diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index e3ff1f0b15..3abed117b6 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -180,6 +180,7 @@ liblas libnss libpng libraryname +librsvg libsndfile libsoup libsqlite diff --git a/README.md b/README.md index 5c01ed9639..91b329856d 100644 --- a/README.md +++ b/README.md @@ -194,7 +194,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |--------- |------------- |---------- |------------- |---------- |------------ | +|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -202,15 +202,15 @@ The following checkers are available for finding components in binary files: | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver | -| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached | -| mtr |mysql |nano |ncurses |nessus |netpbm |nginx | -| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh | -| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png | -| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 | -| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo | -| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark | -| wpa_supplicant |xerces |xml2 |zlib |zsh | | | +| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | +| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | +| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | +| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | +| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | +| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | +| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | +| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | +| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index fd7938a1b0..f34a6a39d6 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -60,6 +60,7 @@ "libjpeg_turbo", "liblas", "libnss", + "librsvg", "libsndfile", "libsoup", "libsrtp", diff --git a/cve_bin_tool/checkers/librsvg.py b/cve_bin_tool/checkers/librsvg.py new file mode 100644 index 0000000000..869f70a29c --- /dev/null +++ b/cve_bin_tool/checkers/librsvg.py @@ -0,0 +1,18 @@ +# Copyright (C) 2022 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +""" +CVE checker for librsvg + +https://www.cvedetails.com/vulnerability-list/vendor_id-283/product_id-23082/Gnome-Librsvg.html + +""" + +from cve_bin_tool.checkers import Checker + + +class LibrsvgChecker(Checker): + CONTAINS_PATTERNS = [] + FILENAME_PATTERNS = [r"librsvg"] + VERSION_PATTERNS = [r"librsvg[0-9]?-([0-9]+\.[0-9]+\.[0-9]+)"] + VENDOR_PRODUCT = [("gnome", "librsvg")] diff --git a/doc/MANUAL.md b/doc/MANUAL.md index fb7e573fa9..38318c0d7c 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -118,7 +118,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |--------- |------------- |---------- |------------- |---------- |------------ | +|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -126,15 +126,15 @@ which is useful if you're trying the latest code from | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver | -| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached | -| mtr |mysql |nano |ncurses |nessus |netpbm |nginx | -| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh | -| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png | -| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 | -| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo | -| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark | -| wpa_supplicant |xerces |xml2 |zlib |zsh | | | +| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | +| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | +| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | +| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | +| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | +| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | +| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | +| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | +| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/test/condensed-downloads/librsvg-2-2-2.46.5-3.3.1.aarch64.rpm.tar.gz b/test/condensed-downloads/librsvg-2-2-2.46.5-3.3.1.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..73b945541d Binary files /dev/null and b/test/condensed-downloads/librsvg-2-2-2.46.5-3.3.1.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/librsvg2-2.50.7-2.fc35.aarch64.rpm.tar.gz b/test/condensed-downloads/librsvg2-2.50.7-2.fc35.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..8fade29741 Binary files /dev/null and b/test/condensed-downloads/librsvg2-2.50.7-2.fc35.aarch64.rpm.tar.gz differ diff --git a/test/test_data/librsvg.py b/test/test_data/librsvg.py new file mode 100644 index 0000000000..83ce25d4aa --- /dev/null +++ b/test/test_data/librsvg.py @@ -0,0 +1,29 @@ +# Copyright (C) 2022 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "librsvg", + "version": "2.46.5", + "version_strings": ["librsvg-2.46.5"], + }, + { + "product": "librsvg", + "version": "2.50.7", + "version_strings": ["librsvg2-2.50.7"], + }, +] +package_test_data = [ + { + "url": "https://ftp.lysator.liu.se/pub/opensuse/distribution/leap/15.3/repo/oss/aarch64/", + "package_name": "librsvg-2-2-2.46.5-3.3.1.aarch64.rpm", + "product": "librsvg", + "version": "2.46.5", + }, + { + "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/35/Everything/aarch64/os/Packages/l/", + "package_name": "librsvg2-2.50.7-2.fc35.aarch64.rpm", + "product": "librsvg", + "version": "2.50.7", + }, +]