From 6509b7079ee2ce7f2efc31ba35426c6d4ffb25b5 Mon Sep 17 00:00:00 2001
From: witchcraze <67056980+witchcraze@users.noreply.github.com>
Date: Thu, 8 Jan 2026 00:36:39 +0900
Subject: [PATCH] add istio classifier (#4521)

Signed-off-by: witchcraze <witchcraze@gmail.com>
---
 syft/pkg/cataloger/binary/capabilities.yaml   |  20 +++++
 .../binary/classifier_cataloger_test.go       |  77 ++++++++++++++++++
 syft/pkg/cataloger/binary/classifiers.go      |  31 +++++++
 .../1.1.17/linux-amd64/pilot-agent            | Bin 0 -> 356 bytes
 .../1.26.8/linux-amd64/pilot-agent            | Bin 0 -> 356 bytes
 .../1.8.0/linux-amd64/pilot-agent             | Bin 0 -> 356 bytes
 .../1.1.17/linux-amd64/pilot-discovery        | Bin 0 -> 360 bytes
 .../1.26.8/linux-amd64/pilot-discovery        | Bin 0 -> 360 bytes
 .../1.3.8/linux-amd64/pilot-discovery         | Bin 0 -> 360 bytes
 .../1.8.0/linux-amd64/pilot-discovery         | Bin 0 -> 360 bytes
 .../binary/test-fixtures/config.yaml          |  55 +++++++++++++
 11 files changed, 183 insertions(+)
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.1.17/linux-amd64/pilot-agent
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.26.8/linux-amd64/pilot-agent
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.8.0/linux-amd64/pilot-agent
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.1.17/linux-amd64/pilot-discovery
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.26.8/linux-amd64/pilot-discovery
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.3.8/linux-amd64/pilot-discovery
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.8.0/linux-amd64/pilot-discovery

