From 5121ca92df88cfa85a65d40206de1e85978d59d1 Mon Sep 17 00:00:00 2001 From: Yashu Garg Date: Fri, 18 Feb 2022 17:20:02 +0530 Subject: [PATCH] feat: added libseccomp checker --- .github/actions/spelling/allow.txt | 1 + README.md | 20 ++++++------ cve_bin_tool/checkers/__init__.py | 1 + cve_bin_tool/checkers/libseccomp.py | 18 +++++++++++ doc/MANUAL.md | 20 ++++++------ .../libseccomp-2.3.1-4.el7.x86_64.rpm.tar.gz | Bin 0 -> 3220 bytes .../libseccomp-2.5.0-4.fc34.x86_64.rpm.tar.gz | Bin 0 -> 4325 bytes test/test_data/libseccomp.py | 29 ++++++++++++++++++ 8 files changed, 69 insertions(+), 20 deletions(-) create mode 100644 cve_bin_tool/checkers/libseccomp.py create mode 100644 test/condensed-downloads/libseccomp-2.3.1-4.el7.x86_64.rpm.tar.gz create mode 100644 test/condensed-downloads/libseccomp-2.5.0-4.fc34.x86_64.rpm.tar.gz create mode 100644 test/test_data/libseccomp.py diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 3abed117b6..a62f7d9145 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -181,6 +181,7 @@ libnss libpng libraryname librsvg +libseccomp libsndfile libsoup libsqlite diff --git a/README.md b/README.md index c378e6cc2c..73e09d9ca1 100644 --- a/README.md +++ b/README.md @@ -194,7 +194,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- | +|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -202,15 +202,15 @@ The following checkers are available for finding components in binary files: | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | -| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | -| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | -| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | -| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | -| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | -| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | -| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | -| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | +| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff | +| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb | +| mdadm |memcached |mtr |mysql |nano |ncurses |nessus | +| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg | +| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite | +| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python | +| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan | +| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish | +| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index f34a6a39d6..546bd5dda9 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -61,6 +61,7 @@ "liblas", "libnss", "librsvg", + "libseccomp", "libsndfile", "libsoup", "libsrtp", diff --git a/cve_bin_tool/checkers/libseccomp.py b/cve_bin_tool/checkers/libseccomp.py new file mode 100644 index 0000000000..26d87ad9ba --- /dev/null +++ b/cve_bin_tool/checkers/libseccomp.py @@ -0,0 +1,18 @@ +# Copyright (C) 2022 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +""" +CVE checker for libseccomp + +https://www.cvedetails.com/vulnerability-list/vendor_id-19760/product_id-53398/Libseccomp-Project-Libseccomp.html +""" +from cve_bin_tool.checkers import Checker + + +class LibseccompChecker(Checker): + CONTAINS_PATTERNS = [] + FILENAME_PATTERNS = [r"libseccomp"] + VERSION_PATTERNS = [ + r"libseccomp.so.([0-9]+\.[0-9]+\.[0-9]+)" + ] # patterns like this aren't ideal + VENDOR_PRODUCT = [("libseccomp_project", "libseccomp")] diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 38318c0d7c..06148ee9e1 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -118,7 +118,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- | +|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -126,15 +126,15 @@ which is useful if you're trying the latest code from | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | -| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | -| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | -| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | -| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | -| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | -| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | -| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | -| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | +| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff | +| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb | +| mdadm |memcached |mtr |mysql |nano |ncurses |nessus | +| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg | +| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite | +| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python | +| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan | +| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish | +| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/test/condensed-downloads/libseccomp-2.3.1-4.el7.x86_64.rpm.tar.gz b/test/condensed-downloads/libseccomp-2.3.1-4.el7.x86_64.rpm.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..791b749faa7ba5dfc9eb13baba1d65427b18d8bc GIT binary patch literal 3220 zcmV;F3~TcriwFn-00002|7>Yub7f;=Z*6cbGA=VNF)cJMWo$PtcsMp+HZ(4BaBVJh zVR8WNSzC7-w-I*Qr{Y(v5;{kUPZ&{_6)}ur(V|l-rfeTavE9bbdbx`wH{6>6EJdbn z``7!;0J~h#P9A#FzC=7W=7PasFc@G4t4gac(qwvcNUfG(SY%~a7u|#I-EQyJ@AKQo z@96N5A%0u1ceKCX^jUuI;OOAsmbZWF|M07{2^6Nk^~e1E`{Crz?Qb5gm) zmp{H9z8bz31h$*u4^Z^Im@dB_iPgPPUov|nhOdV|2|EtRsN;>TC?rRaJQ?