diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index c56b9154f3..fc7c3526ee 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -185,6 +185,7 @@ libraryname librsvg libseccomp libsndfile +libsolv libsoup libsqlite libsrtp diff --git a/README.md b/README.md index cfe84b76fa..ca5c9d1fc9 100644 --- a/README.md +++ b/README.md @@ -194,7 +194,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- | +|--------------- |---------- |---------- |------------ |--------------- |------------- |------------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -202,16 +202,16 @@ The following checkers are available for finding components in binary files: | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | -| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 | -| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua | -| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses | -| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs | -| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip | -| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp | -| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite | -| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers | -| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib | -| zsh | | | | | | | +| libnss |librsvg |libseccomp |libsndfile |libsolv |libsoup |libsrtp | +| libssh2 |libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate | +| lua |mariadb |mdadm |memcached |mtr |mysql |nano | +| ncurses |nessus |netpbm |nginx |node |ntp |open_vm_tools | +| openafs |openjpeg |openldap |openssh |openssl |openswan |openvpn | +| p7zip |pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql | +| pspp |python |qt |radare2 |rsyslog |samba |sane_backends | +| sqlite |strongswan |subversion |sudo |syslogng |systemd |tcpdump | +| trousers |varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 | +| zlib |zsh | | | | | | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index a9f44424c5..22ea90dd35 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -64,6 +64,7 @@ "librsvg", "libseccomp", "libsndfile", + "libsolv", "libsoup", "libsrtp", "libssh2", diff --git a/cve_bin_tool/checkers/libsolv.py b/cve_bin_tool/checkers/libsolv.py new file mode 100644 index 0000000000..cf94c38fc7 --- /dev/null +++ b/cve_bin_tool/checkers/libsolv.py @@ -0,0 +1,18 @@ +# Copyright (C) 2022 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +""" +CVE checker for libsolv + +https://www.cvedetails.com/vulnerability-list/vendor_id-8184/product_id-51703/Opensuse-Libsolv.html + +""" + +from cve_bin_tool.checkers import Checker + + +class LibsolvChecker(Checker): + CONTAINS_PATTERNS = [] + FILENAME_PATTERNS = [r"libsolv.so", r"libsolvext.so"] + VERSION_PATTERNS = [r"libsolv(?:\.so\.1)?-([0-9]+\.[0-9]+\.[0-9]+)"] + VENDOR_PRODUCT = [("opensuse", "libsolv")] diff --git a/doc/MANUAL.md b/doc/MANUAL.md index ba004a0440..e65f02fa24 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -118,7 +118,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- | +|--------------- |---------- |---------- |------------ |--------------- |------------- |------------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -126,16 +126,16 @@ which is useful if you're trying the latest code from | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | -| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 | -| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua | -| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses | -| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs | -| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip | -| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp | -| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite | -| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers | -| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib | -| zsh | | | | | | | +| libnss |librsvg |libseccomp |libsndfile |libsolv |libsoup |libsrtp | +| libssh2 |libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate | +| lua |mariadb |mdadm |memcached |mtr |mysql |nano | +| ncurses |nessus |netpbm |nginx |node |ntp |open_vm_tools | +| openafs |openjpeg |openldap |openssh |openssl |openswan |openvpn | +| p7zip |pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql | +| pspp |python |qt |radare2 |rsyslog |samba |sane_backends | +| sqlite |strongswan |subversion |sudo |syslogng |systemd |tcpdump | +| trousers |varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 | +| zlib |zsh | | | | | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/test/condensed-downloads/libsolv-0.6.34-4.el7.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.6.34-4.el7.x86_64.rpm.tar.gz new file mode 100644 index 0000000000..ca867b7f82 Binary files /dev/null and b/test/condensed-downloads/libsolv-0.6.34-4.el7.x86_64.rpm.tar.gz differ diff --git a/test/condensed-downloads/libsolv-0.7.16-2.el8.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.7.16-2.el8.x86_64.rpm.tar.gz new file mode 100644 index 0000000000..41c029aa0f Binary files /dev/null and b/test/condensed-downloads/libsolv-0.7.16-2.el8.x86_64.rpm.tar.gz differ diff --git a/test/condensed-downloads/libsolv-0.7.17-3.fc34.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.7.17-3.fc34.x86_64.rpm.tar.gz new file mode 100644 index 0000000000..bd2d3c63d2 Binary files /dev/null and b/test/condensed-downloads/libsolv-0.7.17-3.fc34.x86_64.rpm.tar.gz differ diff --git a/test/test_data/libsolv.py b/test/test_data/libsolv.py new file mode 100644 index 0000000000..65398f5155 --- /dev/null +++ b/test/test_data/libsolv.py @@ -0,0 +1,40 @@ +# Copyright (C) 2021 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "libsolv", + "version": "0.6.34", + "version_strings": ["libsolv-0.6.34"], + }, + { + "product": "libsolv", + "version": "0.7.16", + "version_strings": ["libsolv.so.1-0.7.16"], + }, + { + "product": "libsolv", + "version": "0.7.17", + "version_strings": ["libsolv.so.1-0.7.17"], + }, +] +package_test_data = [ + { + "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/", + "package_name": "libsolv-0.6.34-4.el7.x86_64.rpm", + "product": "libsolv", + "version": "0.6.34", + }, + { + "url": "http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/", + "package_name": "libsolv-0.7.16-2.el8.x86_64.rpm", + "product": "libsolv", + "version": "0.7.16", + }, + { + "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/Packages/l/", + "package_name": "libsolv-0.7.17-3.fc34.x86_64.rpm", + "product": "libsolv", + "version": "0.7.17", + }, +]