbeat/auditbeat)
|
||||
// forcestdinsetupTest 9.4.2input (heartbeat/packetbeat)
|
||||
m.FileContentsVersionMatcher(`Test (?P<version>[0-9]+\.[0-9]+\.[0-9]+)[a-z%]`),
|
||||
// 9.x: exportconfigcreateplugin9.4.2-globalclient
|
||||
// 8.18.x: exportconfigcreateplugin8.18.4globalclient
|
||||
m.FileContentsVersionMatcher(`plugin(?:output)?(?P<version>[0-9]+\.[0-9]+\.[0-9]+)[-a-z]`),
|
||||
// 8.11.x: 5m.rate8.11.2-9765625
|
||||
m.FileContentsVersionMatcher(`5m\.rate(?P<version>[0-9]+\.[0-9]+\.[0-9]+)-`),
|
||||
)
|
||||
|
||||
classifiers := []binutils.Classifier{
|
||||
{
|
||||
Class: "python-binary",
|
||||
@ -1110,6 +1122,46 @@ func DefaultClassifiers() []binutils.Classifier {
|
||||
PURL: mustPURL("pkg:generic/nginx-ingress-controller@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "filebeat-binary",
|
||||
FileGlob: "**/filebeat",
|
||||
EvidenceMatcher: elasticBeatsMatcher,
|
||||
Package: "filebeat",
|
||||
PURL: mustPURL("pkg:generic/filebeat@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:elastic:filebeat:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "metricbeat-binary",
|
||||
FileGlob: "**/metricbeat",
|
||||
EvidenceMatcher: elasticBeatsMatcher,
|
||||
Package: "metricbeat",
|
||||
PURL: mustPURL("pkg:generic/metricbeat@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:elastic:metricbeat:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "heartbeat-binary",
|
||||
FileGlob: "**/heartbeat",
|
||||
EvidenceMatcher: elasticBeatsMatcher,
|
||||
Package: "heartbeat",
|
||||
PURL: mustPURL("pkg:generic/heartbeat@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:elastic:heartbeat:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "packetbeat-binary",
|
||||
FileGlob: "**/packetbeat",
|
||||
EvidenceMatcher: elasticBeatsMatcher,
|
||||
Package: "packetbeat",
|
||||
PURL: mustPURL("pkg:generic/packetbeat@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:elastic:packetbeat:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "auditbeat-binary",
|
||||
FileGlob: "**/auditbeat",
|
||||
EvidenceMatcher: elasticBeatsMatcher,
|
||||
Package: "auditbeat",
|
||||
PURL: mustPURL("pkg:generic/auditbeat@version"),
|
||||
CPEs: singleCPE("cpe:2.3:a:elastic:auditbeat:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
|
||||
},
|
||||
{
|
||||
Class: "elastic-agent-binary",
|
||||
FileGlob: "**/elastic-agent",
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
name: auditbeat
|
||||
offset: 106492476
|
||||
length: 100
|
||||
snippetSha256: 7cfca991c6d073690c48c9489a6929009b866e78d266ecb6f6f2b6f04d9f592f
|
||||
fileSha256: 81ac1f3ab45bb7b3211cf26f94660ae73fdd257bb4890bdf8e71ecddb5afce10
|
||||
|
||||
### byte snippet to follow ###
|
||||
rulesforcestdinsetupTest 9.4.2%s %windexeventint16int32int64uint8arraysliceInts:Ptrs:sse41sse42ssse3
|
||||
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/8.11.2/linux-amd64/filebeat
vendored
Normal file
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/8.11.2/linux-amd64/filebeat
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
name: filebeat
|
||||
offset: 99362887
|
||||
length: 100
|
||||
snippetSha256: e81df9ab08f801188a6912a2c3651233049a50474063deba3181be22d50e4c14
|
||||
fileSha256: e29c151f3eae6d2aa6c57ce6810a1ca657fd29cd335d85c83d3b76fddaf0d7ed
|
||||
|
||||
### byte snippet to follow ###
|
||||
.5.4.82.5.4.92006-015m.rate8.11.2-9765625: type ::ffff::method:scheme:status<<nil>><UNSET><array><cl
|
||||
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/8.18.4/linux-amd64/filebeat
vendored
Normal file
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/8.18.4/linux-amd64/filebeat
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
name: filebeat
|
||||
offset: 140231767
|
||||
length: 100
|
||||
snippetSha256: a35df402d58dd12b8b993d52f991fabbe8f842d5f1ed22706ead99b2682d0bbc
|
||||
fileSha256: 4d9fbee3eb1c1610f3692e2e5519e6e84e09a5606a49e169897b849061106a28
|
||||
|
||||
### byte snippet to follow ###
|
||||
leexportconfigcreateplugin8.18.4globalclient%v{%v}aws-s3rdtscppopcntuint16uint32uint64structcmd/gone
|
||||
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/9.4.2/linux-amd64/filebeat
vendored
Normal file
8
syft/pkg/cataloger/binary/testdata/classifiers/snippets/filebeat/9.4.2/linux-amd64/filebeat
