Skip to content

Commit fcc099c

Browse files
ffontaineffontaine
authored
feat(checker): add libgd checker (#2978)
Signed-off-by: Fabrice Fontaine <[email protected]>
1 parent 393d239 commit fcc099c

File tree

6 files changed

+57
-0
lines changed

6 files changed

+57
-0
lines changed

cve_bin_tool/checkers/__init__.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,7 @@
136136
"libdb",
137137
"libebml",
138138
"libgcrypt",
139+
"libgd",
139140
"libgit2",
140141
"libical",
141142
"libidn2",

cve_bin_tool/checkers/libgd.py

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Copyright (C) 2023 Orange
2+
# SPDX-License-Identifier: GPL-3.0-or-later
3+
4+
5+
"""
6+
CVE checker for libgd
7+
8+
https://www.cvedetails.com/product/11233/Libgd-Libgd.html?vendor_id=6668
9+
https://www.cvedetails.com/product/11517/Libgd-Gd-Graphics-Library.html?vendor_id=6668
10+
https://www.cvedetails.com/product/117883/Gd-Graphics-Library-Project-Gd-Graphics-Library.html?vendor_id=27800
11+
12+
"""
13+
from __future__ import annotations
14+
15+
from cve_bin_tool.checkers import Checker
16+
17+
18+
class LibgdChecker(Checker):
19+
CONTAINS_PATTERNS: list[str] = []
20+
FILENAME_PATTERNS: list[str] = []
21+
VERSION_PATTERNS = [r"gd-tga:[a-zA-Z,'%!. \-\r\n]*([0-9]+\.[0-9]+\.[0-9]+)"]
22+
VENDOR_PRODUCT = [
23+
("libgd", "libgd"),
24+
("libgd", "gd_graphics_library"),
25+
("gd_graphics_library_project", "gd_graphics_library"),
26+
]

test/condensed-downloads/libgd3-2.3.3-6.mga9.armv7hl.rpm.tar.gz

9.97 KB
Binary file not shown.

test/condensed-downloads/libgd3_2.2.5-5.2_amd64.deb.tar.gz

32.8 KB
Binary file not shown.

test/condensed-downloads/libgd_2.2.5-2_x86_64.ipk.tar.gz

24.1 KB
Binary file not shown.

test/test_data/libgd.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
# Copyright (C) 2023 Orange
2+
# SPDX-License-Identifier: GPL-3.0-or-later
3+
4+
mapping_test_data = [
5+
{
6+
"product": "libgd",
7+
"version": "2.2.5",
8+
"version_strings": ["gd-tga: premature end of image data\n2.2.5"],
9+
}
10+
]
11+
package_test_data = [
12+
{
13+
"url": "http://rpmfind.net/linux/mageia/distrib/cauldron/armv7hl/media/core/release/",
14+
"package_name": "libgd3-2.3.3-6.mga9.armv7hl.rpm",
15+
"product": "libgd",
16+
"version": "2.3.3",
17+
},
18+
{
19+
"url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgd2/",
20+
"package_name": "libgd3_2.2.5-5.2_amd64.deb",
21+
"product": "libgd",
22+
"version": "2.2.5",
23+
},
24+
{
25+
"url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
26+
"package_name": "libgd_2.2.5-2_x86_64.ipk",
27+
"product": "libgd",
28+
"version": "2.2.5",
29+
},
30+
]

0 commit comments

Comments
 (0)