From e1483e02857f9536d7cb8715e5be6f84647b57e7 Mon Sep 17 00:00:00 2001
From: Alan Pope <alan.pope@anchore.com>
Date: Fri, 26 Sep 2025 15:43:47 +0100
Subject: [PATCH] Add support for identifying ffmpeg/libav libraries (#4227)

* Add support for identifying ffmpeg/libav libraries

Signed-off-by: Alan Pope <alan.pope@anchore.com>

* Undo my snippet-based confusion

Signed-off-by: Alan Pope <alan.pope@anchore.com>

* Put test fixture config back

Signed-off-by: Alan Pope <alan.pope@anchore.com>

---------

Signed-off-by: Alan Pope <alan.pope@anchore.com>
---
 .../binary/classifier_cataloger_test.go       |  11 ++++++++
 syft/pkg/cataloger/binary/classifiers.go      |  24 ++++++++++++++++++
 .../5.1.4/linux-amd64/libavcodec              | Bin 0 -> 355 bytes
 .../binary/test-fixtures/config.yaml          |  12 +++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/ffmpeg-shared-libs/5.1.4/linux-amd64/libavcodec

diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
index 0839a2dca..3be5c2d0d 100644
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@@ -1392,6 +1392,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("ffmpeg-binary"),
 			},
 		},
+		{
+			logicalFixture: "ffmpeg-shared-libs/5.1.4/linux-amd64",
+			expected: pkg.Package{
+				Name:      "ffmpeg",
+				Version:   "5.1.4",
+				Type:      "binary",
+				PURL:      "pkg:generic/ffmpeg@5.1.4",
+				Locations: locations("libavcodec"),
+				Metadata:  metadata("ffmpeg-library"),
+			},
+		},
 	}
 
 	for _, test := range tests {
diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go
index 154175ddc..a58091c6b 100644
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@@ -639,6 +639,30 @@ func DefaultClassifiers() []binutils.Classifier {
 			PURL:    mustPURL("pkg:generic/ffmpeg@version"),
 			CPEs:    singleCPE("cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 		},
+		{
+			Class:    "ffmpeg-library",
+			FileGlob: "**/libav*",
+			EvidenceMatcher: binutils.MatchAny(
+				// Primary pattern: FFmpeg version found in most libraries
+				m.FileContentsVersionMatcher(`(?m)FFmpeg version (?P<version>[0-9]+\.[0-9]+(\.[0-9]+)?)`),
+				// Fallback: library-specific version patterns for libavcodec and libavformat
+				m.FileContentsVersionMatcher(`(?m)Lavc(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
+				m.FileContentsVersionMatcher(`(?m)Lavf(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
+			),
+			Package: "ffmpeg",
+			PURL:    mustPURL("pkg:generic/ffmpeg@version"),
+			CPEs:    singleCPE("cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:    "ffmpeg-library",
+			FileGlob: "**/libswresample*",
+			EvidenceMatcher: m.FileContentsVersionMatcher(
+				// FFmpeg version pattern for libswresample
+				`(?m)FFmpeg version (?P<version>[0-9]+\.[0-9]+(\.[0-9]+)?)`),
+			Package: "ffmpeg",
+			PURL:    mustPURL("pkg:generic/ffmpeg@version"),
+			CPEs:    singleCPE("cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
 	}
 
 	return append(classifiers, defaultJavaClassifiers()...)
diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/ffmpeg-shared-libs/5.1.4/linux-amd64/libavcodec b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/ffmpeg-shared-libs/5.1.4/linux-amd64/libavcodec
new file mode 100644
index 0000000000000000000000000000000000000000..f325e222a88269ff406ccff6c0ef7ab421eb7e9d
GIT binary patch
literal 355
zcmaiuL2kn!5JlZ8D^7vry#*Ks>;vQiJ;4Aoi6zHaHcHgfw^o#PSM@F5|N8n1-e{Eb
z6!D%)rX&jUPIZ*pC{Tj~G1GFX*QXHsGOa7sk1HAnqXZ1mx_*c*^(H8<OkzJ6%@Bjl
zLr7LLTI;M<L!X1np1jv7QjX9kOM<7Fe#U~q(1St45mk(kj}dm@lJ$lSQm+^p6~oa=
z-YboY(1O(&vjPo5v~4TnXC?W%DQl5j=D9rN5s7^&i!_~<Ws@^j+M1?0pKmK&<ej!>
U>N?%oL;uOwKfL|&{^E4{2C*)0uK)l5

literal 0
HcmV?d00001

diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
index 3f3c15513..aee3ec6b6 100644
--- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml
+++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml
@@ -830,3 +830,15 @@ from-images:
         platform: linux/arm64
     paths:
       - /usr/local/bin/ffmpeg
+
+  - name: ffmpeg-shared-libs
+    version: 5.1.4
+    images:
+      - ref: demisto/opencv:1.0.0.111908@sha256:abba3aab213990c666900a93db03420238527b757bf5825543cf7b4c5e11ac65
+        platform: linux/amd64
+    paths:
+      - /usr/local/lib/python3.11/site-packages/opencv_contrib_python.libs/libavcodec-9aae324f.so.59.37.100
+      - /usr/local/lib/python3.11/site-packages/opencv_contrib_python.libs/libavformat-3ff1be5b.so.59.27.100
+      - /usr/local/lib/python3.11/site-packages/opencv_contrib_python.libs/libavutil-a0a0531e.so.57.28.100
+      - /usr/local/lib/python3.11/site-packages/opencv_contrib_python.libs/libswresample-2ec4394e.so.4.7.100
+