From 58e4dbbf016bc4e03b08ed55da369186fa336c26 Mon Sep 17 00:00:00 2001 From: Rez Moss Date: Wed, 17 Jun 2026 11:29:07 -0400 Subject: [PATCH] feat: added bin classifier elastic-agent (#4968) Signed-off-by: Rez Moss --- syft/pkg/cataloger/binary/capabilities.yaml | 10 +++++ .../binary/classifier_cataloger_test.go | 44 +++++++++++++++++++ syft/pkg/cataloger/binary/classifiers.go | 15 +++++++ .../8.11.2/linux-amd64/elastic-agent | 9 ++++ .../8.19.4/linux-amd64/elastic-agent | 8 ++++ .../9.0.0/linux-amd64/elastic-agent | 8 ++++ .../9.4.2/linux-amd64/elastic-agent | 8 ++++ .../pkg/cataloger/binary/testdata/config.yaml | 32 ++++++++++++++ 8 files changed, 134 insertions(+) create mode 100644 syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.11.2/linux-amd64/elastic-agent create mode 100644 syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.19.4/linux-amd64/elastic-agent create mode 100644 syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.0.0/linux-amd64/elastic-agent create mode 100644 syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.4.2/linux-amd64/elastic-agent diff --git a/syft/pkg/cataloger/binary/capabilities.yaml b/syft/pkg/cataloger/binary/capabilities.yaml index d3b959da4..bf7e11d04 100644 --- a/syft/pkg/cataloger/binary/capabilities.yaml +++ b/syft/pkg/cataloger/binary/capabilities.yaml @@ -786,6 +786,16 @@ catalogers: cpes: - cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:* type: BinaryPkg + - method: glob + criteria: + - '**/elastic-agent' + packages: + - class: elastic-agent-binary + name: elastic-agent + purl: pkg:generic/elastic-agent + cpes: + - cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:* + type: BinaryPkg - method: glob criteria: - '**/java' diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index f8a4beabc..f58963db8 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -2557,6 +2557,50 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("ingress-nginx-binary"), }, }, + { + logicalFixture: "elastic-agent/9.4.2/linux-amd64", + expected: pkg.Package{ + Name: "elastic-agent", + Version: "9.4.2", + Type: "binary", + PURL: "pkg:generic/elastic-agent@9.4.2", + Locations: locations("elastic-agent"), + Metadata: metadata("elastic-agent-binary"), + }, + }, + { + logicalFixture: "elastic-agent/9.0.0/linux-amd64", + expected: pkg.Package{ + Name: "elastic-agent", + Version: "9.0.0", + Type: "binary", + PURL: "pkg:generic/elastic-agent@9.0.0", + Locations: locations("elastic-agent"), + Metadata: metadata("elastic-agent-binary"), + }, + }, + { + logicalFixture: "elastic-agent/8.19.4/linux-amd64", + expected: pkg.Package{ + Name: "elastic-agent", + Version: "8.19.4", + Type: "binary", + PURL: "pkg:generic/elastic-agent@8.19.4", + Locations: locations("elastic-agent"), + Metadata: metadata("elastic-agent-binary"), + }, + }, + { + logicalFixture: "elastic-agent/8.11.2/linux-amd64", + expected: pkg.Package{ + Name: "elastic-agent", + Version: "8.11.2", + Type: "binary", + PURL: "pkg:generic/elastic-agent@8.11.2", + Locations: locations("elastic-agent"), + Metadata: metadata("elastic-agent-binary"), + }, + }, { logicalFixture: "julia/1.13.0-alpha2/linux-amd64", expected: pkg.Package{ diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index 24280a53c..9b7680a4d 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -1110,6 +1110,21 @@ func DefaultClassifiers() []binutils.Classifier { PURL: mustPURL("pkg:generic/nginx-ingress-controller@version"), CPEs: singleCPE("cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), }, + { + Class: "elastic-agent-binary", + FileGlob: "**/elastic-agent", + EvidenceMatcher: binutils.MatchAny( + // 9.4.x: config/statsenroll: true9.4.2-headeruint16secret + // 9.0.x: configenroll9.0.0-headeruint16secret + // 8.19.x: config/statsenroll8.19.4headeruint16secret + m.FileContentsVersionMatcher(`enroll(?:: true)?(?P[0-9]+\.[0-9]+\.[0-9]+)-?header`), + // 8.11.x: 3:04PM8.11.2:https + m.FileContentsVersionMatcher(`PM(?P[0-9]+\.[0-9]+\.