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
name: filebeat
|
||||
offset: 156731953
|
||||
length: 100
|
||||
snippetSha256: e41d8a6af2f8614feab3bc1875622c4e1a817198d2db64230af14c82f5655550
|
||||
fileSha256: 52919ee04ec37e4ee86dbe5f6bd216f0d95e9dab037c230a582a921c4a677dcc
|
||||
|
||||
### byte snippet to follow ###
|
||||
*.ymlforcestdinsetupTest 9.4.2%s %w8.0.0sse41sse42ssse3int16int32int64uint8arraysliceInts:Ptrs:value
|
||||
@ -0,0 +1,8 @@
|
||||
name: heartbeat
|
||||
offset: 97948236
|
||||
length: 100
|
||||
snippetSha256: 88c46b68ddc495a24baee84a04b70ad23285725a5d214a216d28904db7bb24ec
|
||||
fileSha256: ecf50b047a5461a736164566a3d19b6fbe9f1f9f4cbfb086f0c168c93e94b108
|
||||
|
||||
### byte snippet to follow ###
|
||||
8.0.0forcestdinsetupTest 9.4.2inputerroraddedblockmutexdebugFetchFOUNDINPUTERRORDEBUGTRACEStoreindex
|
||||
@ -0,0 +1,8 @@
|
||||
name: metricbeat
|
||||
offset: 174021883
|
||||
length: 100
|
||||
snippetSha256: 44802bbc7e534b43aeed3c4f166744836a11560bee4b9bd0282de1827d7c191e
|
||||
fileSha256: 1761a0ec65aa7324bd3fdd69904e943ea4861d20b2f1e3c09f7389f9ba5ed859
|
||||
|
||||
### byte snippet to follow ###
|
||||
COBRAforcestdinsetupTest 9.4.2%s %w*.ymlsse41sse42ssse3int16int32int64uint8arraysliceInts:Ptrs:order
|
||||
@ -0,0 +1,8 @@
|
||||
name: packetbeat
|
||||
offset: 101048442
|
||||
length: 100
|
||||
snippetSha256: ebdfd10ab740f479a0aa2260349109b114607873f49ff27f11edcc1b71ae5476
|
||||
fileSha256: 06d820e76dcbc4fe34a33bee19e1f68021ba34de1098875691bc44247814f992
|
||||
|
||||
### byte snippet to follow ###
|
||||
COBRAforcestdinsetupTest 9.4.2input%s %w8.0.0agentindexeventerroraddedblockmutexdebugFetchFOUNDINPUT
|
||||
58
syft/pkg/cataloger/binary/testdata/config.yaml
vendored
58
syft/pkg/cataloger/binary/testdata/config.yaml
vendored
@ -1650,6 +1650,62 @@ from-images:
|
||||
- /usr/local/julia/lib/libjulia.so.1.3
|
||||
|
||||
|
||||
- name: filebeat
|
||||
version: 9.4.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/filebeat:9.4.2@sha256:f2b3bb6a6a02ebfc5f2f91cf8d560522acc4965bdb941f3f1608964cb8544829
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/filebeat/filebeat
|
||||
|
||||
- name: filebeat
|
||||
version: 8.18.4
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/filebeat:8.18.4@sha256:307efa7d01df0f823c585a9dc3b1f8e70372eab94f7f307a4d974d32ab6f4959
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/filebeat/filebeat
|
||||
|
||||
- name: filebeat
|
||||
version: 8.11.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/filebeat:8.11.2@sha256:4c22cdb4b260de6f2b3f2f1cc6a4f6635280c21ab3b3753f9599855b2f360c5d
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/filebeat/filebeat
|
||||
|
||||
- name: metricbeat
|
||||
version: 9.4.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/metricbeat:9.4.2@sha256:a14bbcef77a505b3236c5aba972ed4066902c81e52be01257a086d02677386c2
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/metricbeat/metricbeat
|
||||
|
||||
- name: heartbeat
|
||||
version: 9.4.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/heartbeat:9.4.2@sha256:a1e0446251f8f5f19860453510e9da65ccd3c2e1e6701830fce91b157063908f
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/heartbeat/heartbeat
|
||||
|
||||
- name: packetbeat
|
||||
version: 9.4.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/packetbeat:9.4.2@sha256:306950c4e4e38c2b84e8a091ad0d82b744fe10a21f36a3d694eb3767be599f81
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/packetbeat/packetbeat
|
||||
|
||||
- name: auditbeat
|
||||
version: 9.4.2
|
||||
images:
|
||||
- ref: docker.elastic.co/beats/auditbeat:9.4.2@sha256:1d8006227b171e62413ee40367ab77a89d73d95692ad0345f34d4a7f49bd7281
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/auditbeat/auditbeat
|
||||
|
||||
- name: elastic-agent
|
||||
version: 9.4.2
|
||||
images:
|
||||
@ -1680,4 +1736,4 @@ from-images:
|
||||
- ref: docker.elastic.co/elastic-agent/elastic-agent:8.11.2@sha256:1177eb349365132409df73e4a7fa97c32242db2b2c8704b9843d726837638001
|
||||
platform: linux/amd64
|
||||
paths:
|
||||
- /usr/share/elastic-agent/data/elastic-agent-1c21b0/elastic-agent
|
||||
- /usr/share/elastic-agent/data/elastic-agent-1c21b0/elastic-agent
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user