diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 04f127364d..a042d2cd78 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -71,6 +71,7 @@ bwm bzip c cabextract +cairo capnproto cbt CDNs @@ -369,6 +370,7 @@ libinput libjpeg libksba liblas +liblouis libmatroska libmemcached libmicrohttpd diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 5cc0b5e578..3448d37114 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -32,7 +32,7 @@ jobs: run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 46c195f28a..251e46fed7 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -69,14 +69,14 @@ jobs: echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: fuzz-cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: fuzz-cache diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 96a6619388..dbd7b836b3 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -136,13 +136,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -232,13 +232,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -285,7 +285,7 @@ jobs: --ignore=test/test_language_parser.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -349,13 +349,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -388,7 +388,7 @@ jobs: test/test_language_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -452,13 +452,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -491,7 +491,7 @@ jobs: test/test_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -555,13 +555,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -595,7 +595,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -678,13 +678,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -785,14 +785,14 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}" - name: Get today's cached database - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }} enableCrossOsArchive: true - name: Get yesterday's cached database if today's is not available - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -839,7 +839,7 @@ jobs: test/test_cli.py test/test_cvedb.py - name: Cache conda - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 env: # Increase to reset cache if requirements.txt file has not changed CACHE_NUMBER: 0 @@ -873,7 +873,7 @@ jobs: -o junit_family=legacy --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: files: coverage.xml flags: windows_long_tests diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index d5c7ee2078..d3655ca11f 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -39,7 +39,7 @@ jobs: id: get-date run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index 3d4c0b8db5..9aa42105cd 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -36,7 +36,7 @@ jobs: run: python .github/workflows/update_js_dependencies.py - name: Get cached Python packages - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} diff --git a/README.md b/README.md index 2cd17f8796..37a479eb2f 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ CVE Binary Tool uses the NVD API but is not endorsed or certified by the NVD. The tool has two main modes of operation: -1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 394 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. +1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are 396 checkers. Our initial focus was on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. 2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats. @@ -226,64 +226,64 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |---------------- |------------------ |----------- |------------- |------------- |----------------- | +|--------------- |----------------- |------------------ |--------------- |------------- |----------- |------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |apr |asn1c | | assimp |asterisk |atftp |avahi |axel |bash |bind | | binutils |bird |bison |bluez |boa |boinc |botan | -| bro |bubblewrap |busybox |bwm_ng |bzip2 |c_ares |capnproto | -| ceph |cflow |chess |chrony |civetweb |clamav |clang | -| collectd |commons_compress |connman |coreutils |cpio |cpp_httplib |cronie | -| cryptsetup |cups |curl |cvs |darkhttpd |dav1d |davfs2 | -| dbus |debianutils |dhclient |dhcpcd |dhcpd |djvulibre |dlt_daemon | -| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot | -| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs | -| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd | -| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp | -| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf | -| gettext |ghostscript |gimp |git |glib |glibc |gmp | -| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick | -| grep |grub2 |gsasl |gstreamer |guile |gupnp |gvfs | -| gzip |haproxy |harfbuzz |haserl |hdf5 |heimdal |hostapd | -| hunspell |hwloc |i2pd |icecast |icu |imagemagick |indent | -| inetutils |iperf3 |ipmitool |ipsec_tools |iptables |irssi |iucode_tool | -| iwd |jack2 |jacksondatabind |janus |jasper |jhead |jq | -| json_c |kbd |keepalived |kerberos |kexectools |kodi |kubernetes | -| ldns |lftp |libarchive |libass |libbpg |libcoap |libconfuse | -| libcurl |libdb |libde265 |libebml |libevent |libexpat |libgcrypt | -| libgd |libgit2 |libheif |libical |libidn2 |libinput |libjpeg | -| libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd |libmodbus | -| libnss |libopenmpt |libpcap |libraw |libreoffice |libreswan |librsvg | -| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp | -| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv | -| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml | -| libyang |lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip | -| lua |luajit |lxc |lynx |lz4 |mailx |mariadb | -| mbedtls |mdadm |memcached |micropython |minetest |mini_httpd |minicom | -| minidlna |miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto | -| motion |mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf | -| mutt |mysql |nano |nasm |nbd |ncurses |neon | -| nessus |netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 | -| nginx |ngircd |nmap |node |ntfs_3g |ntp |ntpsec | -| oath_toolkit |open_iscsi |open_vm_tools |openafs |openblas |opencv |openjpeg | -| openldap |opensc |openssh |openssl |openswan |openvpn |openvswitch | -| orc |p7zip |pango |patch |pcre |pcre2 |pcsc_lite | -| perl |php |picocom |pigz |pixman |png |polarssl_fedora | -| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c | -| pspp |pure_ftpd |putty |python |qemu |qpdf |qt | -| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline | -| redis |rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc | -| rust |samba |sane_backends |sasl |sdl |seahorse |shadowsocks_libev | -| snapd |sngrep |snort |socat |sofia_sip |speex |spice | -| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel | -| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | -| tar |tbb |tcpdump |tcpreplay |terminology |tesseract |thrift | -| thttpd |thunderbird |timescaledb |tinyproxy |tor |toybox |tpm2_tss | -| traceroute |transmission |trousers |ttyd |twonky_server |u_boot |udisks | -| unbound |unixodbc |upx |util_linux |uwsgi |varnish |vim | -| vlc |vorbis_tools |vsftpd |wavpack |webkitgtk |wget |wireshark | -| wolfssl |wpa_supplicant |xerces |xml2 |xpdf |xscreensaver |xwayland | -| xz |yasm |zabbix |zchunk |zeek |zlib |znc | -| zsh |zstandard | | | | | | +| bro |bubblewrap |busybox |bwm_ng |bzip2 |c_ares |cairo | +| capnproto |ceph |cflow |chess |chrony |civetweb |clamav | +| clang |collectd |commons_compress |connman |coreutils |cpio |cpp_httplib | +| cronie |cryptsetup |cups |curl |cvs |darkhttpd |dav1d | +| davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd |djvulibre | +| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet | +| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils | +| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 | +| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius | +| freerdp |fribidi |frr |gawk |gcc |gdal |gdb | +| gdk_pixbuf |gettext |ghostscript |gimp |git |glib |glibc | +| gmp |gnomeshell |gnupg |gnutls |go |gpgme |gpsd | +| graphicsmagick |grep |grub2 |gsasl |gstreamer |guile |gupnp | +| gvfs |gzip |haproxy |harfbuzz |haserl |hdf5 |heimdal | +| hostapd |hunspell |hwloc |i2pd |icecast |icu |imagemagick | +| indent |inetutils |iperf3 |ipmitool |ipsec_tools |iptables |irssi | +| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead | +| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi | +| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap | +| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat | +| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput | +| libjpeg |libjpeg_turbo |libksba |liblas |liblouis |libmatroska |libmemcached | +| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |libreoffice | +| libreswan |librsvg |librsync |libsamplerate |libseccomp |libsndfile |libsolv | +| libsoup |libsrtp |libssh |libssh2 |libtasn1 |libtiff |libtomcrypt | +| libupnp |libuv |libvips |libvirt |libvncserver |libvorbis |libvpx | +| libxslt |libyaml |libyang |lighttpd |linux_kernel |linuxptp |lldpd | +| logrotate |lrzip |lua |luajit |lxc |lynx |lz4 | +| mailx |mariadb |mbedtls |mdadm |memcached |micropython |minetest | +| mini_httpd |minicom |minidlna |miniupnpc |miniupnpd |moby |modsecurity | +| monit |mosquitto |motion |mp4v2 |mpg123 |mpv |msmtp | +| mtr |mupdf |mutt |mysql |nano |nasm |nbd | +| ncurses |neon |nessus |netatalk |netdata |netkit_ftp |netpbm | +| nettle |nghttp2 |nginx |ngircd |nmap |node |ntfs_3g | +| ntp |ntpsec |oath_toolkit |open_iscsi |open_vm_tools |openafs |openblas | +| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan | +| openvpn |openvswitch |orc |p7zip |pango |patch |pcre | +| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman | +| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng | +| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu | +| qpdf |qt |quagga |radare2 |radvd |raptor |rauc | +| rdesktop |readline |redis |rpm |rsync |rsyslog |rtl_433 | +| rtmpdump |runc |rust |samba |sane_backends |sasl |sdl | +| seahorse |shadowsocks_libev |snapd |sngrep |snort |socat |sofia_sip | +| speex |spice |sqlite |squashfs |squid |sslh |stellarium | +| strongswan |stunnel |subversion |sudo |suricata |sylpheed |syslogng | +| sysstat |systemd |tar |tbb |tcpdump |tcpreplay |terminology | +| tesseract |thrift |thttpd |thunderbird |timescaledb |tinyproxy |tor | +| toybox |tpm2_tss |traceroute |transmission |trousers |ttyd |twonky_server | +| u_boot |udisks |unbound |unixodbc |upx |util_linux |uwsgi | +| varnish |vim |vlc |vorbis_tools |vsftpd |wavpack |webkitgtk | +| wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xpdf | +| xscreensaver |xwayland |xz |yasm |zabbix |zchunk |zeek | +| zlib |znc |zsh |zstandard | | | | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index c88493618d..e373c591aa 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -50,6 +50,7 @@ "bwm_ng", "bzip2", "c_ares", + "cairo", "capnproto", "ceph", "cflow", @@ -194,6 +195,7 @@ "libjpeg_turbo", "libksba", "liblas", + "liblouis", "libmatroska", "libmemcached", "libmicrohttpd", @@ -337,6 +339,7 @@ "rtmpdump", "rsync", "rsyslog", + "ruby", "runc", "rust", "samba", diff --git a/cve_bin_tool/checkers/cairo.py b/cve_bin_tool/checkers/cairo.py new file mode 100644 index 0000000000..036271d3ed --- /dev/null +++ b/cve_bin_tool/checkers/cairo.py @@ -0,0 +1,21 @@ +# Copyright (C) 2025 Keysight Technologies +# SPDX-License-Identifier: GPL-3.0-or-later + +""" +CVE checker for cairo + +https://www.cvedetails.com/version-list/12652/24854/1/Cairographics-Cairo.html + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class CairoChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [r"/cairo-([0-9]+\.[0-9]+\.[0-9]+)/"] + VENDOR_PRODUCT = [ + ("cairographics", "cairo"), + ] diff --git a/cve_bin_tool/checkers/liblouis.py b/cve_bin_tool/checkers/liblouis.py new file mode 100644 index 0000000000..7fe79a9fa1 --- /dev/null +++ b/cve_bin_tool/checkers/liblouis.py @@ -0,0 +1,22 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for liblouis + +https://www.cvedetails.com/product/39891/Liblouis-Liblouis.html?vendor_id=16875 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class LiblouisChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"liblouis[a-zA-Z0-9:%/'_=,@ \-\"\\\(\)\.