[0-9]+):https`), + ), + Package: "elastic-agent", + PURL: mustPURL("pkg:generic/elastic-agent@version"), + CPEs: singleCPE("cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, } return append(classifiers, defaultJavaClassifiers()...) diff --git a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.11.2/linux-amd64/elastic-agent b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.11.2/linux-amd64/elastic-agent new file mode 100644 index 000000000..e8a95f893 --- /dev/null +++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.11.2/linux-amd64/elastic-agent @@ -0,0 +1,9 @@ +name: elastic-agent +offset: 29510673 +length: 100 +snippetSha256: abd2e0c395a14431231a89bc9fb4d8cbab5843e3b92b44b4b9c2c942bfedb386 +fileSha256: ff6758786d60089bda6113e302257ae227ab3f15924a3b3856a6a40a7ac5ca88 + +### byte snippet to follow ### +15.01.58.33906253:04PM8.11.2:https<-chan. +AElig;ALLOCSAacuteAcceptAcirc;AgraveAlpha;Amacr; \ No newline at end of file diff --git a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.19.4/linux-amd64/elastic-agent b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.19.4/linux-amd64/elastic-agent new file mode 100644 index 000000000..d70f72b93 --- /dev/null +++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/8.19.4/linux-amd64/elastic-agent @@ -0,0 +1,8 @@ +name: elastic-agent +offset: 345016607 +length: 100 +snippetSha256: f66476e828071ae2211f9b279d18a4b23c247bd52cb2bc86cfbe611ec48c88e4 +fileSha256: c7d7bcf1e43ede7b8c5e55537b382ec02b4d8d1493eedb072bfd5f180442ee43 + +### byte snippet to follow ### +atspliceconfig/statsenroll8.19.4headeruint16secret%s: %sinputseventsfollownumbersourcereexecstatusou \ No newline at end of file diff --git a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.0.0/linux-amd64/elastic-agent b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.0.0/linux-amd64/elastic-agent new file mode 100644 index 000000000..17dca5fa5 --- /dev/null +++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.0.0/linux-amd64/elastic-agent @@ -0,0 +1,8 @@ +name: elastic-agent +offset: 248594563 +length: 100 +snippetSha256: f1a35077f386583fec63cfbffe42c8eb1a1b59056e5e3a1b15c50afcce0e4d38 +fileSha256: e87819df6fc5a387b42436bd304f4c7d778c1d66c8dbbf4f0aa801e8aa89b596 + +### byte snippet to follow ### +idopenatspliceconfigenroll9.0.0-headeruint16secret%s: %sinputseventsfollownumbersourcereexecstatusou \ No newline at end of file diff --git a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.4.2/linux-amd64/elastic-agent b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.4.2/linux-amd64/elastic-agent new file mode 100644 index 000000000..0d2f4081d --- /dev/null +++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/elastic-agent/9.4.2/linux-amd64/elastic-agent @@ -0,0 +1,8 @@ +name: elastic-agent +offset: 66470886 +length: 100 +snippetSha256: 7cbc4bee88dbcb215e1335dacc614041aa63bca2c5cc4ce05c795f421ce9b143 +fileSha256: 71b8b1552629c1c845516580054eb4d8a1eb1afc1f6fefbcee1922c932fac6a6 + +### byte snippet to follow ### +idspliceconfig/statsenroll: true9.4.2-headeruint16secret%s: %seventsfollownumberreexecstatusoutputso \ No newline at end of file diff --git a/syft/pkg/cataloger/binary/testdata/config.yaml b/syft/pkg/cataloger/binary/testdata/config.yaml index e1603524b..e27e22e37 100644 --- a/syft/pkg/cataloger/binary/testdata/config.yaml +++ b/syft/pkg/cataloger/binary/testdata/config.yaml @@ -1649,3 +1649,35 @@ from-images: - /usr/local/julia/lib/libjulia.so.1 - /usr/local/julia/lib/libjulia.so.1.3 + + - name: elastic-agent + version: 9.4.2 + images: + - ref: docker.elastic.co/elastic-agent/elastic-agent:9.4.2@sha256:8187c0e2eb4db1a9780838789462bd3ecbeca36fccb89f872258a4f0d3d25ea1 + platform: linux/amd64 + paths: + - /usr/share/elastic-agent/data/elastic-agent-dd9ee6/elastic-agent + + - name: elastic-agent + version: 9.0.0 + images: + - ref: docker.elastic.co/elastic-agent/elastic-agent:9.0.0@sha256:badb97acaf487273298e7f25d21177442d632f63cb9bab6f4defe341612bca07 + platform: linux/amd64 + paths: + - /usr/share/elastic-agent/data/elastic-agent-9786ac/elastic-agent + + - name: elastic-agent + version: 8.19.4 + images: + - ref: docker.elastic.co/elastic-agent/elastic-agent:8.19.4@sha256:b54f796e43941da8665b83d3f31973fc66ef7fc33b43edc4593671325841d8fb + platform: linux/amd64 + paths: + - /usr/share/elastic-agent/data/elastic-agent-8fbe2b/elastic-agent + + - name: elastic-agent + version: 8.11.2 + images: + - ref: docker.elastic.co/elastic-agent/elastic-agent:8.11.2@sha256:1177eb349365132409df73e4a7fa97c32242db2b2c8704b9843d726837638001 + platform: linux/amd64 + paths: + - /usr/share/elastic-agent/data/elastic-agent-1c21b0/elastic-agent \ No newline at end of file