diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index c4640d99b3..39fcfcf122 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -385,6 +385,7 @@ "xml2", "xscreensaver", "xwayland", + "xz", "yasm", "zabbix", "zchunk", diff --git a/cve_bin_tool/checkers/xz.py b/cve_bin_tool/checkers/xz.py new file mode 100644 index 0000000000..20e8d5a8cd --- /dev/null +++ b/cve_bin_tool/checkers/xz.py @@ -0,0 +1,23 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for xz + +https://www.cvedetails.com/product/38995/Tukaani-XZ.html?vendor_id=16730 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class XzChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"xz \(XZ Utils\) ([0-9]+\.[0-9]+\.[0-9]+)", + r"([0-9]+\.[0-9]+\.[0-9]+)[A-Za-z0-9,'_=:*&!? \-\.\[\]\"\(\)\r\n]*7zXZ[a-zA-z0-9\r\n]* @@@", + ] + VENDOR_PRODUCT = [("tukaani", "xz")] diff --git a/test/condensed-downloads/liblzma5_5.6.3-1+b1_arm64.deb.tar.gz b/test/condensed-downloads/liblzma5_5.6.3-1+b1_arm64.deb.tar.gz new file mode 100644 index 0000000000..ef15db25ab Binary files /dev/null and b/test/condensed-downloads/liblzma5_5.6.3-1+b1_arm64.deb.tar.gz differ diff --git a/test/condensed-downloads/liblzma_5.2.5-1_x86_64.ipk.tar.gz b/test/condensed-downloads/liblzma_5.2.5-1_x86_64.ipk.tar.gz new file mode 100644 index 0000000000..6f1f8ede0c Binary files /dev/null and b/test/condensed-downloads/liblzma_5.2.5-1_x86_64.ipk.tar.gz differ diff --git a/test/condensed-downloads/xz-5.2.4-r0.apk.tar.gz b/test/condensed-downloads/xz-5.2.4-r0.apk.tar.gz new file mode 100644 index 0000000000..84f564ac6a Binary files /dev/null and b/test/condensed-downloads/xz-5.2.4-r0.apk.tar.gz differ diff --git a/test/condensed-downloads/xz-5.6.3-3.fc42.aarch64.rpm.tar.gz b/test/condensed-downloads/xz-5.6.3-3.fc42.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..118b4a64ae Binary files /dev/null and b/test/condensed-downloads/xz-5.6.3-3.fc42.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/xz-utils_5.2.4-1+deb10u1_amd64.deb.tar.gz b/test/condensed-downloads/xz-utils_5.2.4-1+deb10u1_amd64.deb.tar.gz new file mode 100644 index 0000000000..959199d5f7 Binary files /dev/null and b/test/condensed-downloads/xz-utils_5.2.4-1+deb10u1_amd64.deb.tar.gz differ diff --git a/test/condensed-downloads/xz_5.2.5-1_x86_64.ipk.tar.gz b/test/condensed-downloads/xz_5.2.5-1_x86_64.ipk.tar.gz new file mode 100644 index 0000000000..096364f590 Binary files /dev/null and b/test/condensed-downloads/xz_5.2.5-1_x86_64.ipk.tar.gz differ diff --git a/test/test_data/xz.py b/test/test_data/xz.py new file mode 100644 index 0000000000..1f139e89e9 --- /dev/null +++ b/test/test_data/xz.py @@ -0,0 +1,44 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + {"product": "xz", "version": "5.2.5", "version_strings": ["xz (XZ Utils) 5.2.5"]} +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/x/", + "package_name": "xz-5.6.3-3.fc42.aarch64.rpm", + "product": "xz", + "version": "5.6.3", + }, + { + "url": "http://ftp.fr.debian.org/debian/pool/main/x/xz-utils/", + "package_name": "xz-utils_5.2.4-1+deb10u1_amd64.deb", + "product": "xz", + "version": "5.2.4", + }, + { + "url": "http://ftp.fr.debian.org/debian/pool/main/x/xz-utils/", + "package_name": "liblzma5_5.6.3-1+b1_arm64.deb", + "product": "xz", + "version": "5.6.3", + }, + { + "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", + "package_name": "xz_5.2.5-1_x86_64.ipk", + "product": "xz", + "version": "5.2.5", + }, + { + "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", + "package_name": "liblzma_5.2.5-1_x86_64.ipk", + "product": "xz", + "version": "5.2.5", + }, + { + "url": "https://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/", + "package_name": "xz-5.2.4-r0.apk", + "product": "xz", + "version": "5.2.4", + }, +]