fix: improve luajit checker (#2993)

Improve luajit checker to avoid false positive with snort binary which
links dynamically with luajit library (and saves the associated version
number)

Signed-off-by: Fabrice Fontaine <[email protected]>
Co-authored-by: Terri Oda <[email protected]>

Author: ffontaine

cve_bin_tool/checkers/luajit.py

@@ -16,5 +16,5 @@
 class LuajitChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS = [r"lua", r"luajit"]
-    VERSION_PATTERNS = [r"LuaJIT ([0-9]+\.[0-9]+\.[0-9]+)"]
+    VERSION_PATTERNS = [r"LuaJIT ([0-9]+\.[0-9]+\.[0-9]+)[a-z0-9\-]*(?: |\r?\njit)"]
     VENDOR_PRODUCT = [("luajit", "luajit")]

test/test_data/luajit.py

@@ -5,7 +5,7 @@
     {
         "product": "luajit",
         "version": "2.1.0",
-        "version_strings": ["LuaJIT 2.1.0-beta3"],
+        "version_strings": ["LuaJIT 2.1.0-beta3 "],
     },
 ]
 

test/test_data/snort.py

@@ -15,14 +15,12 @@
         "package_name": "snort-3.1.43.0-1-omv4090.aarch64.rpm",
         "product": "snort",
         "version": "3.1.43.0",
-        "other_products": ["luajit"],
     },
     {
         "url": "http://rpmfind.net/linux/openmandriva/cooker/repository/x86_64/unsupported/release/",
         "package_name": "snort-3.1.43.0-1-omv4090.x86_64.rpm",
         "product": "snort",
         "version": "3.1.43.0",
-        "other_products": ["luajit"],
     },
     {
         "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/",
@@ -47,6 +45,5 @@
         "package_name": "snort3_3.1.0.0-3_x86_64.ipk",
         "product": "snort",
         "version": "3.1.0.0",
-        "other_products": ["luajit"],
     },
 ]