fix: improve nghttp2 checker (#2991)

ffontaine · terriko · web-flow · commit 2bb8032a40c4 · 2023-06-21T10:53:41.000-07:00
* fix: improve nghttp2 checker

Improve nghttp2 checker to avoid false positives with node and
wireshark binaries which link dynamically with nghttp2 library (and
save the associated version number)

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;

* chore: merge conflict resolution

---------

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
Co-authored-by: Terri Oda &lt;terri.oda@intel.com&gt;
diff --git a/cve_bin_tool/checkers/nghttp2.py b/cve_bin_tool/checkers/nghttp2.py
@@ -18,6 +18,6 @@ class Nghttp2Checker(Checker):
     FILENAME_PATTERNS: list[str] = []
     VERSION_PATTERNS = [
         r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",
-        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",
     ]
     VENDOR_PRODUCT = [("nghttp2", "nghttp2")]
diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py
@@ -3,7 +3,11 @@
 
 mapping_test_data = [
     {"product": "nghttp2", "version": "1.50.0", "version_strings": ["nghttp2/1.50.0"]},
-    {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2"]},
+    {
+        "product": "nghttp2",
+        "version": "1.18.1",
+        "version_strings": ["1.18.1\nnghttp2-"],
+    },
 ]
 package_test_data = [
     {
diff --git a/test/test_data/node.py b/test/test_data/node.py
@@ -27,6 +27,5 @@
         "package_name": "node_v8.16.1-1_x86_64.ipk",
         "product": "node.js",
         "version": "8.16.1",
-        "other_products": ["nghttp2"],
     },
 ]
diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py
@@ -40,6 +40,6 @@
         "package_name": "libwireshark16_4.0.3-1_amd64.deb",
         "product": "wireshark",
         "version": "4.0.3",
-        "other_products": ["lua", "nghttp2"],
+        "other_products": ["lua"],
     },
 ]

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ class Nghttp2Checker(Checker):`
`18`	`18`	`FILENAME_PATTERNS: list[str] = []`
`19`	`19`	`VERSION_PATTERNS = [`
`20`	`20`	`r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",`
`21`		`- r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2",`
	`21`	`+ r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",`
`22`	`22`	`]`
`23`	`23`	`VENDOR_PRODUCT = [("nghttp2", "nghttp2")]`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,11 @@`
`3`	`3`
`4`	`4`	`mapping_test_data = [`
`5`	`5`	`{"product": "nghttp2", "version": "1.50.0", "version_strings": ["nghttp2/1.50.0"]},`
`6`		`- {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2"]},`
	`6`	`+ {`
	`7`	`+ "product": "nghttp2",`
	`8`	`+ "version": "1.18.1",`
	`9`	`+ "version_strings": ["1.18.1\nnghttp2-"],`
	`10`	`+ },`
`7`	`11`	`]`
`8`	`12`	`package_test_data = [`
`9`	`13`	`{`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,5 @@`
`27`	`27`	`"package_name": "node_v8.16.1-1_x86_64.ipk",`
`28`	`28`	`"product": "node.js",`
`29`	`29`	`"version": "8.16.1",`
`30`		`- "other_products": ["nghttp2"],`
`31`	`30`	`},`
`32`	`31`	`]`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,6 @@`
`40`	`40`	`"package_name": "libwireshark16_4.0.3-1_amd64.deb",`
`41`	`41`	`"product": "wireshark",`
`42`	`42`	`"version": "4.0.3",`
`43`		`- "other_products": ["lua", "nghttp2"],`
	`43`	`+ "other_products": ["lua"],`
`44`	`44`	`},`
`45`	`45`	`]`