feat: add aws-lc classifier (#4882)

Signed-off-by: witchcraze <witchcraze@gmail.com>

internal/capabilities/generate/overrides.go

@@ -96,6 +96,20 @@ var binaryClassifierOverrides = map[string][]binaryClassifierOverride{
 			CPEs:    singleCPE("cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 		},
 	},
+	"openssl-binary": {
+		{
+			Class:   "openssl-binary-aws-lc",
+			Package: "aws-lc",
+			PURL:    mustPURL("pkg:generic/aws-lc@version"),
+			CPEs:    singleCPE("cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+		{
+			Class:   "openssl-binary",
+			Package: "openssl",
+			PURL:    mustPURL("pkg:generic/openssl@version"),
+			CPEs:    singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+		},
+	},
 }
 
 func mustPURL(purl string) string {

syft/pkg/cataloger/binary/capabilities.yaml

@@ -427,6 +427,17 @@ catalogers:
         criteria:
           - '**/openssl'
         packages:
+          - class: openssl-binary
+            name: ""
+            purl: pkg:/
+            cpes: []
+            type: BinaryPkg
+          - class: openssl-binary-aws-lc
+            name: aws-lc
+            purl: pkg:generic/aws-lc
+            cpes:
+              - cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*
+            type: BinaryPkg
           - class: openssl-binary
             name: openssl
             purl: pkg:generic/openssl

syft/pkg/cataloger/binary/classifier_cataloger_test.go

@@ -1485,6 +1485,17 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("openssl-binary"),
 			},
 		},
+		{
+			logicalFixture: "aws-lc/1.69.0/linux-amd64",
+			expected: pkg.Package{
+				Name:      "aws-lc",
+				Version:   "1.69.0",
+				Type:      "binary",
+				PURL:      "pkg:generic/aws-lc@1.69.0",
+				Locations: locations("openssl"),
+				Metadata:  metadata("openssl-binary-aws-lc"),
+			},
+		},
 		{
 			logicalFixture: "openldap/2.6.10/linux-amd64",
 			expected: pkg.Package{

syft/pkg/cataloger/binary/classifiers.go

@@ -564,6 +564,19 @@ func DefaultClassifiers() []binutils.Classifier {
 		{
 			Class:    "openssl-binary",
 			FileGlob: "**/openssl",
+			EvidenceMatcher: binutils.BranchingEvidenceMatcher([]binutils.Classifier{
+				{
+					Class: "openssl-binary-aws-lc",
+					EvidenceMatcher: m.FileContentsVersionMatcher(
+						// [NUL]OpenSSL 1.1.1 (compatible; AWS-LC 1.69.0)[NUL]
+						`AWS-LC (?P<version>[0-9]+\.[0-9]+\.[0-9]+)\)\x00`,
+					),
+					Package: "aws-lc",
+					PURL:    mustPURL("pkg:generic/aws-lc@version"),
+					CPEs:    singleCPE("cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
+				},
+				{
+					Class: "openssl-binary",
 					EvidenceMatcher: m.FileContentsVersionMatcher(
 						// [NUL]OpenSSL 3.1.4'
 						// [NUL]OpenSSL 1.1.1w'
@@ -573,6 +586,8 @@ func DefaultClassifiers() []binutils.Classifier {
 					PURL:    mustPURL("pkg:generic/openssl@version"),
 					CPEs:    singleCPE("cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
 				},
+			}...),
+		},
 		{
 			Class:    "openldap-search-binary",
 			FileGlob: "**/ldapsearch",

syft/pkg/cataloger/binary/testdata/config.yaml

@@ -919,11 +919,19 @@ from-images:
   - name: openssl
     version: 1.1.1w
     images:
-      - ref: openresty/openresty:1.25.3.1-2-alpine@sha256:b1cb45b1556801b8cb1bc29ea78faf2eaf67926a37b052dd070866e44d7df07a
+      - ref: openresty/openresty:1.25.3.1-2-alpine@sha256:6c24f25318e5ecf0c981bec584842af329552a538fe48a24ec25387374c652b2
         platform: linux/arm64
     paths:
       - /usr/local/openresty/openssl/bin/openssl
 
+  - name: aws-lc
+    version: 1.69.0
+    images:
+      - ref: haproxytech/haproxy-alpine:3.3.8@sha256:ba237771cc7e734b4449829b09d107012c8d7578d77487b8453207e7ca851996
+        platform: linux/amd64
+    paths:
+      - /opt/aws-lc/bin/openssl
+
   - name: openldap
     version: 2.6.10
     images: