From e2007d9bf26bf62d699ee952f66db8cf2e0a3997 Mon Sep 17 00:00:00 2001 From: witchcraze <67056980+witchcraze@users.noreply.github.com> Date: Thu, 7 May 2026 05:43:34 +0900 Subject: [PATCH] feat: add aws-lc classifier (#4882) Signed-off-by: witchcraze --- internal/capabilities/generate/overrides.go | 14 ++++++++ syft/pkg/cataloger/binary/capabilities.yaml | 11 +++++++ .../binary/classifier_cataloger_test.go | 11 +++++++ syft/pkg/cataloger/binary/classifiers.go | 31 +++++++++++++----- .../aws-lc/1.69.0/linux-amd64/openssl | Bin 0 -> 350 bytes .../pkg/cataloger/binary/testdata/config.yaml | 10 +++++- 6 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 syft/pkg/cataloger/binary/testdata/classifiers/snippets/aws-lc/1.69.0/linux-amd64/openssl diff --git a/internal/capabilities/generate/overrides.go b/internal/capabilities/generate/overrides.go index bf1afa47d..1f578a15e 100644 --- a/internal/capabilities/generate/overrides.go +++ b/internal/capabilities/generate/overrides.go @@ -96,6 +96,20 @@ var binaryClassifierOverrides = map[string][]binaryClassifierOverride{ CPEs: singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), }, }, + "openssl-binary": { + { + Class: "openssl-binary-aws-lc", + Package: "aws-lc", + PURL: mustPURL("pkg:generic/aws-lc@version"), + CPEs: singleCPE("cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "openssl-binary", + Package: "openssl", + PURL: mustPURL("pkg:generic/openssl@version"), + CPEs: singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + }, } func mustPURL(purl string) string { diff --git a/syft/pkg/cataloger/binary/capabilities.yaml b/syft/pkg/cataloger/binary/capabilities.yaml index b64362108..35a3e946b 100644 --- a/syft/pkg/cataloger/binary/capabilities.yaml +++ b/syft/pkg/cataloger/binary/capabilities.yaml @@ -427,6 +427,17 @@ catalogers: criteria: - '**/openssl' packages: + - class: openssl-binary + name: "" + purl: pkg:/ + cpes: [] + type: BinaryPkg + - class: openssl-binary-aws-lc + name: aws-lc + purl: pkg:generic/aws-lc + cpes: + - cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:* + type: BinaryPkg - class: openssl-binary name: openssl purl: pkg:generic/openssl diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index f14628764..279a21099 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -1485,6 +1485,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("openssl-binary"), }, }, + { + logicalFixture: "aws-lc/1.69.0/linux-amd64", + expected: pkg.Package{ + Name: "aws-lc", + Version: "1.69.0", + Type: "binary", + PURL: "pkg:generic/aws-lc@1.69.0", + Locations: locations("openssl"), + Metadata: metadata("openssl-binary-aws-lc"), + }, + }, { logicalFixture: "openldap/2.6.10/linux-amd64", expected: pkg.Package{ diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index 2802b16a7..8a0f32fb8 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -564,14 +564,29 @@ func DefaultClassifiers() []binutils.Classifier { { Class: "openssl-binary", FileGlob: "**/openssl", - EvidenceMatcher: m.FileContentsVersionMatcher( - // [NUL]OpenSSL 3.1.4' - // [NUL]OpenSSL 1.1.1w' - `\x00OpenSSL (?P[0-9]+\.[0-9]+\.[0-9]+([a-z]+|-alpha[0-9]|-beta[0-9]|-rc[0-9])?)`, - ), - Package: "openssl", - PURL: mustPURL("pkg:generic/openssl@version"), - CPEs: singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + EvidenceMatcher: binutils.BranchingEvidenceMatcher([]binutils.Classifier{ + { + Class: "openssl-binary-aws-lc", + EvidenceMatcher: m.FileContentsVersionMatcher( + // [NUL]OpenSSL 1.1.1 (compatible; AWS-LC 1.69.0)[NUL] + `AWS-LC (?P[0-9]+\.[0-9]+\.[0-9]+)\)\x00`, + ), + Package: "aws-lc", + PURL: mustPURL("pkg:generic/aws-lc@version"), + CPEs: singleCPE("cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "openssl-binary", + EvidenceMatcher: m.FileContentsVersionMatcher( + // [NUL]OpenSSL 3.1.4' + // [NUL]OpenSSL 1.1.1w' + `\x00OpenSSL (?P[0-9]+\.[0-9]+\.[0-9]+([a-z]+|-alpha[0-9]|-beta[0-9]|-rc[0-9])?)`, + ), + Package: "openssl", + PURL: mustPURL("pkg:generic/openssl@version"), + CPEs: singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + }...), }, { Class: "openldap-search-binary", diff --git a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/aws-lc/1.69.0/linux-amd64/openssl b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/aws-lc/1.69.0/linux-amd64/openssl new file mode 100644 index 0000000000000000000000000000000000000000..0bf1688e0d8ae17e990438081b65c2ca774b8c64 GIT binary patch literal 350 zcmYjM%WA_g5bRlBu@FkyLxW_!-BT&O1$ywI=k;op2prqkf{?$j`-1Kq7G{Q>oe?kG z!Zh=^u7j9zUb(i=c&nro1COVAZb3CttYevHuH6|M>srV%MnhynByurG_L71z>`}7` zT5;o)-^gC6q#0#)E+=hMGUTIGN#ru{-!aOF+OX+El0>oZNwKGBl8Me_Yqe`EXX|~B z231C>Wyn&ZOd)H+AjEFBgZ@?-e&2*TL7s+Ty22(29Ikj