intel · terriko · Jan 26, 2023 · Jan 9, 2023 · Jan 26, 2023
diff --git a/cve_bin_tool/checkers/README.md b/cve_bin_tool/checkers/README.md
@@ -531,7 +531,7 @@ return following dictionary.
 
 In most of the cases, Just providing above five class attributes will be enough.
 But sometimes, you need to override this method to correctly detect version of
-the product. We have done this in the checkers of `python`, `sqlite` and `kerberos`.
+the product. We have done this in the checkers of `python` and`sqlite`.
 
 ## Updating checker table
 

diff --git a/cve_bin_tool/checkers/kerberos.py b/cve_bin_tool/checkers/kerberos.py
@@ -6,7 +6,7 @@
 CVE checker for kerberos (CLI/library)
 
 References:
-https://www.cvedetails.com/vulnerability-list/vendor_id-42/product_id-61/MIT-Kerberos.html
+https://www.cvedetails.com/product/12666/MIT-Kerberos-5.html?vendor_id=42
 """
 from cve_bin_tool.checkers import Checker
 
@@ -18,27 +18,4 @@ class KerberosChecker(Checker):
         r"KRB5_BRAND: krb5-(\d+\.\d+\.?\d?)-final",
         r"kerberos 5[_-][apl-]*(1+\.[0-9]+(\.[0-9]+)*)",
     ]
-    VENDOR_PRODUCT = [("mit", "kerberos"), ("mit", "kerberos_5")]
-
-    def get_version(self, lines, filename):
-        version_info = super().get_version(lines, filename)
-
-        # currently we're only detecting kerberos 5, so return a double-version_info list
-        # if we ever detect kerberos that's not 5, this if statement will change
-        if "is_or_contains" in version_info:
-            version_info5 = [dict(), dict()]
-            version_info5[0] = version_info
-            version_info5[1] = dict()
-            version_info5[1]["is_or_contains"] = version_info["is_or_contains"]
-            version_info5[1]["productname"] = "kerberos_5"
-
-            # strip the leading "5-" off the version for 'kerberos_5' if there is one
-            # or conversely, add one to the 'kerberos' listing if there isn't
-            if version_info["version"][:2] == "5-":
-                version_info5[1]["version"] = version_info["version"][2:]
-            else:
-                version_info5[1]["version"] = version_info["version"]
-                version_info5[0]["version"] = "5-{}".format(version_info["version"])
-            return version_info5
-
-        return version_info
+    VENDOR_PRODUCT = [("mit", "kerberos_5")]
diff --git a/test/condensed-downloads/krb5-libs_1.17-2_x86_64.ipk.tar.gz b/test/condensed-downloads/krb5-libs_1.17-2_x86_64.ipk.tar.gz
diff --git a/test/condensed-downloads/libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb.tar.gz b/test/condensed-downloads/libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb.tar.gz
diff --git a/test/csv/test_triage.csv b/test/csv/test_triage.csv
@@ -3,7 +3,6 @@ libjpeg-turbo,libjpeg-turbo,2.0.1,3,High priority need to resolve fast,CVE-2018-
 libjpeg-turbo,libjpeg-turbo,2.0.1,2,Need to mitigate cves of this product,,HIGH
 haxx,curl,7.59.0,1,,,
 haxx,libcurl,7.59.0,,,,
-mit,kerberos_5,5-1.15.1,3,,,
-mit,kerberos,1.15.1,,,,
+mit,kerberos_5,1.15.1,3,,,
 sun,sunos,5.4,4,,,
-ssh,ssh2,2.0,Mitigated,,,,
+ssh,ssh2,2.0,Mitigated,,,,
diff --git a/test/csv/triage.csv b/test/csv/triage.csv
@@ -1,5 +1,3 @@
 vendor,product,version,remarks
-mit,kerberos,1.15.1,1
 haxx,curl,7.34.0,4
-mit,kerberos,5-1.15.1,5
-mit,kerberos_5,1.15.1,
+mit,kerberos_5,1.15.1,
diff --git a/test/json/bad_intermediate.json b/test/json/bad_intermediate.json
@@ -46,17 +46,8 @@
         {
             "vendor": "mit",
             "product": "kerberos_5",
-            "version": "5-1.15.1",
-            "remarks": "3",
-            "comments": "",
-            "cve_number": "",
-            "severity": ""
-        },
-        {
-            "vendor": "mit",
-            "product": "kerberos",
             "version": "1.15.1",
-            "remarks": "",
+            "remarks": "3",
             "comments": "",
             "cve_number": "",
             "severity": ""
@@ -80,4 +71,4 @@
             "severity": ""
         }
     ]
-}
+}
diff --git a/test/json/bad_metadata.json b/test/json/bad_metadata.json
@@ -47,18 +47,8 @@
         {
             "vendor": "mit",
             "product": "kerberos_5",
-            "version": "5-1.15.1",
-            "remarks": "3",
-            "comments": "",
-            "cve_number": "",
-            "severity": "",
-            "paths": ""
-        },
-        {
-            "vendor": "mit",
-            "product": "kerberos",
             "version": "1.15.1",
-            "remarks": "",
+            "remarks": "3",
             "comments": "",
             "cve_number": "",
             "severity": "",
@@ -85,4 +75,4 @@
             "paths": ""
         }
     ]
-}
+}
diff --git a/test/json/test_triage.json b/test/json/test_triage.json
@@ -38,17 +38,8 @@
   {
     "vendor": "mit",
     "product": "kerberos_5",
-    "version": "5-1.15.1",
-    "remarks": "3",
-    "comments": "",
-    "cve_number": "",
-    "severity": ""
-  },
-  {
-    "vendor": "mit",
-    "product": "kerberos",
     "version": "1.15.1",
-    "remarks": "",
+    "remarks": "3",
     "comments": "",
     "cve_number": "",
     "severity": ""
@@ -71,4 +62,4 @@
     "cve_number": "",
     "severity": ""
   }
-]
+]
diff --git a/test/test_checkers.py b/test/test_checkers.py
@@ -74,7 +74,7 @@ def setup_class(cls):
                 "international_components_for_unicode.o",
                 ["international_components_for_unicode"],
             ),
-            ("kerberos", "kerberos", ["kerberos", "kerberos_5"]),
+            ("kerberos", "kerberos", ["kerberos_5"]),
             ("libcurl", "libcurl.so.2.0", ["libcurl"]),
             ("libdb", "libdb-2.0.so", ["libdb"]),
             ("libgcrypt", "libgcrypt.so.1.0", ["libgcrypt"]),

