diff --git a/cve_bin_tool/checkers/systemd.py b/cve_bin_tool/checkers/systemd.py index 407a0b5c4e..bf221f8686 100644 --- a/cve_bin_tool/checkers/systemd.py +++ b/cve_bin_tool/checkers/systemd.py @@ -4,11 +4,8 @@ """ CVE checker for systemd -https://www.cvedetails.com/product/38088/Freedesktop-Systemd.html?vendor_id=7971 +https://www.cvedetails.com/product/34874/Systemd-Project-Systemd.html?vendor_id=15978 """ - -from re import DOTALL, MULTILINE, compile - from cve_bin_tool.checkers import Checker @@ -20,37 +17,17 @@ class SystemdChecker(Checker): ] FILENAME_PATTERNS = [r"libsystemd.so."] VERSION_PATTERNS = [ - compile( - r"LIBSYSTEMD_([0-4]+[0-9]+[0-9]+)(?!.*LIBSYSTEMD_([0-4]+[0-9]+[0-9]+))", - DOTALL, - ), - compile(r"^systemd (\d{2,4})", MULTILINE), + r"\r?\nsystemd (\d{2,4})", r"libsystemd-shared-([0-9]+)\.so", # patterns like this aren't ideal r"systemd-[a-z]+-([0-9]+)\.so", # patterns like this aren't ideal r"udev-([0-9]+)\.so", # patterns like this aren't ideal r"systemd v([0-9]+).* running in ", r"pam_systemd.so-([0-9]+)\.", ] - VENDOR_PRODUCT = [("freedesktop", "systemd")] + VENDOR_PRODUCT = [("systemd_project", "systemd")] """ Using filenames (containing patterns like '.so' etc.) in the binaries as VERSION_PATTERNS aren't ideal. The reason behind this is that these might depend on who packages the file (like it might work on fedora but not on ubuntu) """ - - """ - In some packages of systemd the version strings are present in - - ``` - LIBSYSTEMD_209 - LIBSYSTEMD_211 - ... - LIBSYSTEMD_245 - LIBSYSTEMD_246 - ``` - - this way. So we need to make sure the first regex pattern detects the last and latest version string. - Which is dealt by the regex r"LIBSYSTEMD_([0-4]+[0-9]+[0-9]+)(?!.*LIBSYSTEMD_([0-4]+[0-9]+[0-9]+))". - The regex uses negative lookahead and DOTALL to detect the last occurring match and returns it. - """ diff --git a/test/test_data/apache_http_server.py b/test/test_data/apache_http_server.py index 8e0b97a89a..32546eef74 100644 --- a/test/test_data/apache_http_server.py +++ b/test/test_data/apache_http_server.py @@ -15,6 +15,6 @@ "package_name": "httpd-2.4.51-2.fc35.x86_64.rpm", "product": "http_server", "version": "2.4.51", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/asterisk.py b/test/test_data/asterisk.py index 9462a715bf..adfc229a8c 100644 --- a/test/test_data/asterisk.py +++ b/test/test_data/asterisk.py @@ -19,27 +19,27 @@ "package_name": "asterisk-18.12.1-1.fc37.1.aarch64.rpm", "product": "asterisk", "version": "18.12.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/a/", "package_name": "asterisk-18.12.1-1.fc37.1.i686.rpm", "product": "asterisk", "version": "18.12.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.de.debian.org/debian/pool/main/a/asterisk/", "package_name": "asterisk_16.16.1~dfsg-1+deb11u1_arm64.deb", "product": "asterisk", "version": "16.16.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "https://downloads.openwrt.org/releases/22.03.0/packages/aarch64_generic/telephony/", "package_name": "asterisk_18.11.2-4_aarch64_generic.ipk", "product": "asterisk", "version": "18.11.2", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/dbus.py b/test/test_data/dbus.py index 3bd6b3758d..c04dc2d6dc 100644 --- a/test/test_data/dbus.py +++ b/test/test_data/dbus.py @@ -20,27 +20,27 @@ "package_name": "dbus-1.10.24-15.el7.x86_64.rpm", "product": "dbus", "version": "1.10.24", - "other_products": ["libdbus", "systemd"], + "other_products": ["libdbus"], }, { "url": "http://ftp.altlinux.org/pub/distributions/ALTLinux/Sisyphus/x86_64/RPMS.classic/", "package_name": "libdbus-1.12.18-alt1.x86_64.rpm", "product": "libdbus", "version": "1.12.18", - "other_products": ["dbus", "systemd"], + "other_products": ["dbus"], }, { "url": "http://archive.ubuntu.com/ubuntu/pool/main/d/dbus/", "package_name": "dbus_1.12.20-1ubuntu3_amd64.deb", "product": "dbus", "version": "1.12.20", - "other_products": ["libdbus", "systemd"], + "other_products": ["libdbus"], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/d/dbus/", "package_name": "dbus_1.8.22-0+deb8u1_amd64.deb", "product": "dbus", "version": "1.8.22", - "other_products": ["libdbus", "systemd"], + "other_products": ["libdbus"], }, ] diff --git a/test/test_data/gnomeshell.py b/test/test_data/gnomeshell.py index ef4b38936d..d37cee872e 100644 --- a/test/test_data/gnomeshell.py +++ b/test/test_data/gnomeshell.py @@ -25,13 +25,13 @@ "package_name": "gnome-shell_3.38.4-1ubuntu2_amd64.deb", "product": "gnome-shell", "version": "3.38.4", - "other_products": ["glibc", "systemd"], + "other_products": ["glibc"], }, { "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/g/", "package_name": "gnome-shell-40.2-1.fc35.x86_64.rpm", "product": "gnome-shell", "version": "40.2", - "other_products": ["glibc", "systemd"], + "other_products": ["glibc"], }, ] diff --git a/test/test_data/haproxy.py b/test/test_data/haproxy.py index 45efd18c42..a040c5d65c 100644 --- a/test/test_data/haproxy.py +++ b/test/test_data/haproxy.py @@ -19,27 +19,27 @@ "package_name": "haproxy-1.8.4-2.fc28.x86_64.rpm", "product": "haproxy", "version": "1.8.4", - "other_products": ["gcc", "lua", "systemd"], + "other_products": ["gcc", "lua"], }, { "url": "https://mirrors.edge.kernel.org/centos/7/os/x86_64/Packages/", "package_name": "haproxy-1.5.18-9.el7.x86_64.rpm", "product": "haproxy", "version": "1.5.18", - "other_products": ["gcc", "lua", "systemd"], + "other_products": ["gcc", "lua"], }, { "url": "http://ftp.br.debian.org/debian/pool/main/h/haproxy/", "package_name": "haproxy_2.6.6-1_arm64.deb", "product": "haproxy", "version": "2.6.6", - "other_products": ["gcc", "lua", "systemd"], + "other_products": ["gcc", "lua"], }, { "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", "package_name": "haproxy_2.0.25-1_x86_64.ipk", "product": "haproxy", "version": "2.0.25", - "other_products": ["gcc", "lua", "systemd"], + "other_products": ["gcc", "lua"], }, ] diff --git a/test/test_data/jack2.py b/test/test_data/jack2.py index 75717026a8..bf32585370 100644 --- a/test/test_data/jack2.py +++ b/test/test_data/jack2.py @@ -10,20 +10,20 @@ "package_name": "jack-1.9.21-1.4.aarch64.rpm", "product": "jack2", "version": "1.9.21", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/opensuse/ports/armv6hl/tumbleweed/repo/oss/armv6hl/", "package_name": "jack-1.9.21-1.4.armv6hl.rpm", "product": "jack2", "version": "1.9.21", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/j/jackd2/", "package_name": "jackd2_1.9.12~dfsg-2_amd64.deb", "product": "jack2", "version": "1.9.12", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/janus.py b/test/test_data/janus.py index 51a6c61d51..c3cf8e26aa 100644 --- a/test/test_data/janus.py +++ b/test/test_data/janus.py @@ -11,20 +11,20 @@ "package_name": "janus-gateway-1.1.0-1.1.aarch64.rpm", "product": "janus", "version": "1.1.0", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://rpmfind.net/linux/opensuse/ports/armv6hl/tumbleweed/repo/oss/armv6hl/", "package_name": "janus-gateway-1.1.0-1.1.armv6hl.rpm", "product": "janus", "version": "1.1.0", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/j/janus/", "package_name": "janus_0.9.2-1~bpo10+1_amd64.deb", "product": "janus", "version": "0.9.2", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, ] diff --git a/test/test_data/keepalived.py b/test/test_data/keepalived.py index 56fd62c878..f07f7d9dcc 100644 --- a/test/test_data/keepalived.py +++ b/test/test_data/keepalived.py @@ -14,34 +14,34 @@ "package_name": "keepalived-2.2.7-3.fc37.aarch64.rpm", "product": "keepalived", "version": "2.2.7", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/fedora-secondary/development/rawhide/Everything/ppc64le/os/Packages/k/", "package_name": "keepalived-2.2.7-3.fc37.ppc64le.rpm", "product": "keepalived", "version": "2.2.7", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_amd64.deb", "product": "keepalived", "version": "1.2.13", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_armel.deb", "product": "keepalived", "version": "1.2.13", - "other_products": ["systemd"], + "other_products": [], }, { "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", "package_name": "keepalived_2.0.18-5_x86_64.ipk", "product": "keepalived", "version": "2.0.18", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/libvirt.py b/test/test_data/libvirt.py index 458d0774b9..802fd080aa 100644 --- a/test/test_data/libvirt.py +++ b/test/test_data/libvirt.py @@ -14,6 +14,6 @@ "package_name": "libvirt-client-1.2.2-1.fc21.x86_64.rpm", "product": "libvirt", "version": "1.2.2", - "other_products": ["systemd"], + "other_products": [], } ] diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py index 598f85d8e4..0212c2e90f 100644 --- a/test/test_data/nghttp2.py +++ b/test/test_data/nghttp2.py @@ -11,34 +11,34 @@ "package_name": "nghttp2-1.50.0-7.1.riscv64.rpm", "product": "nghttp2", "version": "1.50.0", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/opensuse/ports/aarch64/tumbleweed/repo/oss/aarch64/", "package_name": "nghttp2-1.50.0-1.1.aarch64.rpm", "product": "nghttp2", "version": "1.50.0", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_amd64.deb", "product": "nghttp2", "version": "1.18.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_arm64.deb", "product": "nghttp2", "version": "1.18.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/base/", "package_name": "libnghttp2-14_1.41.0-1_x86_64.ipk", "product": "nghttp2", "version": "1.41.0", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/openvpn.py b/test/test_data/openvpn.py index 8fda1d1ef8..1cca8d6d37 100644 --- a/test/test_data/openvpn.py +++ b/test/test_data/openvpn.py @@ -10,13 +10,13 @@ "package_name": "openvpn-2.4.1-1.fc25.x86_64.rpm", "product": "openvpn", "version": "2.4.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/mageia/distrib/5/x86_64/media/core/updates/", "package_name": "openvpn-2.3.12-1.mga5.x86_64.rpm", "product": "openvpn", "version": "2.3.12", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/pcsc_lite.py b/test/test_data/pcsc_lite.py index d5ef2ee925..3487a35922 100644 --- a/test/test_data/pcsc_lite.py +++ b/test/test_data/pcsc_lite.py @@ -23,13 +23,13 @@ "package_name": "pcsc-lite-1.9.1-1.fc33.x86_64.rpm", "product": "pcsc-lite", "version": "1.9.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/", "package_name": "pcsc-lite-1.8.25-r2.apk", "product": "pcsc-lite", "version": "1.8.25", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/rsyslog.py b/test/test_data/rsyslog.py index 2a329b49e0..1f8e539690 100644 --- a/test/test_data/rsyslog.py +++ b/test/test_data/rsyslog.py @@ -10,20 +10,20 @@ "package_name": "rsyslog-5.5.7-1.fc15.x86_64.rpm", "product": "rsyslog", "version": "5.5.7", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://archive.ubuntu.com/ubuntu/pool/main/r/rsyslog/", "package_name": "rsyslog_8.2112.0-2ubuntu2_amd64.deb", "product": "rsyslog", "version": "8.2112.0", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://dl-cdn.alpinelinux.org/alpine/v3.13/main/aarch64/", "package_name": "rsyslog-8.2012.0-r3.apk", "product": "rsyslog", "version": "8.2012.0", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/squid.py b/test/test_data/squid.py index 685c4c00ff..091c96dbba 100644 --- a/test/test_data/squid.py +++ b/test/test_data/squid.py @@ -24,20 +24,20 @@ "package_name": "squid_4.11-2~bpo10+1_amd64.deb", "product": "squid", "version": "4.11", - "other_products": ["kerberos", "systemd"], + "other_products": ["kerberos"], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/", "package_name": "squid_4.11-2~bpo10+1_arm64.deb", "product": "squid", "version": "4.11", - "other_products": ["kerberos", "systemd"], + "other_products": ["kerberos"], }, { "url": "https://downloads.openwrt.org/releases/packages-21.02/x86_64/packages/", "package_name": "squid_4.17-1_x86_64.ipk", "product": "squid", "version": "4.17", - "other_products": ["kerberos", "systemd"], + "other_products": ["kerberos"], }, ] diff --git a/test/test_data/stunnel.py b/test/test_data/stunnel.py index 7e6b0ce975..0a9fd17154 100644 --- a/test/test_data/stunnel.py +++ b/test/test_data/stunnel.py @@ -10,27 +10,27 @@ "package_name": "stunnel-5.66-1.1.aarch64.rpm", "product": "stunnel", "version": "5.66", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://rpmfind.net/linux/opensuse/ports/armv6hl/tumbleweed/repo/oss/armv6hl/", "package_name": "stunnel-5.66-1.1.armv6hl.rpm", "product": "stunnel", "version": "5.66", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://ftp.br.debian.org/debian/pool/main/s/stunnel4/", "package_name": "stunnel4_5.39-2_amd64.deb", "product": "stunnel", "version": "5.39", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", "package_name": "stunnel_5.55-2_x86_64.ipk", "product": "stunnel", "version": "5.55", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, ] diff --git a/test/test_data/syslogng.py b/test/test_data/syslogng.py index 2e2e8ae866..72a7e8a4d5 100644 --- a/test/test_data/syslogng.py +++ b/test/test_data/syslogng.py @@ -19,13 +19,13 @@ "package_name": "syslog-ng-3.5.6-3.fc21.x86_64.rpm", "product": "syslog-ng", "version": "3.5.6", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.br.debian.org/debian/pool/main/s/syslog-ng/", "package_name": "syslog-ng-core_3.8.1-10_arm64.deb", "product": "syslog-ng", "version": "3.8.1", - "other_products": ["systemd"], + "other_products": [], }, ] diff --git a/test/test_data/systemd.py b/test/test_data/systemd.py index 0ba909000a..bb9b2d689a 100644 --- a/test/test_data/systemd.py +++ b/test/test_data/systemd.py @@ -5,7 +5,7 @@ { "product": "systemd", "version": "239", - "version_strings": ["LIBSYSTEMD_239", "sd_bus_error_copy"], + "version_strings": ["systemd 239", "sd_bus_error_copy"], } ] package_test_data = [ diff --git a/test/test_data/tor.py b/test/test_data/tor.py index 187b437d18..1ada8f37c8 100644 --- a/test/test_data/tor.py +++ b/test/test_data/tor.py @@ -10,27 +10,27 @@ "package_name": "tor-0.4.7.10-4.1.riscv64.rpm", "product": "tor", "version": "0.4.7.10", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://rpmfind.net/linux/mageia/distrib/cauldron/aarch64/media/core/release/", "package_name": "tor-0.4.7.10-2.mga9.aarch64.rpm", "product": "tor", "version": "0.4.7.10", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/t/tor/", "package_name": "tor_0.2.9.16-1_arm64.deb", "product": "tor", "version": "0.2.9.16", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, { "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", "package_name": "tor_0.4.5.10-1_x86_64.ipk", "product": "tor", "version": "0.4.5.10", - "other_products": ["openssl", "systemd"], + "other_products": ["openssl"], }, ] diff --git a/test/test_data/util_linux.py b/test/test_data/util_linux.py index fbceb7510d..773ae7cd9e 100644 --- a/test/test_data/util_linux.py +++ b/test/test_data/util_linux.py @@ -14,27 +14,27 @@ "package_name": "util-linux-2.38.1-2.fc38.aarch64.rpm", "product": "util-linux", "version": "2.38.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/u/", "package_name": "util-linux-2.38.1-2.fc38.i686.rpm", "product": "util-linux", "version": "2.38.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_amd64.deb", "product": "util-linux", "version": "2.38.1", - "other_products": ["systemd"], + "other_products": [], }, { "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_arm64.deb", "product": "util-linux", "version": "2.38.1", - "other_products": ["systemd"], + "other_products": [], }, ]