diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index 264ff7c560..26819e1f18 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -28,6 +28,7 @@ "apache_http_server", "apcupsd", "apparmor", + "apr", "asn1c", "assimp", "asterisk", diff --git a/cve_bin_tool/checkers/apr.py b/cve_bin_tool/checkers/apr.py new file mode 100644 index 0000000000..75bba5ecc6 --- /dev/null +++ b/cve_bin_tool/checkers/apr.py @@ -0,0 +1,23 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for apr + +https://www.cvedetails.com/product/17804/Apache-Portable-Runtime.html?vendor_id=45 + +""" +from __future__ import annotations + +from cve_bin_tool.checkers import Checker + + +class AprChecker(Checker): + CONTAINS_PATTERNS: list[str] = [] + FILENAME_PATTERNS: list[str] = [] + VERSION_PATTERNS = [ + r"apr_initialize\r?\n([0-9]+\.[0-9]+\.[0-9]+)", + r"([0-9]+\.[0-9]+\.[0-9]+)\r?\n/tmp/apr", + ] + VENDOR_PRODUCT = [("apache", "portable_runtime")] diff --git a/test/condensed-downloads/apr-1.7.0-r0.apk.tar.gz b/test/condensed-downloads/apr-1.7.0-r0.apk.tar.gz new file mode 100644 index 0000000000..39cefa604c Binary files /dev/null and b/test/condensed-downloads/apr-1.7.0-r0.apk.tar.gz differ diff --git a/test/condensed-downloads/apr-1.7.5-2.fc42.aarch64.rpm.tar.gz b/test/condensed-downloads/apr-1.7.5-2.fc42.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..e703c97658 Binary files /dev/null and b/test/condensed-downloads/apr-1.7.5-2.fc42.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/libapr1_1.6.5-1+b1_amd64.deb.tar.gz b/test/condensed-downloads/libapr1_1.6.5-1+b1_amd64.deb.tar.gz new file mode 100644 index 0000000000..b49461d150 Binary files /dev/null and b/test/condensed-downloads/libapr1_1.6.5-1+b1_amd64.deb.tar.gz differ diff --git a/test/condensed-downloads/libapr_1.7.0-2_x86_64.ipk.tar.gz b/test/condensed-downloads/libapr_1.7.0-2_x86_64.ipk.tar.gz new file mode 100644 index 0000000000..37107b5ca9 Binary files /dev/null and b/test/condensed-downloads/libapr_1.7.0-2_x86_64.ipk.tar.gz differ diff --git a/test/test_data/apr.py b/test/test_data/apr.py new file mode 100644 index 0000000000..53d3c9272e --- /dev/null +++ b/test/test_data/apr.py @@ -0,0 +1,36 @@ +# Copyright (C) 2025 Orange +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "portable_runtime", + "version": "1.6.5", + "version_strings": ["apr_initialize\n1.6.5"], + } +] +package_test_data = [ + { + "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/a/", + "package_name": "apr-1.7.5-2.fc42.aarch64.rpm", + "product": "portable_runtime", + "version": "1.7.5", + }, + { + "url": "http://ftp.debian.org/debian/pool/main/a/apr/", + "package_name": "libapr1_1.6.5-1+b1_amd64.deb", + "product": "portable_runtime", + "version": "1.6.5", + }, + { + "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/", + "package_name": "libapr_1.7.0-2_x86_64.ipk", + "product": "portable_runtime", + "version": "1.7.0", + }, + { + "url": "https://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/", + "package_name": "apr-1.7.0-r0.apk", + "product": "portable_runtime", + "version": "1.7.0", + }, +]