\r\n]*\r?\n([0-9]+\.[0-9]+\.[0-9]+)" + ] + VENDOR_PRODUCT = [("liblouis", "liblouis")] diff --git a/cve_bin_tool/checkers/perl.py b/cve_bin_tool/checkers/perl.py index 8ab7ca4270..3020f3ff99 100644 --- a/cve_bin_tool/checkers/perl.py +++ b/cve_bin_tool/checkers/perl.py @@ -18,7 +18,7 @@ class PerlChecker(Checker): CONTAINS_PATTERNS: list[str] = [] FILENAME_PATTERNS: list[str] = [] VERSION_PATTERNS = [ - r"perl/([0-9]+\.[0-9]+\.[0-9]+)", + r"perl/([0-9]+\.[0-9]+\.[0-9]+)\r?\n", r"PERL[A-Z_]*\r?\nv([0-9]+\.[0-9]+\.[0-9]+)", ] VENDOR_PRODUCT = [ diff --git a/cve_bin_tool/checkers/ruby.py b/cve_bin_tool/checkers/ruby.py new file mode 100644 index 0000000000..ab82593359 --- /dev/null +++ b/cve_bin_tool/checkers/ruby.py @@ -0,0 +1,20 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for ruby + +https://www.cvedetails.com/product/12215/Ruby-lang-Ruby.html?vendor_id=7252 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class RubyChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [r"ruby ([0-9]+\.[0-9]+\.[0-9]+)"] + VENDOR_PRODUCT = [("ruby-lang", "ruby")] diff --git a/cve_bin_tool/sbom_manager/generate.py b/cve_bin_tool/sbom_manager/generate.py index fbbec68429..aa87d0b5ad 100644 --- a/cve_bin_tool/sbom_manager/generate.py +++ b/cve_bin_tool/sbom_manager/generate.py @@ -72,7 +72,9 @@ def generate_sbom(self) -> None: # Add dependent products for product_data in self.all_product_data: my_package.initialise() - my_package.set_name(product_data.product) + # vendor prepended to product to handle product with multiple vendors + package_name = f"{product_data.vendor}-{product_data.product}" + my_package.set_name(package_name) my_package.set_version(product_data.version) if product_data.vendor.casefold() != "UNKNOWN".casefold(): my_package.set_supplier("Organization", product_data.vendor) @@ -90,9 +92,7 @@ def generate_sbom(self) -> None: (my_package.get_name(), my_package.get_value("version")) ] = my_package.get_package() sbom_relationship.initialise() - sbom_relationship.set_relationship( - root_package, "DEPENDS_ON", product_data.product - ) + sbom_relationship.set_relationship(root_package, "DEPENDS_ON", package_name) sbom_relationships.append(sbom_relationship.get_relationship()) # Generate SBOM diff --git a/dev-requirements.txt b/dev-requirements.txt index 980469ec2b..43021f9985 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -3,7 +3,7 @@ black==24.8.0; python_version <= "3.8" isort; python_version < "3.8" isort==5.13.2; python_version >= "3.8" pre-commit; python_version <= "3.8" -pre-commit==4.0.1; python_version > "3.8" +pre-commit==4.1.0; python_version > "3.8" codespell==1.16.0 flake8; python_version < "3.8" flake8==7.1.1; python_version >= "3.8" diff --git a/doc/MANUAL.md b/doc/MANUAL.md index c090305b4f..1346eee6cf 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -242,64 +242,64 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |---------------- |------------------ |----------- |------------- |------------- |----------------- | +|--------------- |----------------- |------------------ |--------------- |------------- |----------- |------------- | | accountsservice |acpid |apache_http_server |apcupsd |apparmor |apr |asn1c | | assimp |asterisk |atftp |avahi |axel |bash |bind | | binutils |bird |bison |bluez |boa |boinc |botan | -| bro |bubblewrap |busybox |bwm_ng |bzip2 |c_ares |capnproto | -| ceph |cflow |chess |chrony |civetweb |clamav |clang | -| collectd |commons_compress |connman |coreutils |cpio |cpp_httplib |cronie | -| cryptsetup |cups |curl |cvs |darkhttpd |dav1d |davfs2 | -| dbus |debianutils |dhclient |dhcpcd |dhcpd |djvulibre |dlt_daemon | -| dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet |dovecot | -| doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils |emacs | -| enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 |fastd | -| ffmpeg |file |firefox |flac |fluidsynth |freeradius |freerdp | -| fribidi |frr |gawk |gcc |gdal |gdb |gdk_pixbuf | -| gettext |ghostscript |gimp |git |glib |glibc |gmp | -| gnomeshell |gnupg |gnutls |go |gpgme |gpsd |graphicsmagick | -| grep |grub2 |gsasl |gstreamer |guile |gupnp |gvfs | -| gzip |haproxy |harfbuzz |haserl |hdf5 |heimdal |hostapd | -| hunspell |hwloc |i2pd |icecast |icu |imagemagick |indent | -| inetutils |iperf3 |ipmitool |ipsec_tools |iptables |irssi |iucode_tool | -| iwd |jack2 |jacksondatabind |janus |jasper |jhead |jq | -| json_c |kbd |keepalived |kerberos |kexectools |kodi |kubernetes | -| ldns |lftp |libarchive |libass |libbpg |libcoap |libconfuse | -| libcurl |libdb |libde265 |libebml |libevent |libexpat |libgcrypt | -| libgd |libgit2 |libheif |libical |libidn2 |libinput |libjpeg | -| libjpeg_turbo |libksba |liblas |libmatroska |libmemcached |libmicrohttpd |libmodbus | -| libnss |libopenmpt |libpcap |libraw |libreoffice |libreswan |librsvg | -| librsync |libsamplerate |libseccomp |libsndfile |libsolv |libsoup |libsrtp | -| libssh |libssh2 |libtasn1 |libtiff |libtomcrypt |libupnp |libuv | -| libvips |libvirt |libvncserver |libvorbis |libvpx |libxslt |libyaml | -| libyang |lighttpd |linux_kernel |linuxptp |lldpd |logrotate |lrzip | -| lua |luajit |lxc |lynx |lz4 |mailx |mariadb | -| mbedtls |mdadm |memcached |micropython |minetest |mini_httpd |minicom | -| minidlna |miniupnpc |miniupnpd |moby |modsecurity |monit |mosquitto | -| motion |mp4v2 |mpg123 |mpv |msmtp |mtr |mupdf | -| mutt |mysql |nano |nasm |nbd |ncurses |neon | -| nessus |netatalk |netdata |netkit_ftp |netpbm |nettle |nghttp2 | -| nginx |ngircd |nmap |node |ntfs_3g |ntp |ntpsec | -| oath_toolkit |open_iscsi |open_vm_tools |openafs |openblas |opencv |openjpeg | -| openldap |opensc |openssh |openssl |openswan |openvpn |openvswitch | -| orc |p7zip |pango |patch |pcre |pcre2 |pcsc_lite | -| perl |php |picocom |pigz |pixman |png |polarssl_fedora | -| poppler |postgresql |ppp |privoxy |procps_ng |proftpd |protobuf_c | -| pspp |pure_ftpd |putty |python |qemu |qpdf |qt | -| quagga |radare2 |radvd |raptor |rauc |rdesktop |readline | -| redis |rpm |rsync |rsyslog |rtl_433 |rtmpdump |runc | -| rust |samba |sane_backends |sasl |sdl |seahorse |shadowsocks_libev | -| snapd |sngrep |snort |socat |sofia_sip |speex |spice | -| sqlite |squashfs |squid |sslh |stellarium |strongswan |stunnel | -| subversion |sudo |suricata |sylpheed |syslogng |sysstat |systemd | -| tar |tbb |tcpdump |tcpreplay |terminology |tesseract |thrift | -| thttpd |thunderbird |timescaledb |tinyproxy |tor |toybox |tpm2_tss | -| traceroute |transmission |trousers |ttyd |twonky_server |u_boot |udisks | -| unbound |unixodbc |upx |util_linux |uwsgi |varnish |vim | -| vlc |vorbis_tools |vsftpd |wavpack |webkitgtk |wget |wireshark | -| wolfssl |wpa_supplicant |xerces |xml2 |xpdf |xscreensaver |xwayland | -| xz |yasm |zabbix |zchunk |zeek |zlib |znc | -| zsh |zstandard | | | | | | +| bro |bubblewrap |busybox |bwm_ng |bzip2 |c_ares |cairo | +| capnproto |ceph |cflow |chess |chrony |civetweb |clamav | +| clang |collectd |commons_compress |connman |coreutils |cpio |cpp_httplib | +| cronie |cryptsetup |cups |curl |cvs |darkhttpd |dav1d | +| davfs2 |dbus |debianutils |dhclient |dhcpcd |dhcpd |djvulibre | +| dlt_daemon |dmidecode |dnsmasq |docker |domoticz |dosfstools |dotnet | +| dovecot |doxygen |dpkg |dropbear |e2fsprogs |ed |elfutils | +| emacs |enscript |exfatprogs |exim |exiv2 |f2fs_tools |faad2 | +| fastd |ffmpeg |file |firefox |flac |fluidsynth |freeradius | +| freerdp |fribidi |frr |gawk |gcc |gdal |gdb | +| gdk_pixbuf |gettext |ghostscript |gimp |git |glib |glibc | +| gmp |gnomeshell |gnupg |gnutls |go |gpgme |gpsd | +| graphicsmagick |grep |grub2 |gsasl |gstreamer |guile |gupnp | +| gvfs |gzip |haproxy |harfbuzz |haserl |hdf5 |heimdal | +| hostapd |hunspell |hwloc |i2pd |icecast |icu |imagemagick | +| indent |inetutils |iperf3 |ipmitool |ipsec_tools |iptables |irssi | +| iucode_tool |iwd |jack2 |jacksondatabind |janus |jasper |jhead | +| jq |json_c |kbd |keepalived |kerberos |kexectools |kodi | +| kubernetes |ldns |lftp |libarchive |libass |libbpg |libcoap | +| libconfuse |libcurl |libdb |libde265 |libebml |libevent |libexpat | +| libgcrypt |libgd |libgit2 |libheif |libical |libidn2 |libinput | +| libjpeg |libjpeg_turbo |libksba |liblas |liblouis |libmatroska |libmemcached | +| libmicrohttpd |libmodbus |libnss |libopenmpt |libpcap |libraw |libreoffice | +| libreswan |librsvg |librsync |libsamplerate |libseccomp |libsndfile |libsolv | +| libsoup |libsrtp |libssh |libssh2 |libtasn1 |libtiff |libtomcrypt | +| libupnp |libuv |libvips |libvirt |libvncserver |libvorbis |libvpx | +| libxslt |libyaml |libyang |lighttpd |linux_kernel |linuxptp |lldpd | +| logrotate |lrzip |lua |luajit |lxc |lynx |lz4 | +| mailx |mariadb |mbedtls |mdadm |memcached |micropython |minetest | +| mini_httpd |minicom |minidlna |miniupnpc |miniupnpd |moby |modsecurity | +| monit |mosquitto |motion |mp4v2 |mpg123 |mpv |msmtp | +| mtr |mupdf |mutt |mysql |nano |nasm |nbd | +| ncurses |neon |nessus |netatalk |netdata |netkit_ftp |netpbm | +| nettle |nghttp2 |nginx |ngircd |nmap |node |ntfs_3g | +| ntp |ntpsec |oath_toolkit |open_iscsi |open_vm_tools |openafs |openblas | +| opencv |openjpeg |openldap |opensc |openssh |openssl |openswan | +| openvpn |openvswitch |orc |p7zip |pango |patch |pcre | +| pcre2 |pcsc_lite |perl |php |picocom |pigz |pixman | +| png |polarssl_fedora |poppler |postgresql |ppp |privoxy |procps_ng | +| proftpd |protobuf_c |pspp |pure_ftpd |putty |python |qemu | +| qpdf |qt |quagga |radare2 |radvd |raptor |rauc | +| rdesktop |readline |redis |rpm |rsync |rsyslog |rtl_433 | +| rtmpdump |runc |rust |samba |sane_backends |sasl |sdl | +| seahorse |shadowsocks_libev |snapd |sngrep |snort |socat |sofia_sip | +| speex |spice |sqlite |squashfs |squid |sslh |stellarium | +| strongswan |stunnel |subversion |sudo |suricata |sylpheed |syslogng | +| sysstat |systemd |tar |tbb |tcpdump |tcpreplay |terminology | +| tesseract |thrift |thttpd |thunderbird |timescaledb |tinyproxy |tor | +| toybox |tpm2_tss |traceroute |transmission |trousers |ttyd |twonky_server | +| u_boot |udisks |unbound |unixodbc |upx |util_linux |uwsgi | +| varnish |vim |vlc |vorbis_tools |vsftpd |wavpack |webkitgtk | +| wget |wireshark |wolfssl |wpa_supplicant |xerces |xml2 |xpdf | +| xscreensaver |xwayland |xz |yasm |zabbix |zchunk |zeek | +| zlib |znc |zsh |zstandard | | | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/test/condensed-downloads/liblouis-3.28.0-8.fc42.aarch64.rpm.tar.gz b/test/condensed-downloads/liblouis-3.28.0-8.fc42.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..019a8d89f6 Binary files /dev/null and b/test/condensed-downloads/liblouis-3.28.0-8.fc42.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/liblouis-3.29.0-r0.apk.tar.gz b/test/condensed-downloads/liblouis-3.29.0-r0.apk.tar.gz new file mode 100644 index 0000000000..5d19e59f16 Binary files /dev/null and b/test/condensed-downloads/liblouis-3.29.0-r0.apk.tar.gz differ diff --git a/test/condensed-downloads/liblouis17_3.8.0-2_amd64.deb.tar.gz b/test/condensed-downloads/liblouis17_3.8.0-2_amd64.deb.tar.gz new file mode 100644 index 0000000000..34aa12b405 Binary files /dev/null and b/test/condensed-downloads/liblouis17_3.8.0-2_amd64.deb.tar.gz differ diff --git a/test/condensed-downloads/libruby2.5_2.5.5-3+deb10u4_amd64.deb.tar.gz b/test/condensed-downloads/libruby2.5_2.5.5-3+deb10u4_amd64.deb.tar.gz new file mode 100644 index 0000000000..28a5078848 Binary files /dev/null and b/test/condensed-downloads/libruby2.5_2.5.5-3+deb10u4_amd64.deb.tar.gz differ diff --git a/test/condensed-downloads/libruby2.6_2.6.10-1_x86_64.ipk.tar.gz b/test/condensed-downloads/libruby2.6_2.6.10-1_x86_64.ipk.tar.gz new