diff --git a/syft/pkg/cataloger/binary/capabilities.yaml b/syft/pkg/cataloger/binary/capabilities.yaml
index e4c7d6534..0adf563ea 100644
--- a/syft/pkg/cataloger/binary/capabilities.yaml
+++ b/syft/pkg/cataloger/binary/capabilities.yaml
@@ -603,6 +603,26 @@ catalogers:
             cpes:
               - cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:*
             type: BinaryPkg
+      - method: glob
+        criteria:
+          - '**/pilot-discovery'
+        packages:
+          - class: istio-binary
+            name: pilot-discovery
+            purl: pkg:generic/istio
+            cpes:
+              - cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
+            type: BinaryPkg
+      - method: glob
+        criteria:
+          - '**/pilot-agent'
+        packages:
+          - class: istio-binary
+            name: pilot-agent
+            purl: pkg:generic/istio
+            cpes:
+              - cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
+            type: BinaryPkg
       - method: glob
         criteria:
           - '**/grafana'
diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
index 4d21c5b9c..80e962502 100644
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -1441,6 +1441,83 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				},
 			},
 		},
+		{
+			logicalFixture: "istio_pilot-discovery/1.26.8/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-discovery",
+				Version:   "1.26.8",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.26.8",
+				Locations: locations("pilot-discovery"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-discovery/1.8.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-discovery",
+				Version:   "1.8.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.8.0",
+				Locations: locations("pilot-discovery"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-discovery/1.3.8/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-discovery",
+				Version:   "1.3.8",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.3.8",
+				Locations: locations("pilot-discovery"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-discovery/1.1.17/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-discovery",
+				Version:   "1.1.17",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.1.17",
+				Locations: locations("pilot-discovery"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-agent/1.26.8/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-agent",
+				Version:   "1.26.8",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.26.8",
+				Locations: locations("pilot-agent"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-agent/1.8.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-agent",
+				Version:   "1.8.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.8.0",
+				Locations: locations("pilot-agent"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
+		{
+			logicalFixture: "istio_pilot-agent/1.1.17/linux-amd64",
+			expected: pkg.Package{
+				Name:      "pilot-agent",
+				Version:   "1.1.17",
+				Type:      "binary",
+				PURL:      "pkg:generic/istio@1.1.17",
+				Locations: locations("pilot-agent"),
+				Metadata:  metadata("istio-binary"),
+			},
+		},
 		{
 			logicalFixture: "grafana/12.3.1/linux-amd64",
 			expected: pkg.Package{
diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go
index 025f546f1..8420faf64 100644
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@@ -697,6 +697,37 @@ func DefaultClassifiers() []binutils.Classifier {
 			PURL:    mustPURL("pkg:generic/elixir@version"),
 			CPEs:    singleCPE("cpe:2.3:a:elixir-lang:elixir:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 		},
+		{
+			Class:    "istio-binary",
+			FileGlob: "**/pilot-discovery",
+			EvidenceMatcher: binutils.MatchAny(
+				// [NUL]1.26.8[NUL][NUL]1.26.8[NUL]
+				// [NUL]1.3.7[NUL][NUL][NUL]1.3.8[NUL]
+				m.FileContentsVersionMatcher(`[0-9]+\.[0-9]+\.[0-9]+\x00+(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+`),
+				// Clean[NUL][NUL][NUL]1.8.0[NUL]
+				m.FileContentsVersionMatcher(`Clean\x00+(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+`),
+				// 1.1.17[NUL]...S=v<y5
+				m.FileContentsVersionMatcher(`(?s)(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+.{1,100}S?=v<y5`),
+			),
+			Package: "pilot-discovery",
+			PURL:    mustPURL("pkg:generic/istio@version"),
+			CPEs:    singleCPE("cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:    "istio-binary",
+			FileGlob: "**/pilot-agent",
+			EvidenceMatcher: binutils.MatchAny(
+				// [NUL]1.26.8[NUL][NUL]1.26.8[NUL]
+				m.FileContentsVersionMatcher(`[0-9]+\.[0-9]+\.[0-9]+\x00+(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+`),
+				// Clean[NUL][NUL][NUL]1.8.0[NUL]
+				m.FileContentsVersionMatcher(`Clean\x00+(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+`),
+				// 1.1.17[NUL]...S=v<y5
+				m.FileContentsVersionMatcher(`(?s)(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00+.{1,100}S?=v<y5`),
+			),
+			Package: "pilot-agent",
+			PURL:    mustPURL("pkg:generic/istio@version"),
+			CPEs:    singleCPE("cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
 		{
 			Class:    "grafana-binary",
 			FileGlob: "**/grafana",
diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.1.17/linux-amd64/pilot-agent b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.1.17/linux-amd64/pilot-agent
new file mode 100644
index 0000000000000000000000000000000000000000..2eec48b05778b8eaa4412b575b49705790b4cc42
GIT binary patch
literal 356
zcmXwzy-EW?5XV<h30DbPiN!+d$nD4N-iCY>DXat`Pq1@4n?%mLKn^w9+WHP@Z6uAa
z-~;#of)*BjAlleixR7K9W`6(wABHLHDK_bNl$TY*4zQ@A()$TkP0F;^EH*02u^3dt
zVDLDa6r=GNtNzgPL^Y|&Kq<==xL7!65{BA>v<NA(V9OXB_fl#pG^Cku+(BlPu)wX*
z+C$_=Ij)X5?F<SdwB+0{i<wP$${<D#BJ*f{kWxFv0+|F7ggCX_0MCR`Daa_Q*XtCf
z71HIKv?{4D^SnH#A&S;_2-&D@*0ySd^m4QXA%q=-)&WATE!J{wuT*ORv)1d!#m~u8
uzkSx4CST^Qz3}Iqo6q~%@58*)=<UD1sJ-sr?f2sm9CxpF?+%|Yue<-a0%Pj{

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.26.8/linux-amd64/pilot-agent b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.26.8/linux-amd64/pilot-agent
new file mode 100644
index 0000000000000000000000000000000000000000..707cfc4d75fc141608207275e8f3a7418aa173c9
GIT binary patch
literal 356
zcmYMuu}%Xq3<lt`W<vrN1|r&lh3euvJGs6FFM#7XZPE3vQX>Hm$vY9DRCxL1-;(W_
zPr9?`<Fu4l-s@b<lJiB&&N_mA^g}R{&iitx0d(dvAJ1nkZwCgXokfJG)NvRkq!c_w
zR?kccCHtt56gwEaCuHh50SSwY{eTf&_8pphob<Ykr0-(A8WO<R>o|zdS%@MAOyCeZ
z5%5e(X>dtK@JUjA(s4i+$r-a=uWkG;YTKK(EH*FGw0zn+GGD9Jicg7#s@no>!@nE;
fk(-)d>;2>LuYGC3Q}dx|oA=Gz=3R5se6IciRq#wl

