feat(checker): add jq checker (intel#3636)

Signed-off-by: Fabrice Fontaine <[email protected]>

Author: ffontaine

cve_bin_tool/checkers/__init__.py

@@ -132,6 +132,7 @@
     "jacksondatabind",
     "janus",
     "jhead",
+    "jq",
     "json_c",
     "kbd",
     "keepalived",

cve_bin_tool/checkers/jq.py

@@ -0,0 +1,21 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for jq
+
+https://www.cvedetails.com/product/33780/Jq-Project-JQ.html?vendor_id=15837
+https://www.cvedetails.com/product/166422/Jqlang-JQ.html?vendor_id=33921
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class JqChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [r"([0-9]+\.[0-9]+)[a-zA-Z0-9:\-\r\n]*jq"]
+    VENDOR_PRODUCT = [("jq_project", "jq"), ("jqlang", "jq")]

test/condensed-downloads/jq-1.6-17.fc39.aarch64.rpm.tar.gz

@@ -0,0 +1,26 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {"product": "jq", "version": "1.5", "version_strings": ["1.5\njq:"]}
+]
+package_test_data = [
+    {
+        "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/j/",
+        "package_name": "jq-1.6-17.fc39.aarch64.rpm",
+        "product": "jq",
+        "version": "1.6",
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/",
+        "package_name": "jq_1.5+dfsg-2+b1_amd64.deb",
+        "product": "jq",
+        "version": "1.5",
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "jq_1.6-1_x86_64.ipk",
+        "product": "jq",
+        "version": "1.6",
+    },
+]