From 94c80885427218e91399cafd5b498342356033eb Mon Sep 17 00:00:00 2001
From: Rez Moss <hi@rezmoss.com>
Date: Fri, 30 Jan 2026 10:35:33 -0500
Subject: [PATCH] feat: add Qt6 binary detection (#4550)

---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---
 syft/pkg/cataloger/binary/capabilities.yaml   |  11 ++++++
 .../binary/classifier_cataloger_test.go       |  33 ++++++++++++++++++
 syft/pkg/cataloger/binary/classifiers.go      |  16 +++++++++
 .../cataloger/binary/test-fixtures/Makefile   |   2 +-
 .../qt/4.8.6/linux-amd64/libQtCore.so.4.8.6   | Bin 0 -> 362 bytes
 .../5.15.2/linux-amd64/libQt5Core.so.5.15.2   | Bin 0 -> 364 bytes
 .../qt/6.5.0/linux-amd64/libQt6Core.so.6.5.0  | Bin 0 -> 363 bytes
 .../binary/test-fixtures/config.yaml          |  27 ++++++++++++--
 8 files changed, 86 insertions(+), 3 deletions(-)
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/4.8.6/linux-amd64/libQtCore.so.4.8.6
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/5.15.2/linux-amd64/libQt5Core.so.5.15.2
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/6.5.0/linux-amd64/libQt6Core.so.6.5.0

diff --git a/syft/pkg/cataloger/binary/capabilities.yaml b/syft/pkg/cataloger/binary/capabilities.yaml
index 0b3a36e51..98d7c0f7a 100644
--- a/syft/pkg/cataloger/binary/capabilities.yaml
+++ b/syft/pkg/cataloger/binary/capabilities.yaml
@@ -423,6 +423,17 @@ catalogers:
             cpes:
               - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
             type: BinaryPkg
+      - method: glob
+        criteria:
+          - '**/libQt*Core.so*'
+        packages:
+          - class: qt-qtbase-lib
+            name: qtbase
+            purl: pkg:generic/qtbase
+            cpes:
+              - cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
+              - cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*
+            type: BinaryPkg
       - method: glob
         criteria:
           - '**/gcc'
diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
index 584ea30fe..7eb28706a 100644
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -1269,6 +1269,39 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("openssl-binary"),
 			},
 		},
+		{
+			logicalFixture: "qt/4.8.6/linux-amd64",
+			expected: pkg.Package{
+				Name:      "qtbase",
+				Version:   "4.8.6",
+				Type:      "binary",
+				PURL:      "pkg:generic/qtbase@4.8.6",
+				Locations: locations("libQtCore.so.4.8.6"),
+				Metadata:  metadata("qt-qtbase-lib"),
+			},
+		},
+		{
+			logicalFixture: "qt/5.15.2/linux-amd64",
+			expected: pkg.Package{
+				Name:      "qtbase",
+				Version:   "5.15.2",
+				Type:      "binary",
+				PURL:      "pkg:generic/qtbase@5.15.2",
+				Locations: locations("libQt5Core.so.5.15.2"),
+				Metadata:  metadata("qt-qtbase-lib"),
+			},
+		},
+		{
+			logicalFixture: "qt/6.5.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "qtbase",
+				Version:   "6.5.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/qtbase@6.5.0",
+				Locations: locations("libQt6Core.so.6.5.0"),
+				Metadata:  metadata("qt-qtbase-lib"),
+			},
+		},
 		{
 			logicalFixture: "gcc/12.3.0/linux-amd64",
 			expected: pkg.Package{
diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go
index a2b20f81f..28e519026 100644
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@@ -510,6 +510,22 @@ func DefaultClassifiers() []binutils.Classifier {
 			PURL:    mustPURL("pkg:generic/openssl@version"),
 			CPEs:    singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 		},
+		{
+			Class:    "qt-qtbase-lib",
+			FileGlob: "**/libQt*Core.so*",
+			EvidenceMatcher: binutils.MatchAny(
+				// Qt 5.x and Qt 6.x pattern [NUL][NUL]Qt 6.5.0 (x86_64-little_endian-...
+				m.FileContentsVersionMatcher(`\x00\x00Qt (?P<version>[0-9]+\.[0-9]+\.[0-9]+) \(`),
+				// Qt 4.x pattern QtCore lib ver 4.8.7
+				m.FileContentsVersionMatcher(`QtCore library version (?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
+			),
+			Package: "qtbase",
+			PURL:    mustPURL("pkg:generic/qtbase@version"),
+			CPEs: []cpe.CPE{
+				cpe.Must("cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+				cpe.Must("cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+			},
+		},
 		{
 			Class:    "gcc-binary",
 			FileGlob: "**/gcc",
diff --git a/syft/pkg/cataloger/binary/test-fixtures/Makefile b/syft/pkg/cataloger/binary/test-fixtures/Makefile
index fa37d43c1..3920d2397 100644
--- a/syft/pkg/cataloger/binary/test-fixtures/Makefile
+++ b/syft/pkg/cataloger/binary/test-fixtures/Makefile
@@ -41,4 +41,4 @@ clean-fingerprint: ## clean up all legacy fingerprint files
 help:
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'
 