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.8.0/linux-amd64/pilot-agent b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-agent/1.8.0/linux-amd64/pilot-agent
new file mode 100644
index 0000000000000000000000000000000000000000..259d41df0297f210acc5c7b1091eee3784b435a9
GIT binary patch
literal 356
zcmYL@J4ysW5QfJ{=*YkWGz^%z^!qVR<_W~qq^7%icVKpAU>n3tZ?I;DMxMqiiMDKu
z1;t+<KYY{-d+g{sPD{RqEzX%NDIG9(R5~ZT;et#!Z}YCBTrhH&$92VgzXPF7M|BFq
z+6YPuF0CCBGa8}@iVqr;g(N|6Z9S714RcX&8@Mqka;uC0LDD$kpA5YBOsU`$N>DBp
zqp`kt+@K)gz&t|+I-v3~1`}K?T_|FdQEC?nY1@_#PZ?=_ljen{Wtx^pS}JnZG|kud
xX>TWlxiH_j4J-NE{m(@`Y0c-F$D4Zer(FB<hf8_&@lyF%`L*(UzutYm{Q$#TRfqrp

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.1.17/linux-amd64/pilot-discovery b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.1.17/linux-amd64/pilot-discovery
new file mode 100644
index 0000000000000000000000000000000000000000..96ea30bc1cbc3056f588afd34be3140c55f5651f
GIT binary patch
literal 360
zcmXwzy-EW?6oohb5ynPICl&(%yM&p!GqXEOehO<r$P>)W&X|=o8_W{TLs;6UO_#=3
z@Bu6=Ei6R*LA0^4a5c$2aL+v)__zao=3+cdv%F{|>B#0|cRoS6_aj%tm?=g$aE>xJ
zI4Sxuri`G`ARP`}(d%m_WQ;9S+<;|PXbwbMh!lX*MkxlKM_fBWAxbz{Ae<P<oQ<>%
zZO9UBoCoC7%&lP50#(E%%z%lUA|&z#2rB{HGNG8!G74#^9Fg2|K|Phm2x^I!B~v(r
z>h(G{lfvQUo4Cla&$BGQz-5KjYC*7GtJMB{qq<q$ss;gVmI{OasVr={cUGyjIHs+q
zx67~7hhBT!nurhe(!Rbwc;0UAb{74-bM<~R{l1-d8i)I@k8-d3GyA+dGRNIt?+ani

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.26.8/linux-amd64/pilot-discovery b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.26.8/linux-amd64/pilot-discovery
new file mode 100644
index 0000000000000000000000000000000000000000..83046f9b87bc58e111d65278f9757b1c16ed5a1f
GIT binary patch
literal 360
zcmYMuOHRZv3<lt`%?=6J646<(VU(wn^ctMNd6=oxX(}cH=8)WpA_d{iXZ@CbdBt;?
z_%<)Kz2y0l>PLCMvPyI*ZQ`K3bw(Msl=ZEhCN7m=mv!E@(q2!fEKEFlupwowoX7-L
zB_e4O2BU!#VU8wfFwqwjn51_|2E9>05TYr2AI(eoD?<^zPNEcnGHBA#xl9t|-VDz9
z63FX_R#?<AB!xO87l4e6CP^U`W8*mTcx{FEH+id^>ax^NzMt6FFbsIkV0PtE!O{P_
dN5cWX)6MVF=ehgXedzM;efPF|*FAKfx<90_O;-Q_