-F4@$bJ z>;N*6XBmel55(}r@cFszi8{L%&6uGtOy_uvW*=h)qYg`2!^Ul?-4;F`sQpSfv1?M3 z{u(`RkE_Q+@!ab__jJ2=+}G%()`;(q&1ZI5=VE_6c#aMSj)#L3X1v<=!f_8)?)JoG z=NP`-*hxFF>e*#XI#4j`oD%PJR5$anc-471!LF>_uC$DLMJwlKLXGprsdG7;aORD} zkvKE2udTF&TEQOF!!Wc@hiKl6Vd$G4*-aCVMzvYxc}ND2tzDzeOSZK?>g)<`Mr6Rd z&hA4RyHDFSCWBs5<4webob&!Fo_gcHZJ>k3ACuar=NN?HaOp~{PA@{5;`E;n#`P>E zVIyMx>t4fLHP{>S_M5ncnLg~A3?5+z&rc_VbGZBb6tfa)T~a`)=^$Uiz10o6i)SyF15GH57=93AFRS+fW)%Mg9s zqAJyQ`}-?y#Sf1kJ$~}yvG~M;a1|9^oTMmDy|9R+XLI}qyD0B}Qgh-$d1RG$TYKaJ zUS@|mSVO~b1q}0|Jq(Xz98{_Ctc$=%@+Au8h?Swb2~DNsrnfa)t?J|3`eRHP?Rh`e zrQ26f{#r!SZivR)Iq`OPmj!fwwzt0r&ZczpQ+QP_utA|LjRS`wEb<&P3zV~^l#0tl z;JOGGZM?vclnVJA)l|6TCRRnpNTz2N5~AU&2G)ov02)PlUYV%4LX8IoRm}{_AW_24 za0SS|(Z^9dZPLq1Snc zcL`jff*g+rF7a(;IgM<|I7OAXux(kO#1vr=&Lv4OVuiw>q`Dt~s{L@TiUI(&<-&I+ zISNv!yf;LvD-ZHQr&5-V)|=j(TLgbtlttrJP>k)O_vV9KD?`JVN2v}!m?U1?r(Z*5fkI^;&Lczv0G8(fsR`#4HWuKVTZB7udL&Rwb5P+q3g#|o`|IFUwz_e^gv%T35?#n*!yP|j4z(2;b;3D$J|rlcbfXVfJDF)~7v>kXs~u#Hne@C`43wn&dD5tEVaT zjQj^cjt5Z4QvjNT`H*JFzDb$F<(LhF*?J4v@G2)g{C&j~{v5$exzh;bBzFUdJf<%P zOPVN8LMd=Bau*?Kjo@F!$rDJ;qg(V)(6apLx}}>q0A)~NgUT>LK8}-_pA^&J8iOu? z7HL0+Amn17Bhxwzv@Yo58;(Pnl#&~iL&>tBO9i>Aq$^#Nq>U;hf=hrjK_oMypc~s? zW`5n(FnCJl#M~s%V^j5!C~?%`jk2=WLCLbD&kcH8NwuzT-?vp^0`eeD5zJ{}gi)Lk zECE3Rou$)B>fMGsuxKhBy!XGy4B0*(54;abJm0Fg7|Dq(H z)fCp91$yB~=&NLs$AzO6?f_Mf)Rm^ej^YUA^a1P>k2Hw}}EW5YN zLlPl{n!rmd|ERFG{*MzBw{gyL_VFagyl z>Q%?p@9EXo^y=$+_4|6)iA?#6V&y(TW)u?u_RDHk&_~jY-N|Sk(dIV@qDx;(oO&y9 z>aE1dbP`c&P*hMdoiap{3X0 zz;c!=or>0XSfiw4D%ogu*;BW&r*5*RZe>r#8|H?`=bKA#+qX%j+NM%nr&0~?bKvWF z7Eq~fcV(VMOz_^|YH%*qc>W;Kp#^K-dHcXH>bK;}8fWnKYRaQ2Z8!9hFuGN7Q2T zE6!G2sMx-+Sua-hjzZsxv8_iFI_aF}^nHc_~cVC=6nIz&+ zKUj%7yX*an9nsZuT&gCRiZ1F7*`4K8cUmQB^f@eMY98Rp*NxUWqRK*CZ`@P=^{P$y z=uH literal 0 HcmV?d00001 diff --git a/test/condensed-downloads/libseccomp-2.5.0-4.fc34.x86_64.rpm.tar.gz b/test/condensed-downloads/libseccomp-2.5.0-4.fc34.x86_64.rpm.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b96488a74a6a6300652db92c711fa7463cbf0a2c GIT binary patch literal 4325 zcmVYub7f;=Z*6cbGA=bPFfBALW@9rnE_gULUp6!@a&T=f zbYXG;?ON-1+cuW(?0hQz3MOG@?L0KH?7C9aht){2JeA{&W7nCf6P6-Di6g$khb*_5 z?!UgjdjUS=q&>4|=bZhp#PI=v3*Z8{?