diff --git a/test/test_csv2cve.py b/test/test_csv2cve.py
@@ -21,17 +21,16 @@ async def test_csv2cve_valid_file(self, caplog):
         assert (
             "cve_bin_tool",
             logging.INFO,
-            "There are 3 products with known CVEs detected",
+            "There are 2 products with known CVEs detected",
         ) in caplog.record_tuples
 
         assert (
             "cve_bin_tool",
             logging.INFO,
-            "Known CVEs in ('haxx.curl', '7.34.0'), ('mit.kerberos', '1.15.1'), ('mit.kerberos_5', '1.15.1'):",
+            "Known CVEs in ('haxx.curl', '7.34.0'), ('mit.kerberos_5', '1.15.1'):",
         ) in caplog.record_tuples
 
         for cve_count, product in [
-            [3, "mit.kerberos v1.15.1"],
             [60, "haxx.curl v7.34.0"],
             [10, "mit.kerberos_5 v1.15.1"],
         ]:

diff --git a/test/test_data/kerberos.py b/test/test_data/kerberos.py
@@ -1,26 +1,46 @@
 # Copyright (C) 2021 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from __future__ import annotations
-
 mapping_test_data = [
     {
-        "product": "kerberos",
-        "version": "5-1.15.1",
+        "product": "kerberos_5",
+        "version": "1.15.1",
         "version_strings": [
             "An unknown option was passed in to kerberos",
             "CLIENT kerberos 5-1.15.1",
             "KRB5_BRAND: ",
         ],
     },
     {
-        "product": "kerberos",
-        "version": "5-1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
+        "product": "kerberos_5",
+        "version": "1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
         "version_strings": [
             "An unknown option was passed in to kerberos",
             "CLIENT kerberos 5-1.15.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1",
             "KRB5_BRAND: ",
         ],
     },
 ]
-package_test_data: list[dict] = []
+package_test_data = [
+    {
+        "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
+        "package_name": "krb5-libs-1.15.1-50.el7.x86_64.rpm",
+        "product": "kerberos_5",
+        "version": "1.15.1",
+        "other_products": [],
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/k/krb5/",
+        "package_name": "libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb",
+        "product": "kerberos_5",
+        "version": "1.12.1",
+        "other_products": [],
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "krb5-libs_1.17-2_x86_64.ipk",
+        "product": "kerberos_5",
+        "version": "1.17",
+        "other_products": [],
+    },
+]
diff --git a/test/test_data/kerberos_5.py b/test/test_data/kerberos_5.py
diff --git a/test/test_input_engine.py b/test/test_input_engine.py
@@ -46,11 +46,7 @@ class TestInputEngine:
             },
             "paths": {""},
         },
-        ProductInfo("mit", "kerberos", "1.15.1"): {
-            "default": {"comments": "", "remarks": Remarks.Unexplored, "severity": ""},
-            "paths": {""},
-        },
-        ProductInfo("mit", "kerberos_5", "5-1.15.1"): {
+        ProductInfo("mit", "kerberos_5", "1.15.1"): {
             "default": {"comments": "", "remarks": Remarks.Confirmed, "severity": ""},
             "paths": {""},
         },