file mode 100644 index 0000000000..dc4cd0c691 Binary files /dev/null and b/test/condensed-downloads/libruby2.6_2.6.10-1_x86_64.ipk.tar.gz differ diff --git a/test/condensed-downloads/mingw-w64-ucrt-x86_64-cairo-1.18.2-2-any.pkg.tar.zst.tar.gz b/test/condensed-downloads/mingw-w64-ucrt-x86_64-cairo-1.18.2-2-any.pkg.tar.zst.tar.gz new file mode 100644 index 0000000000..b49b037b64 Binary files /dev/null and b/test/condensed-downloads/mingw-w64-ucrt-x86_64-cairo-1.18.2-2-any.pkg.tar.zst.tar.gz differ diff --git a/test/condensed-downloads/ruby-libs-2.6.8-r0.apk.tar.gz b/test/condensed-downloads/ruby-libs-2.6.8-r0.apk.tar.gz new file mode 100644 index 0000000000..99ac7177f1 Binary files /dev/null and b/test/condensed-downloads/ruby-libs-2.6.8-r0.apk.tar.gz differ diff --git a/test/condensed-downloads/ruby-libs-3.4.2-23.fc43.aarch64.rpm.tar.gz b/test/condensed-downloads/ruby-libs-3.4.2-23.fc43.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..3ca7ad0e39 Binary files /dev/null and b/test/condensed-downloads/ruby-libs-3.4.2-23.fc43.aarch64.rpm.tar.gz differ diff --git a/test/test_data/cairo.py b/test/test_data/cairo.py new file mode 100644 index 0000000000..21a672cede --- /dev/null +++ b/test/test_data/cairo.py @@ -0,0 +1,18 @@ +# Copyright (C) 2025 Keysight Technologies +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "cairo", + "version": "1.16.0", + "version_strings": ["../../cairo-1.16.0/src/cairo-analysis-surface.c"], + } +] +package_test_data = [ + { + "url": "https://mirror.msys2.org/mingw/ucrt64/", + "package_name": "mingw-w64-ucrt-x86_64-cairo-1.18.2-2-any.pkg.tar.zst", + "product": "cairo", + "version": "1.18.2", + }, +] diff --git a/test/test_data/liblouis.py b/test/test_data/liblouis.py new file mode 100644 index 0000000000..342407a4de --- /dev/null +++ b/test/test_data/liblouis.py @@ -0,0 +1,26 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + {"product": "liblouis", "version": "3.8.0", "version_strings": ["liblouis\n3.8.0"]} +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/l/", + "package_name": "liblouis-3.28.0-8.fc42.aarch64.rpm", + "product": "liblouis", + "version": "3.28.0", + }, + { + "url": "http://ftp.debian.org/debian/pool/main/libl/liblouis/", + "package_name": "liblouis17_3.8.0-2_amd64.deb", + "product": "liblouis", + "version": "3.8.0", + }, + { + "url": "https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86/", + "package_name": "liblouis-3.29.0-r0.apk", + "product": "liblouis", + "version": "3.29.0", + }, +] diff --git a/test/test_data/ruby.py b/test/test_data/ruby.py new file mode 100644 index 0000000000..df7eb7aad2 --- /dev/null +++ b/test/test_data/ruby.py @@ -0,0 +1,33 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + {"product": "ruby", "version": "2.6.8", "version_strings": ["ruby 2.6.8"]} +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/r/", + "package_name": "ruby-libs-3.4.2-23.fc43.aarch64.rpm", + "product": "ruby", + "version": "3.4.2", + "other_products": ["rust"], + }, + { + "url": "http://ftp.debian.org/debian/pool/main/r/ruby2.5/", + "package_name": "libruby2.5_2.5.5-3+deb10u4_amd64.deb", + "product": "ruby", + "version": "2.5.5", + }, + { + "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", + "package_name": "libruby2.6_2.6.10-1_x86_64.ipk", + "product": "ruby", + "version": "2.6.10", + }, + { + "url": "https://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/", + "package_name": "ruby-libs-2.6.8-r0.apk", + "product": "ruby", + "version": "2.6.8", + }, +] diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 7ea74912ab..45bcc51cdb 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -984,7 +984,8 @@ def test_generate_sbom(self): # Check if set_name is called for each product expected_calls = [ - call(product.product) for product in self.all_product_data + call(f"{product.vendor}-{product.product}") + for product in self.all_product_data ] mock_package_instance.set_name.assert_has_calls( expected_calls, any_order=True