From 6a95a5f2ed9ea35c8a718de859d9bf171854c5d5 Mon Sep 17 00:00:00 2001 From: "Krystian G." <108719245+krysgor@users.noreply.github.com> Date: Thu, 19 Sep 2024 15:21:02 +0200 Subject: [PATCH] feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher (#3252) * feat: detect lighttpd binaries Signed-off-by: Krystian Gorny * feat: detect proftpd binaries Signed-off-by: Krystian Gorny * feat: detect zstd binaries Signed-off-by: Krystian Gorny * feat: detect xz utils binarie Signed-off-by: Krystian Gorny * feat: detect gzip binaries Signed-off-by: Krystian Gorny * feat: detect sqlcipher binaries Signed-off-by: Krystian Gorny * feat: detect jq binaries Signed-off-by: Krystian Gorny * add tests + snippets Signed-off-by: Alex Goodman --------- Signed-off-by: Krystian Gorny Signed-off-by: Alex Goodman Co-authored-by: Krystian Gorny Co-authored-by: Alex Goodman --- .../binary/classifier_cataloger_test.go | 88 ++++++++++++++++++ syft/pkg/cataloger/binary/classifiers.go | 70 ++++++++++++++ .../snippets/gzip/1.12/linux-amd64/gzip | Bin 0 -> 346 bytes .../snippets/jq/1.7.1/linux-amd64/jq | Bin 0 -> 346 bytes .../lighttpd/1.4.76/linux-amd64/lighttpd | Bin 0 -> 351 bytes .../proftpd/1.3.8b/linux-amd64/proftpd | Bin 0 -> 350 bytes .../sqlcipher/4.5.5/linux-amd64/sqlcipher | Bin 0 -> 353 bytes .../snippets/xz/5.6.2/linux-amd64/xz | Bin 0 -> 344 bytes .../snippets/zstd/1.5.6/linux-amd64/zstd | Bin 0 -> 348 bytes .../binary/test-fixtures/config.yaml | 55 +++++++++++ 10 files changed, 213 insertions(+) create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/gzip/1.12/linux-amd64/gzip create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/jq/1.7.1/linux-amd64/jq create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/lighttpd/1.4.76/linux-amd64/lighttpd create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/proftpd/1.3.8b/linux-amd64/proftpd create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/sqlcipher/4.5.5/linux-amd64/sqlcipher create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/xz/5.6.2/linux-amd64/xz create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/zstd/1.5.6/linux-amd64/zstd diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index c1bfbb322f0..22f59b1b39e 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -1082,6 +1082,94 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("wordpress-cli-binary"), }, }, + { + logicalFixture: "lighttpd/1.4.76/linux-amd64", + expected: pkg.Package{ + Name: "lighttpd", + Version: "1.4.76", + Type: "binary", + PURL: "pkg:generic/lighttpd@1.4.76", + Locations: locations("lighttpd"), + Metadata: metadata("lighttpd-binary"), + }, + }, + { + logicalFixture: "proftpd/1.3.8b/linux-amd64", + expected: pkg.Package{ + Name: "proftpd", + Version: "1.3.8b", + Type: "binary", + PURL: "pkg:generic/proftpd@1.3.8b", + Locations: locations("proftpd"), + Metadata: metadata("proftpd-binary"), + }, + }, + { + logicalFixture: "zstd/1.5.6/linux-amd64", + expected: pkg.Package{ + Name: "zstd", + Version: "1.5.6", + Type: "binary", + PURL: "pkg:generic/zstd@1.5.6", + Locations: locations("zstd"), + Metadata: metadata("zstd-binary"), + }, + }, + { + logicalFixture: "zstd/1.5.6/linux-amd64", + expected: pkg.Package{ + Name: "zstd", + Version: "1.5.6", + Type: "binary", + PURL: "pkg:generic/zstd@1.5.6", + Locations: locations("zstd"), + Metadata: metadata("zstd-binary"), + }, + }, + { + logicalFixture: "xz/5.6.2/linux-amd64", + expected: pkg.Package{ + Name: "xz", + Version: "5.6.2", + Type: "binary", + PURL: "pkg:generic/xz@5.6.2", + Locations: locations("xz"), + Metadata: metadata("xz-binary"), + }, + }, + { + logicalFixture: "gzip/1.12/linux-amd64", + expected: pkg.Package{ + Name: "gzip", + Version: "1.12", + Type: "binary", + PURL: "pkg:generic/gzip@1.12", + Locations: locations("gzip"), + Metadata: metadata("gzip-binary"), + }, + }, + { + logicalFixture: "sqlcipher/4.5.5/linux-amd64", + expected: pkg.Package{ + Name: "sqlcipher", + Version: "4.5.5", + Type: "binary", + PURL: "pkg:generic/sqlcipher@4.5.5", + Locations: locations("sqlcipher"), + Metadata: metadata("sqlcipher-binary"), + }, + }, + { + logicalFixture: "jq/1.7.1/linux-amd64", + expected: pkg.Package{ + Name: "jq", + Version: "1.7.1", + Type: "binary", + PURL: "pkg:generic/jq@1.7.1", + Locations: locations("jq"), + Metadata: metadata("jq-binary"), + }, + }, } for _, test := range tests { diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index 5290b4d984e..0a2a1a9b856 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -574,6 +574,76 @@ func DefaultClassifiers() []Classifier { PURL: mustPURL("pkg:generic/curl@version"), CPEs: singleCPE("cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), }, + { + Class: "lighttpd-binary", + FileGlob: "**/lighttpd", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00lighttpd/(?P[0-9]+\.[0-9]+\.[0-9]+)\x00`, + ), + Package: "lighttpd", + PURL: mustPURL("pkg:generic/lighttpd@version"), + CPEs: singleCPE("cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "proftpd-binary", + FileGlob: "**/proftpd", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00ProFTPD Version (?P[0-9]+\.[0-9]+\.[0-9]+[a-z]?)\x00`, + ), + Package: "proftpd", + PURL: mustPURL("pkg:generic/proftpd@version"), + CPEs: singleCPE("cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "zstd-binary", + FileGlob: "**/zstd", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00v(?P[0-9]+\.[0-9]+\.[0-9]+)\x00`, + ), + Package: "zstd", + PURL: mustPURL("pkg:generic/zstd@version"), + CPEs: singleCPE("cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "xz-binary", + FileGlob: "**/xz", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00xz \(XZ Utils\) (?P[0-9]+\.[0-9]+\.[0-9]+)\x00`, + ), + Package: "xz", + PURL: mustPURL("pkg:generic/xz@version"), + CPEs: singleCPE("cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "gzip-binary", + FileGlob: "**/gzip", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00(?P[0-9]+\.[0-9]+)\x00`, + ), + Package: "gzip", + PURL: mustPURL("pkg:generic/gzip@version"), + CPEs: singleCPE("cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "sqlcipher-binary", + FileGlob: "**/sqlcipher", + EvidenceMatcher: FileContentsVersionMatcher( + `[^0-9]\x00(?P[0-9]+\.[0-9]+\.[0-9]+)\x00`, + ), + Package: "sqlcipher", + PURL: mustPURL("pkg:generic/sqlcipher@version"), + CPEs: singleCPE("cpe:2.3:a:zetetic:sqlcipher:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, + { + Class: "jq-binary", + FileGlob: "**/jq", + EvidenceMatcher: FileContentsVersionMatcher( + `\x00(?P[0-9]{1,3}\.[0-9]{1,3}(\.[0-9]+)?)\x00`, + ), + Package: "jq", + PURL: mustPURL("pkg:generic/jq@version"), + CPEs: singleCPE("cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), + }, } } diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/gzip/1.12/linux-amd64/gzip b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/gzip/1.12/linux-amd64/gzip new file mode 100644 index 0000000000000000000000000000000000000000..64510d6c4de9f3b608baf906b49210a910c8ab55 GIT binary patch literal 346 zcmZ{eOHRZv5JbK9DO!pm!DbY@<6o}93EFmhCL)QWi2=ds2_slii??~IQf;*I1lO;5 zm$j6G+XN1M@N(hp+HMmlJ;-C5_nq6zjkK{7=sZ@teTl}9_l3@KB8Qen zZ_pN|Fp@WxwL%Ooc+I0M^TK~)A$W&4gs2Lt;0nf(?V!dK66!c4# mev;{&f;O)w#oLzZy5IRYIE#n=2ckC@Rr+4QQ>%@Z5X?CrA%Q{AgG)NEN#-buA0VD3nRIq%7$@_{viSE#SHW9#RZ(3v`w#5c zxYC@`j-_LuWNU<>6VAtSs<+^DpND0^@_O<@n~tI3Mua{}E1Zix2MOLNZn$;IYQ@2D z2;QW&H7fO50FNn3BeX!Jz11`g6aIy1r$p}pcT%ASj%WabM9D=f69k!1XjcQAbW(aJ zW7}&REJSd(|(^+no|PvJ literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/lighttpd/1.4.76/linux-amd64/lighttpd b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/lighttpd/1.4.76/linux-amd64/lighttpd new file mode 100644 index 0000000000000000000000000000000000000000..c6147b7a9bb095d9fe53316e3b6298c56be26119 GIT binary patch literal 351 zcmXw!yKciU3`Mh6UqK*4r>1&X4|^#JWGT?42>JoEOvOf3NwAd${`)#;!{r`;yu4(> zZ|WdU=dso@upGidwF9Z0m6kj{L+G3$ zWw}D-+O}_7ElCWB+_c_$s{}dYDfEGbDbjsetA$mXqv6{45O^@sYh?%RTeO;6gHkn0 zTfK2Z{g%)O9JF+s^v*lR_WM2bYbE$U6KaN#W6W3BT8uqB!Rh0Dx(!@P$#Z49`_s?j z&>XDUEj0hoy!)%ynPANqNSC_63mkKLtbnD&6%bCJZ%62-dJC!Jv}~MkUfE{7;+&>* K?!d?Fzu*@sSY~$s literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/proftpd/1.3.8b/linux-amd64/proftpd b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/proftpd/1.3.8b/linux-amd64/proftpd new file mode 100644 index 0000000000000000000000000000000000000000..f9bc1cae5a539902b3716f2ad1230ba377c5fc66 GIT binary patch literal 350 zcmXw!PfNrw6vTV(r+Bc)US!Rmwn=&uL@y$O;{7Fg*$sA+lBT=(?X9Bcnfc93!ZVF9 zmmKQs+Z@6|b%a4mCHi)vbgZWlxM1y);yhD*JE7=@5wu~NSZIvQgc)r$g=V;V6PwUF{bxi2Hvra5zJ;VqZGG{9mvX_J~K+f5? z0Bi@!J}@#cnZZXV95Wdw9aB^?75)v&0DXrPe6}G`Fd!0;hKLTO_eO{UXD3lQK~5^HtL_SANug`ac04Uu|Rn literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/xz/5.6.2/linux-amd64/xz b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/xz/5.6.2/linux-amd64/xz new file mode 100644 index 0000000000000000000000000000000000000000..ed3dc45093f841a8eba7ea7305dae8f96d5713be GIT binary patch literal 344 zcmY+8J5R$f6h=GyS6rz=f~C54Y{$;T#L9q>5St&@jfE3OjS(fko|ebJdd{b#Z*~(6 zaNbx=X{9!R7RD%6Xg;=a04|WNb6yr|Poon`Uj{N6l*y-r&MMUr2}`0!)jK0avXZ)< zc<>PslSw`*sZ3BlN}~z;$Wku!7wbGyQaXAHD!539T6f%P9;Eku2s(!qvAv!hS9$`B0jXo2+JwSL;e+N@CTo}pDKO81 zpianOSvMr5BSlFqwUOzhxRxZ%IsTRPbQ+}-!E5i8N{KP4BaS{9jfpzN1EV|{g~4D% z9fj@;t*~m;oFO5*-46V%MfjZwZGp7pynI5pNSl{ZCo;UbQsCHmY{SM5>Y#`B+FU_* zML51Z5BvQd>c_e+*H(W{8J@nsfgDdR++d@J2YejvdG@fyYwgAGP|1+*@}Isq*uDT~ CC1;iZ literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml index 58408325be8..51607b51a96 100644 --- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml +++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml @@ -610,3 +610,58 @@ from-images: paths: - /usr/bin/curl + - name: lighttpd + version: 1.4.76 + images: + - ref: jitesoft/lighttpd:1.4.76-cgi@sha256:f5d4500bfb992a20ca39369ae1ca1d8a7a9463bb8c59ee8dd85ddb6d96fc9fc1 + platform: linux/amd64 + paths: + - /usr/local/sbin/lighttpd + + - name: proftpd + version: 1.3.8b + images: + - ref: mekayelanik/proftpd-server-alpine:1.3.8b-r2@sha256:a1ef73a2de04999e53bf728b548ef9922febab8f5709037e40e0141cedcd66db + platform: linux/amd64 + paths: + - /usr/sbin/proftpd + + - name: zstd + version: 1.5.6 + images: + - ref: danysk/zstd:1.5.6@sha256:5eceba085b3a399592755dd66a37b8adfb83538af3f56b51bec6e6cc955e3b5f + platform: linux/amd64 + paths: + - /usr/local/bin/zstd + + - name: xz + version: 5.6.2 + images: + - ref: docker:27.2.1@sha256:c51fa20028ff6590588d9ed97d3b16865d503a3d7228aa885871c5c292afa5ca + platform: linux/amd64 + paths: + - /usr/bin/xz + + - name: gzip + version: 1.12 + images: + - ref: ubuntu:24.04@sha256:d35dfc2fe3ef66bcc085ca00d3152b482e6cafb23cdda1864154caf3b19094ba + platform: linux/amd64 + paths: + - /usr/bin/gzip + + - name: sqlcipher + version: 4.5.5 + images: + - ref: yspreen/sqlcipher@sha256:93189cc465661f16ad23f3ace4206179bdd19967deaf08c54da5ac1e34bb6fb7 + platform: linux/amd64 + paths: + - /usr/local/bin/sqlcipher + + - name: jq + version: 1.7.1 + images: + - ref: efrecon/jq:1.7.1@sha256:0ad05e2e6d1dea5fe0852ecc23114eb768d60c4ce0985d729eb958809e7f31dd + platform: linux/amd64 + paths: + - /usr/local/bin/jq