fix: improve kerberos checker

- Drop mit:kerberos and get_version as NVD NIST has deprecated this
  unusual versioning since January 2020:
  https://nvd.nist.gov/products/cpe/detail/335C9545-32F8-4473-97BD-636F1532525F?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Aa%3Amit%3Akerberos%3A5-1.5.1%3A*%3A*%3A*%3A*%3A*%3A*%3A*&status=FINAL%2CDEPRECATED
- Add debian and openwrt test packages

Signed-off-by: Fabrice Fontaine <[email protected]>

Author: ffontaine

cve_bin_tool/checkers/kerberos.py

@@ -6,7 +6,7 @@
 CVE checker for kerberos (CLI/library)
 
 References:
-https://www.cvedetails.com/vulnerability-list/vendor_id-42/product_id-61/MIT-Kerberos.html
+https://www.cvedetails.com/product/12666/MIT-Kerberos-5.html?vendor_id=42
 """
 from cve_bin_tool.checkers import Checker
 
@@ -18,27 +18,4 @@ class KerberosChecker(Checker):
         r"KRB5_BRAND: krb5-(\d+\.\d+\.?\d?)-final",
         r"kerberos 5[_-][apl-]*(1+\.[0-9]+(\.[0-9]+)*)",
     ]
-    VENDOR_PRODUCT = [("mit", "kerberos"), ("mit", "kerberos_5")]
-
-    def get_version(self, lines, filename):
-        version_info = super().get_version(lines, filename)
-
-        # currently we're only detecting kerberos 5, so return a double-version_info list
-        # if we ever detect kerberos that's not 5, this if statement will change
-        if "is_or_contains" in version_info:
-            version_info5 = [dict(), dict()]
-            version_info5[0] = version_info
-            version_info5[1] = dict()
-            version_info5[1]["is_or_contains"] = version_info["is_or_contains"]
-            version_info5[1]["productname"] = "kerberos_5"
-
-            # strip the leading "5-" off the version for 'kerberos_5' if there is one
-            # or conversely, add one to the 'kerberos' listing if there isn't
-            if version_info["version"][:2] == "5-":
-                version_info5[1]["version"] = version_info["version"][2:]
-            else:
-                version_info5[1]["version"] = version_info["version"]
-                version_info5[0]["version"] = "5-{}".format(version_info["version"])
-            return version_info5
-
-        return version_info
+    VENDOR_PRODUCT = [("mit", "kerberos_5")]

test/condensed-downloads/krb5-libs_1.17-2_x86_64.ipk.tar.gz

@@ -1,12 +1,10 @@
 # Copyright (C) 2021 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from __future__ import annotations
-
 mapping_test_data = [
     {
         "product": "kerberos",
-        "version": "5-1.15.1",
+        "version": "1.15.1",
         "version_strings": [
             "An unknown option was passed in to kerberos",
             "CLIENT kerberos 5-1.15.1",
@@ -15,12 +13,25 @@
     },
     {
         "product": "kerberos",
-        "version": "5-1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
+        "version": "1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
         "version_strings": [
             "An unknown option was passed in to kerberos",
             "CLIENT kerberos 5-1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
             "KRB5_BRAND: ",
         ],
     },
 ]
-package_test_data: list[dict] = []
+package_test_data = [
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/k/krb5/",
+        "package_name": "libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb",
+        "product": "kerberos",
+        "version": "1.12.1",
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "krb5-libs_1.17-2_x86_64.ipk",
+        "product": "kerberos",
+        "version": "1.17",
+    },
+]