+dxe(mx0O{P2M4Ogc^+CY>zq^g3U3x}W`f zN*Cqu;DEmt+w*V>J@NNuq*5{I_a=Qb2p-2+bz4)n2qaw}8>aTh;E(6YjqT*W zFUH)z2UWXn!IX>Q@#Rz; z8`FWR2CFB8gbR4za=-tQ?yKXsQH&Csy*ac>qKN6$9wNu<5iIXRz!P%2S zjGi6uqVA3c$6b;C$OqzT__m*l5!c{b2hD4 z{$x-zPnbU*U7Uz~g1b(guR~s2uFTCTRj;PPHIGi4t471IiIFEX+|`vLc}Ys`w2H zUVr$++h^IKV;Dpqv|=1V#3T@LU>=DWgcb1z^CuCH%>+loN#hCjiHk0()1R>7G8w6X z+%yIXOHRTce`QW-8Ss%n#utR|n((=VF91HwJ5kptWq}kyolV5Q8g-|Hz3Vn$rTk2V zzEAay-*(4Ur-c0z`2IKh{7=@fSnbl~b7crvz%B@SbOc*69V{VAd54=(H-APeXv)p! zB;*9*A-jYv za#n>IDe3QQbi}ehExWoJSK4?2B{^}#WRRO%rhr*kNeApQHtE)K(^TdUq-wYlRS8wl z)2V|Gj=0glYqLMNHaDci`pawjgXeu(FhH{qs5eS+uT|BjIn03%bjc?tBJIuw;^=;0 zK4#t#p^a(t;I4T+AsaTq2$b#l6o!>e%Xt^q1S!U3*FZv;3nRClmm54jRXgkMw5s?< zKj{lzs}{q6GccDkvH5xGi0*XwE96suSdO{UfXnH4SImazU2%SNI;gw(7yyW*dHU63 zrI!zR+v4Mv(S>4-O>+!_m=KHM z@CH>#4A{9Nf0!^~(|0Q7>#K1!R5w_t${CCC-2u8vzUNIo_8%VUsi>j5xxCIhNmrjU3 z#pQ&-VG)IPqA}7wO!Fj-J;;aaxs>{NyfEOadD(4L1^Fy=DTWirS2VYHo4Tt~m%8uA zbIS4f8vDdR!hm3%&h5sb?MI3Tft`kmJVYNv>kS?$wlZtf5ow;KsSUb0cH~HiTa+#B zRO)mtU#xsAaBOEOsUPBsIdK{5QV=?g_|iTRY97bA;8ZFP^xm|wA1zqe1nv^?Qs80& zRq2)$`VlcBRqQL9ls>AXvM{XVEn!A(*b`oyu0)muq_7@mP&Nn_GL;i0h)7OwW9FwF zfk-06kul3kpcGlHPy4-EqtLE&s)83KTq_!VTxu@9t zddgHl6clBU2+{+9>M%ENY{(oX`W04fGRi|$O|L!@8xAy?OO%tBw__S-bez-h^j@hU!%osQXEtR6vc_up`S4O5^W6m>%Du z4U;#B7fdOlb`fb$gu`bsJ=Z}ff=tSl@K}Kpe;wymO2#EA6edy?<^HTZ$Otiiy{7g! zwAfM_tUIM>RzuuNU>_WQA$0XgR&pa9B~1LX^}dL6TRSu51hQr5@`*i*#=8W)twUL&6`h+aeO;mdVyTYxpHAJ}5 zYq*S3rb1HnteBI%u*jJ^=060A=y*%sU#61ODD#?GH3~;FTRP`%@=d+u9HQYh}xuvw!8M>EI};3G6#G* zHd8iTR@Oa{GF1%4N%?ZwLN@}nliH917>*s3Ez);I7{f1|x0xS#F~u6xjXZh=UK71M zinunc-d3PwTG@v8g)Ag5LO)+@K|bXk?G0Vo1>w{9Rw$heYUGGUDupIp@LhUtOgYq| zqlyH+Q$I9Xh~RXj#!!A~RMApT@Z+xX{LYe9ZbeVqN=H=`pxy>kKXcX=w=JLHw6o9T zA;RibDw(<@SZjIL*_D#0gw1yU!RnZ1@;y9zL5ydv206dgZ#y3>+j2i;zjiQX>$;@{ocw}D98_DRA=#T+8OogDK*@I%u|j=` zKmiQ5N)`^b-9jaawYYHB(S$>#O8PN-h(9bTl)F$wc4H^8=PCQugOAf8stO*J&C#(N z&5Q*9RFTKl5+N%6NRXFtQtz$}F88gZO_C7Q-SSs3%G&~eF0?*v$adSD7}X-Eg<7n! z?E>VdyRa8s!5qo}mOadb?PZmTSHVwj%chnGB5i`DvDTrbq^$v9OSM);sEU@?WFATQ zK?39iko6ocR;IU=>sFSRwBVCAf~0rJzOt#z>@BiQ=}@;($gwS5;PYCc29b^j&2^rm3 zVdLG18a;)q+yq@$xz3WL96`@-8>;Wl>mL^Ndq!!gIK(Rx=w{&3OfMSYw|?qj#jXUm z^eC0-;?SsmP0`N=`dOwC*Vp=?o`xEku6j(;p{steYP?VA7aQ$>bcCcIWt3r3p>(Ow z%dqj=rce=`@%_ncX1zK;dp>#nde{V3os09)tEw|OKYw|)^RU=$4nLo4L1t&iReLm> zon2ME?&jfUD16V@5vKjn?JRxpid#XfTf+F}YeN`+qPd;^#`v0g-+ue8AtW3W*w}GU z8TY<6US7^-V$(llIicW+REN@6s${?)4U&Ow93GH#lpty&X-Bw4lEn@9aqdt}&jhf0 zTy0cThM~)s-@iP&dMO?lKvKA|0i}VNGMw0z1_$q-9wKpgP(l!P7<6RgVP+8Rm?kDe zaA5*GFkHzmgoX~id4~2G#y32NC}KQlfWJ~}x29J3{D^<8=6!wg+C?f$o&b$ff=y*=dWMHIn( zemvIO7ssPVFV4;{PG0;C&By#B_M11>==JLffM+jX(}d%*EBZK|rQ-}bDrU#9H;Apt zy|X=mzdIh?)Bkl6*sudtm;N^eG0VTS-ADUuW8CU~;@_yAs`{YgIr|44C72zy%HqqP z-~3%%|80IDmIpt~MgG!%ARhhY@JKv}#(QG%%Wx}usVqaf~=pU24C%-@z?>!Y~_wJ2nCu04}gGBtPINlTQ*U<|Rb$>O*m)ZBLr{X`q zeAM&A&YO2n?~C5~)n)MPT0F4te|;Q)u!38FqX=|rir?h1i9#Nl1