fix: improve nghttp2 checker

ffontaine · ffontaine · commit c5e26a80fb69 · 2023-05-10T11:01:26.000+02:00
Improve nghttp2 checker to avoid false positives with node and
wireshark binaries which links dynamically with nghttp2 library (and
saves the associated version number)

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/nghttp2.py b/cve_bin_tool/checkers/nghttp2.py
@@ -18,6 +18,6 @@ class Nghttp2Checker(Checker):
     FILENAME_PATTERNS: list[str] = []
     VERSION_PATTERNS = [
         r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",
-        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",
     ]
     VENDOR_PRODUCT = [("nghttp2", "nghttp2")]
diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py
@@ -3,7 +3,7 @@
 
 mapping_test_data = [
     {"product": "nghttp2", "version": "1.50.0", "version_strings": ["nghttp2/1.50.0"]},
-    {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2"]},
+    {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2-"]},
 ]
 package_test_data = [
     {
diff --git a/test/test_data/node.py b/test/test_data/node.py
@@ -28,6 +28,6 @@
         "package_name": "node_v8.16.1-1_x86_64.ipk",
         "product": "node.js",
         "version": "8.16.1",
-        "other_products": ["nghttp2", "openssl"],
+        "other_products": ["openssl"],
     },
 ]
diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py
@@ -40,6 +40,6 @@
         "package_name": "libwireshark16_4.0.3-1_amd64.deb",
         "product": "wireshark",
         "version": "4.0.3",
-        "other_products": ["lua", "nghttp2"],
+        "other_products": ["lua"],
     },
 ]

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ class Nghttp2Checker(Checker):`
`18`	`18`	`FILENAME_PATTERNS: list[str] = []`
`19`	`19`	`VERSION_PATTERNS = [`
`20`	`20`	`r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",`
`21`		`- r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2",`
	`21`	`+ r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",`
`22`	`22`	`]`
`23`	`23`	`VENDOR_PRODUCT = [("nghttp2", "nghttp2")]`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`mapping_test_data = [`
`5`	`5`	`{"product": "nghttp2", "version": "1.50.0", "version_strings": ["nghttp2/1.50.0"]},`
`6`		`- {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2"]},`
	`6`	`+ {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2-"]},`
`7`	`7`	`]`
`8`	`8`	`package_test_data = [`
`9`	`9`	`{`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,6 @@`
`28`	`28`	`"package_name": "node_v8.16.1-1_x86_64.ipk",`
`29`	`29`	`"product": "node.js",`
`30`	`30`	`"version": "8.16.1",`
`31`		`- "other_products": ["nghttp2", "openssl"],`
	`31`	`+ "other_products": ["openssl"],`
`32`	`32`	`},`
`33`	`33`	`]`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,6 @@`
`40`	`40`	`"package_name": "libwireshark16_4.0.3-1_amd64.deb",`
`41`	`41`	`"product": "wireshark",`
`42`	`42`	`"version": "4.0.3",`
`43`		`- "other_products": ["lua", "nghttp2"],`
	`43`	`+ "other_products": ["lua"],`
`44`	`44`	`},`
`45`	`45`	`]`