feat: added bin classifier elastic-agent (#4968)

Signed-off-by: Rez Moss <hi@rezmoss.com>
This commit is contained in:
Rez Moss 2026-06-17 11:29:07 -04:00 committed by GitHub
parent b70fa899cb
commit 58e4dbbf01
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 134 additions and 0 deletions

View File

@ -786,6 +786,16 @@ catalogers:
cpes:
- cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/elastic-agent'
packages:
- class: elastic-agent-binary
name: elastic-agent
purl: pkg:generic/elastic-agent
cpes:
- cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*
type: BinaryPkg
- method: glob
criteria:
- '**/java'

View File

@ -2557,6 +2557,50 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
Metadata: metadata("ingress-nginx-binary"),
},
},
{
logicalFixture: "elastic-agent/9.4.2/linux-amd64",
expected: pkg.Package{
Name: "elastic-agent",
Version: "9.4.2",
Type: "binary",
PURL: "pkg:generic/elastic-agent@9.4.2",
Locations: locations("elastic-agent"),
Metadata: metadata("elastic-agent-binary"),
},
},
{
logicalFixture: "elastic-agent/9.0.0/linux-amd64",
expected: pkg.Package{
Name: "elastic-agent",
Version: "9.0.0",
Type: "binary",
PURL: "pkg:generic/elastic-agent@9.0.0",
Locations: locations("elastic-agent"),
Metadata: metadata("elastic-agent-binary"),
},
},
{
logicalFixture: "elastic-agent/8.19.4/linux-amd64",
expected: pkg.Package{
Name: "elastic-agent",
Version: "8.19.4",
Type: "binary",
PURL: "pkg:generic/elastic-agent@8.19.4",
Locations: locations("elastic-agent"),
Metadata: metadata("elastic-agent-binary"),
},
},
{
logicalFixture: "elastic-agent/8.11.2/linux-amd64",
expected: pkg.Package{
Name: "elastic-agent",
Version: "8.11.2",
Type: "binary",
PURL: "pkg:generic/elastic-agent@8.11.2",
Locations: locations("elastic-agent"),
Metadata: metadata("elastic-agent-binary"),
},
},
{
logicalFixture: "julia/1.13.0-alpha2/linux-amd64",
expected: pkg.Package{

View File

@ -1110,6 +1110,21 @@ func DefaultClassifiers() []binutils.Classifier {
PURL: mustPURL("pkg:generic/nginx-ingress-controller@version"),
CPEs: singleCPE("cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
{
Class: "elastic-agent-binary",
FileGlob: "**/elastic-agent",
EvidenceMatcher: binutils.MatchAny(
// 9.4.x: config/statsenroll: true9.4.2-headeruint16secret
// 9.0.x: configenroll9.0.0-headeruint16secret
// 8.19.x: config/statsenroll8.19.4headeruint16secret
m.FileContentsVersionMatcher(`enroll(?:: true)?(?P<version>[0-9]+\.[0-9]+\.[0-9]+)-?header`),
// 8.11.x: 3:04PM8.11.2:https
m.FileContentsVersionMatcher(`PM(?P<version>[0-9]+\.[0-9]+\.[0-9]+):https`),
),
Package: "elastic-agent",
PURL: mustPURL("pkg:generic/elastic-agent@version"),
CPEs: singleCPE("cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
},
}
return append(classifiers, defaultJavaClassifiers()...)

View File

@ -0,0 +1,9 @@
name: elastic-agent
offset: 29510673
length: 100
snippetSha256: abd2e0c395a14431231a89bc9fb4d8cbab5843e3b92b44b4b9c2c942bfedb386
fileSha256: ff6758786d60089bda6113e302257ae227ab3f15924a3b3856a6a40a7ac5ca88
### byte snippet to follow ###
15.01.58.33906253:04PM8.11.2:https<-chan</a>.
<node>AElig;ALLOCSAacuteAcceptAcirc;AgraveAlpha;Amacr;

View File

@ -0,0 +1,8 @@
name: elastic-agent
offset: 345016607
length: 100
snippetSha256: f66476e828071ae2211f9b279d18a4b23c247bd52cb2bc86cfbe611ec48c88e4
fileSha256: c7d7bcf1e43ede7b8c5e55537b382ec02b4d8d1493eedb072bfd5f180442ee43
### byte snippet to follow ###
atspliceconfig/statsenroll8.19.4headeruint16secret%s: %sinputseventsfollownumbersourcereexecstatusou

View File

@ -0,0 +1,8 @@
name: elastic-agent
offset: 248594563
length: 100
snippetSha256: f1a35077f386583fec63cfbffe42c8eb1a1b59056e5e3a1b15c50afcce0e4d38
fileSha256: e87819df6fc5a387b42436bd304f4c7d778c1d66c8dbbf4f0aa801e8aa89b596
### byte snippet to follow ###
idopenatspliceconfigenroll9.0.0-headeruint16secret%s: %sinputseventsfollownumbersourcereexecstatusou

View File

@ -0,0 +1,8 @@
name: elastic-agent
offset: 66470886
length: 100
snippetSha256: 7cbc4bee88dbcb215e1335dacc614041aa63bca2c5cc4ce05c795f421ce9b143
fileSha256: 71b8b1552629c1c845516580054eb4d8a1eb1afc1f6fefbcee1922c932fac6a6
### byte snippet to follow ###
idspliceconfig/statsenroll: true9.4.2-headeruint16secret%s: %seventsfollownumberreexecstatusoutputso

View File

@ -1649,3 +1649,35 @@ from-images:
- /usr/local/julia/lib/libjulia.so.1
- /usr/local/julia/lib/libjulia.so.1.3
- name: elastic-agent
version: 9.4.2
images:
- ref: docker.elastic.co/elastic-agent/elastic-agent:9.4.2@sha256:8187c0e2eb4db1a9780838789462bd3ecbeca36fccb89f872258a4f0d3d25ea1
platform: linux/amd64
paths:
- /usr/share/elastic-agent/data/elastic-agent-dd9ee6/elastic-agent
- name: elastic-agent
version: 9.0.0
images:
- ref: docker.elastic.co/elastic-agent/elastic-agent:9.0.0@sha256:badb97acaf487273298e7f25d21177442d632f63cb9bab6f4defe341612bca07
platform: linux/amd64
paths:
- /usr/share/elastic-agent/data/elastic-agent-9786ac/elastic-agent
- name: elastic-agent
version: 8.19.4
images:
- ref: docker.elastic.co/elastic-agent/elastic-agent:8.19.4@sha256:b54f796e43941da8665b83d3f31973fc66ef7fc33b43edc4593671325841d8fb
platform: linux/amd64
paths:
- /usr/share/elastic-agent/data/elastic-agent-8fbe2b/elastic-agent
- name: elastic-agent
version: 8.11.2
images:
- ref: docker.elastic.co/elastic-agent/elastic-agent:8.11.2@sha256:1177eb349365132409df73e4a7fa97c32242db2b2c8704b9843d726837638001
platform: linux/amd64
paths:
- /usr/share/elastic-agent/data/elastic-agent-1c21b0/elastic-agent