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.3.8/linux-amd64/pilot-discovery b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.3.8/linux-amd64/pilot-discovery
new file mode 100644
index 0000000000000000000000000000000000000000..ac0d639de58635118ee06c59ae86b5c7149d1bfd
GIT binary patch
literal 360
zcmYLDy-EW?7(7KKtc{|TSS$qW688V+xFm&zl_2B^_V#wo$(al0hz6g*(mt(?r12Ge
z01HbC3lV=1ZEP%Dh{1u68JJ<d>6>F0!$Dq@RU^xXwj8;WF(|zsx+;d05UnIapm6=e
zsux2{5E%CJ!N67Bo*`VsP&!4CrAiPZh|f5Y8KzzlM2#YvrNTLHut}v&g``d*MwH@G
zS<bmOP6D47ZeFHEhLsT(hsR817&B)X^NcENG?Lh0nQ=ylXBr7^b!b*$fcI%gVc`L&
z*XuAHR}TKogjETBSrp|d3>H}2h@z$1a&4s+MYu_uGMcdpyb$gmYjc^*#3XroJNr6%
z=(a}5n1AS(*5&=q^J;UwJ@cpSi}#z!_wBUZ*xi186kDC2tIxar^q_OTdA;`w`3Pe(

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.8.0/linux-amd64/pilot-discovery b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/istio_pilot-discovery/1.8.0/linux-amd64/pilot-discovery
new file mode 100644
index 0000000000000000000000000000000000000000..f953ff187fc06b0d38de6f4c4972280d3b8cb04a
GIT binary patch
literal 360
zcmYL@Jx;_h5QRg9<cfj=Sc*i)%HyB09nx_EL`yS?Z8lO!A`*eNgBvUzB^9UPN(h41
zD@Gc9@9AlN26~7UpSpfrE<-oB<5PUxu`#7NE*00-Au1<WABX#8TXB$r%|ka$ak<@+
zG+1$yT4`+{Z6qjbn<UUskgbNskhYW*Nifz66$1(vB-j=ZQvj<`l4Pmt<8hf62`~~R
ziVh)pFCif622|@wK+syd^{j^`C?XvVVlb}Jz71-fwTzWz$(!90d47{GBTr-BkI#IK
z*hx_o-#>@G?jsGWhmG5am4DfPon^^0Uo!VsS=0wk_37QYy7+v}exLnY_8;|h^Y#7<
D>wH$U

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
index 1c0d79f98..6085c555f 100644
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@@ -853,6 +853,61 @@ from-images:
     paths:
       - /usr/local/lib/python3.11/site-packages/opencv_contrib_python.libs/libavcodec-9aae324f.so.59.37.100
 
+  - name: istio_pilot-discovery
+    version: 1.26.8
+    images:
+      - ref: istio/pilot:1.26.8@sha256:977d7941743cde8eb4868a00d8493ea3c18bb92622d5e6d9003c5d4f95780e69
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-discovery
+
+  - name: istio_pilot-discovery
+    version: 1.8.0
+    images:
+      - ref: istio/pilot:1.8.0@sha256:2a11b6eab182a62ba44686c6cee35a6fceae782c4aa5532f4ade023c8c177bd0
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-discovery
+
+  - name: istio_pilot-discovery
+    version: 1.3.8
+    images:
+      - ref: istio/pilot:1.3.8@sha256:e86394d237e1626f117cadea3588c5182d63b6a8712f9763ee419d4c72e7669b
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-discovery
+
+  - name: istio_pilot-discovery
+    version: 1.1.17
+    images:
+      - ref: istio/pilot:1.1.17@sha256:79a39ea04dbf7f9e36be80439d44f82968073eea307a58a6b073b551063ec629
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-discovery
+
+  - name: istio_pilot-agent
+    version: 1.26.8
+    images:
+      - ref: istio/proxyv2:1.26.8@sha256:a5ef82f7954bb4137244b7dbc1b4bd30382673c9425d74933da6f2de2c3a345b
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-agent
+
+  - name: istio_pilot-agent
+    version: 1.8.0
+    images:
+      - ref: istio/proxyv2:1.8.0@sha256:8721ddb5acf86dbe9d4c68993947c27d4b98a6d23ecde80246c74bf8bebd163f
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-agent
+
+  - name: istio_pilot-agent
+    version: 1.1.17
+    images:
+      - ref: istio/proxyv2:1.1.17@sha256:f97470c9b3124c19069ce9b773198da0efddbeea85dd33f88e2fb4f3b0c55e31
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/pilot-agent
   - name: grafana
     version: 12.3.1
     images: