add envoy binary classifier (#4530)

* add envoy classifier Signed-off-by: witchcraze <witchcraze@gmail.com> * add envoy classifier Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-02-12 02:26:42 +01:00 · 2026-01-06 22:45:01 +09:00 · 2026-01-06 22:45:01 +09:00 · 81dd955871
commit 81dd955871
parent 48948ddb8f
13 changed files with 198 additions and 0 deletions
--- a/syft/pkg/cataloger/binary/capabilities.yaml
+++ b/syft/pkg/cataloger/binary/capabilities.yaml
@ -623,6 +623,16 @@ catalogers:
            cpes:
              - cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
            type: BinaryPkg
+      - method: glob
+        criteria:
+          - '**/envoy'
+        packages:
+          - class: envoy-binary
+            name: envoy
+            purl: pkg:generic/envoy
+            cpes:
+              - cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
+            type: BinaryPkg
      - method: glob
        criteria:
          - '**/java'
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@ -1529,6 +1529,105 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("grafana-binary"),
 			},
 		},
+		{
+			logicalFixture: "envoy/1.36.4/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.36.4",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.36.4",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.34.5/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.34.5",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.34.5",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.28.7/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.28.7",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.28.7",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.22.11/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.22.11",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.22.11",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.20.7/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.20.7",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.20.7",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.18.6/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.18.6-dev",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.18.6-dev",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.14.3/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.14.3",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.14.3",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.11.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.11.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.11.0",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
+		{
+			logicalFixture: "envoy/1.6.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "envoy",
+				Version:   "1.6.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/envoy@1.6.0",
+				Locations: locations("envoy"),
+				Metadata:  metadata("envoy-binary"),
+			},
+		},
 	}

 	for _, test := range tests {
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@ -727,6 +727,32 @@ func DefaultClassifiers() []binutils.Classifier {
 			PURL:    mustPURL("pkg:generic/grafana@version"),
 			CPEs:    singleCPE("cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 		},
+		{
+			Class:    "envoy-binary",
+			FileGlob: "**/envoy",
+			EvidenceMatcher: binutils.MatchAny(
+				// 1.3x [NUL]1.36.4[NUL]...envoy_reloadable_features
+				// 1.34.5 [NUL]1.34.5[NUL]...envoy.reloadable_features
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.3[0-9]\.[0-9]+(-dev)?)\x00.{0,1000}envoy_reloadable_features`),
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.34\.5)\x00.{0,200}envoy\.reloadable_features`),
+				// 1.2x envoy_quic_...[NUL]1.28.7[NUL]
+				m.FileContentsVersionMatcher(`(?s)envoy_quic_.{0,1000}\x00(?P<version>1\.2[0-9]\.[0-9]+(-dev)?)\x00`),
+				// 1.2x [NUL]1.20.7[NUL]Unable to
+				// 1.1x [NUL]1.18.6-dev[NUL]Unable to
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.[12][0-9]\.[0-9]+(-dev)?)\x00.{0,1000}Unable to`),
+				// 1.2x [NUL]1.22.11[NUL]...ValidationError
+				// 1.1x [NUL]1.14.3[NUL]...ValidationError
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.2[0-9]\.[0-9]+(-dev)?)\x00.{0,580}ValidationError`),
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.1[0-9]\.[0-9]+(-dev)?)\x00.{0,1000}ValidationError`),
+				// 1.1x [source...[NUL]1.11.0[NUL]/
+				m.FileContentsVersionMatcher(`(?s)\[source/.{0,200}\x00(?P<version>1\.1[0-9]\.[0-9]+(-dev)?)\x00`),
+				// 1.x [NUL]1.6.0[NUL]RELEASE
+				m.FileContentsVersionMatcher(`(?s)\x00(?P<version>1\.[0-9]\.[0-9]+(-dev)?)\x00.{0,20}RELEASE`),
+			),
+			Package: "envoy",
+			PURL:    mustPURL("pkg:generic/envoy@version"),
+			CPEs:    singleCPE("cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
 	}

 	return append(classifiers, defaultJavaClassifiers()...)
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.11.0/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.11.0/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.14.3/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.14.3/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.18.6/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.18.6/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.20.7/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.20.7/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.22.11/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.22.11/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.28.7/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.28.7/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.34.5/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.34.5/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.36.4/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.36.4/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.6.0/linux-amd64/envoy
+++ b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/envoy/1.6.0/linux-amd64/envoy
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@ -924,3 +924,66 @@ from-images:
        platform: linux/amd64
    paths:
      - /usr/share/grafana/bin/grafana-server
+
+  - version: 1.36.4
+    images:
+      - ref: envoyproxy/envoy:v1.36.4@sha256:ae31562b8cede20913a2d3d6a4f44c8479a50551e033cb8ef7bb8e38cec4b573
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.34.5
+    images:
+      - ref: envoyproxy/envoy:v1.34.5@sha256:8ed42378a045901df417eaf8dbaba8b24aead1e995bf1b0277d907ed6320322c
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.28.7
+    images:
+      - ref: envoyproxy/envoy:v1.28.7@sha256:c62d3ccc883457d5403a0f77b31cf2f6d35572f3f9c1c0dd93498c39a281dcfc
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.22.11
+    images:
+      - ref: envoyproxy/envoy:v1.22.1@sha256:1385b1f75e74aef47b2cb1bafdffa43b171cf32b70e8e97d9f5d7cbf161a390a
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.20.7
+    images:
+      - ref: envoyproxy/envoy:v1.20.7@sha256:ca581c36093f2b78d371bff49198cd2cf06753a3ae6d91699788772842e67e3c
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.18.6
+    images:
+      - ref: envoyproxy/envoy:v1.18.6@sha256:a49240deca44017155b880172f3b2919fc26d554ad301a6f9941421849337c08
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.14.3
+    images:
+      - ref: envoyproxy/envoy:v1.14.3@sha256:295522f90150dc787cc7fd4b104402c43ae53ffec82b2afcb1767cfdbfce2306
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.11.0
+    images:
+      - ref: envoyproxy/envoy:v1.11.0@sha256:3b3eb76bc74c8e36e0ed3507844b6c12f69e9efa7588a7e35a29f90ee3e90067
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy
+
+  - version: 1.6.0
+    images:
+      - ref: envoyproxy/envoy:v1.6.0@sha256:6d02409028d76b69bc348650e080e68fd81b863e68aa16e96c95d74ab0f16f24
+        platform: linux/amd64
+    paths:
+      - /usr/local/bin/envoy