-.PHONY: default list download download-all clean clean-fingerprint add-snippet fingerprint
\ No newline at end of file
+.PHONY: default list download download-all clean clean-fingerprint add-snippet fingerprint
diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/4.8.6/linux-amd64/libQtCore.so.4.8.6 b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/4.8.6/linux-amd64/libQtCore.so.4.8.6
new file mode 100644
index 0000000000000000000000000000000000000000..3282baabbf0f0b96fd07b3be29a211a50bfbd9cf
GIT binary patch
literal 362
zcmXw#L2kn!6hyP;6kp0FQ56?3V93@zK&$ow{J^)7sEG_|mD|@<T4^?;k)B3x@t^Sw
zIpJFy%Nn~{I@Q_EutHR0JA-hB50<kWm#NKLmz>olU9Yjd&t7VC2G<+YM{=sy!VW?A
zc;P|>5(0zO&Z3OgSl?sR4u$K{3X<Ad9)c3wN=7Nif0#Ey3G0m{>mm|rMN(PfsDsj%
z0gcmyj;q0W&c&c*)C0Fh6AdzGkBsg2d%$~(@OKkh0V+9{Z`dXV)6>&Q0o`&wUCKgf
z+U-8(RAEb-BRoX>Dp~z{hp)KSR2Fzx8O!y)rfF_)7>^*i=;0+z$-`^DfM3FMSs}Fw
R^@cTtv;hvM6zj2L;}5nyYIy(v

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/5.15.2/linux-amd64/libQt5Core.so.5.15.2 b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/5.15.2/linux-amd64/libQt5Core.so.5.15.2
new file mode 100644
index 0000000000000000000000000000000000000000..6841cbf70bbf60f868b12b3732feb64ab9dfde27
GIT binary patch
literal 364
zcmXv}y>7xV5N6I(oWw#0f_?sposJCcO8WrFXP+UGNf2>Wc>4ymz2zIe-y6e)dnf}P
zs@YFBZs(~rtu!q*Q_eHj9+Y=p3fB}KPxah`MA6LSaJ_Q<JO?zk2TxigO4uo4O~J8G
zI@^v=2Nfa_3e<+A#bmNq$soEU6|2}irQS7pDEuFWM#!kBvszQeh$e|Hc$q|0T4iH|
zkurK=C86xBj8V8JV)O>dY1uUE^&03=8UAKMogh!8Oy96j&1qh>?QXT>8h7_}T0QSj
z;rDIW+?_pIy)8qng^xU@A&lE{wHoGgxN(9_dW_*R#22`6;V?7M*HF^y(g|<-{Su^F
R2`Ho$T3Fb8ES~pJ;Rl!yW?%pS

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/6.5.0/linux-amd64/libQt6Core.so.6.5.0 b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/qt/6.5.0/linux-amd64/libQt6Core.so.6.5.0
new file mode 100644
index 0000000000000000000000000000000000000000..7829b7890ded35b4aa1ef10fa4da4679ee728678
GIT binary patch
literal 363
zcmXw!Ic~!+5Jgk#6a%<%iU=Hv9Fa=tB59o*z~C~B3DA@wF^g{>!AO4l@%~cXg(oQ4
z9~&L!h5L2xsn@;e=9E@$6DT5Wjp+*4k9M8_rRdh0uUBsGXD2mHAV_$ty(XzrARal8
z)FBN?VH|k09*t##Q3xA?!Xc6!$E2;?AP$MUlneid=_m<l@Iy2%cw&skGbv`=nj=~(
zrDtOXADj$?o}9+u(4>@H2!gwAx7&fgHHN>L&}K+;Df2gMR_9v&;#?aq8^8~D9UI(V
z!~Vz6iPTfctrb3TjoH<wawP@p*)1GlA8*xNa(IM=3%ixUf94XOw@P?98~{Z>^axT&
O6iQ0izirT~Yw!z<%4!_|

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
index 96373cf12..ba81571c3 100644
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@@ -11,7 +11,7 @@ from-images:
 
   - name: busybox
     version: 1.36.1
-    images: 
+    images:
       - ref: busybox:1.36.1@sha256:058f0df5310fbbbfea7e81a3a3e2b4bf3452438ec841138d170e170adbbd27a4
         platform: linux/amd64
     paths:
@@ -1020,6 +1020,29 @@ from-images:
     paths:
       - /usr/share/grafana/bin/grafana-server
 
+  - name: qt
+    version: 6.5.0
+    images:
+      - ref: stateoftheartio/qt6:6.5-gcc-aqt@sha256:c0dfd1cd174d855f0157ce0455270b2ee49f5eea4c7a40ffe0e848d41ae4d074
+        platform: linux/amd64
+    paths:
+      - /opt/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
+
+  - name: qt
+    version: 5.15.2
+    images:
+      - ref: rabits/qt:5.15-desktop@sha256:8dd10b4fcdece7e329dd2b9db52dafcd6590940954bc36d5018567e850d9599c
+        platform: linux/amd64
+    paths:
+      - /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5.15.2
+
+  - name: qt
+    version: 4.8.6
+    images:
+      - ref: uvatbc/qt:qt4@sha256:9d6f18e000df14077f4c96e487fc84e02f1cef19c27f2a8f66f161b8a1ef6b06
+        platform: linux/amd64
+    paths:
+      - /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.6
   - version: 1.36.4
     images:
       - ref: envoyproxy/envoy:v1.36.4@sha256:ae31562b8cede20913a2d3d6a4f44c8479a50551e033cb8ef7bb8e38cec4b573
@@ -1081,4 +1104,4 @@ from-images:
       - ref: envoyproxy/envoy:v1.6.0@sha256:6d02409028d76b69bc348650e080e68fd81b863e68aa16e96c95d74ab0f16f24
         platform: linux/amd64
     paths:
-      - /usr/local/bin/envoy
\ No newline at end of file
+      - /usr/local/bin/envoy