Updated existing checkers using Helper Script #1189
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peb-peb
commented
Jun 23, 2021
|
While looking for common strings in |
Codecov Report
@@ Coverage Diff @@
## main #1189 +/- ##
==========================================
+ Coverage 79.31% 80.84% +1.52%
==========================================
Files 271 271
Lines 4908 4908
Branches 593 593
==========================================
+ Hits 3893 3968 +75
+ Misses 866 797 -69
+ Partials 149 143 -6
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
BreadGenie
reviewed
Jun 23, 2021
terriko
requested changes
Jun 24, 2021
I'll update it it once I finish writing up the docs. |
peb-peb
commented
Jun 26, 2021
peb-peb
commented
Jul 7, 2021
Comment on lines
32
to
+34
| VERSION_PATTERNS = [ | ||
| r"gcc ([0-9]+\.[0-9]+\.[0-9]+)", | ||
| r"gcc ([0-9]+\.[0-9]+)", | ||
| r"GCC: \(GNU\) ([0-9]+\.[0-9]+(\.[0-9]+)?)", | ||
| # r"gcc ([0-9]+\.[0-9]+(\.[0-9]+)?)", # does not return correct version number on some packages |
There was a problem hiding this comment.
# Make sure the product and version are in the results
assert (
product in list_products
), f"""{product} not found in {package_name}.
The checker signature or url may be incorrect."""
> assert version in list_versions
E AssertionError: assert '8.4.1' in {'8.3.1'}
test/test_scanner.py:262: AssertionError
after scanning a few files, found that r"gcc ([0-9]+\.[0-9]+(\.[0-9]+)?)" is not consistent and changed it.
Also, I was not able to find any appropriate version pattern for debian packages. (I've added a note at top for this)
|
for gnupg, I am receiving this error: (all tests seems to fail) this is what my checker looks like: and the test_data for it is: I am not pushing this in this pr due to the errors :( |
* fixes: intel#1159 * test: change way pytest is run in CI Switch to using a full pytest gather for the async tests. Several test files are singled out to be run synchronously because they touch NVD and can cause us to get rate limited if they run in parallel. This will ensure that no one needs to add new test files explicitly to CI unless they need to be run synchronously. Several test files are (temporarily) disabled because they are not passing; we'll enable those as they are fixed. Signed-off-by: Terri Oda <[email protected]>
* refactor(scanner): Remove scanned string splitting refactor(strings): Return a string instead of array of string * fix(checker): with respect to changes from b240fa0 fix: xml2 checker fix: sqlite checker fix: glibc checker and test fix: systemd checker fix: libdb checker fix: systemd checker v229 .deb fix: universal python package checker
* feat(checker): Add sudo checker * add condensed downloads for sudo
* Fix yaml and toml tests in test_config * Related to intel#1159 * Add test_config back to updated CI Two of the tests in test_config were failing, presumably because they'd gotten out of date when we changed the default for extraction. These tests were not being run in CI (thanks to @Molkree for noticing that) so they didn't get fixed in a timely manner. Signed-off-by: Terri Oda <[email protected]>
* Add recommdended dev tools list * Moved isort to dev requirements file. * fix: pip install from dev-recommended for isort CI * fix: remove isort also from requirements.csv Signed-off-by: Terri Oda <[email protected]>
* fix: Add gnome-shell checker * fix: Improve regex(multiline) * fix: Windows test for gnome-shell checker
* fix: rename development requirements file for Snyk Snyk picks up files named `*req*.txt` so we're switching dev-recommended.txt to dev-requirements.txt so gets scanned automatically. Signed-off-by: Terri Oda <[email protected]>
* fix: condensed downloads The condensed downloads were made without any proper strings in it due to the changes in intel#1227. * refactor: writelines -> write
…#1246) * refactor: helper script for is_executable() and parse_string() * helper script: Instantiate instance of VersionScanner Previously we were only using VersionScanner.clean_file_path() which is a static method. In this case we did not need to instantiate and instance. We started using the is_executable() and parse_strings() methods, which are regular methods which use self. When a method takes self as the first positional argument we must instantiate its class before we use call the attached method. As such, we've created a new instance of VersionScanner as the version_scanner property within HelperScript. Tested with $ curl -sfLo /tmp/libmatroska-1.5.0-1.el8.aarch64.rpm \ https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libmatroska-1.5.0-1.el8.x86_64.rpm $ python cve_bin_tool/helper_script.py /tmp/libmatroska-1.5.0-1.el8.aarch64.rpm [07:09:05] INFO cve_bin_tool.VersionScanner - Updating version_scanner.py:42 egg_info WARNING cve_bin_tool.HelperScript - False helper_script.py:74 WARNING cve_bin_tool.HelperScript - False helper_script.py:74 WARNING cve_bin_tool.HelperScript - False helper_script.py:74 WARNING cve_bin_tool.HelperScript - False helper_script.py:74 WARNING cve_bin_tool.HelperScript - (True, '/tmp helper_script.py:74 /cve-bin-tool-3shnb9ex/libmatroska-1.5.0 -1.el8.aarch64.rpm.extracted/usr/lib64/l ibmatroska.so.6.0.0: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4e7b21 76f1dc3f381571a2c873532ab0ce254c24, stripped, too many notes (256)\n') WARNING cve_bin_tool.HelperScript - False helper_script.py:74 ────────────────────────────── LibmatroskaChecker ────────────────────────────── CONTAIN_PATTERNS = [ r"N11libmatroska24KaxChapterProcessCodecIDE", r"N11libmatroska24KaxChapterProcessCommandE", r"N11libmatroska24KaxChapterProcessPrivateE", libmatroska::KaxVideoGamma::RenderData(libebml::IOCallback&, bool, bool)", ... <output shortened> ... r"virtual libmatroska::DataBuffer* libmatroska::DataBuffer::Clone()", r"void libmatroska::KaxBlockBlob::SetBlockGroup(libmatroska::KaxBlockGroup&)", r"void libmatroska::KaxBlockGroup::SetBlockDuration(uint64)", r"void libmatroska::KaxReferenceBlock::SetReferencedBlock(const libmatroska::KaxBlockBlob*)", ] FILENAME_PATTERNS = [ r"libmatroska.so.6.0.0", ] VERSION_PATTERNS = [ r"/builddir/build/BUILD/libmatroska-1.5.0/matroska/KaxBlock.h", r"/builddir/build/BUILD/libmatroska-1.5.0/matroska/KaxTracks.h", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxBlock.cpp", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxBlockData.cpp", r"/builddir/build/BUILD/libmatroska-1.5.0/matroska/KaxCluster.h", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxCluster.cpp", r"/builddir/build/BUILD/libmatroska-1.5.0/matroska/KaxCues.h", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxCues.cpp", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxCuesData.cpp", r"/builddir/build/BUILD/libmatroska-1.5.0/src/KaxSemantic.cpp", ] VENDOR_PRODUCT = [('matroska', 'libmatroska')] ──────────────────────────────────────────────────────────────────────────────── Signed-off-by: John Andersen <[email protected]> * refactor(helperscript): removed unused imports fix for black and isort commented the log messages * fix: typo * refactor(version_scanner): now is_executable would retrun (True, output) or (False, None) * refactor(helper_script): removed try/except block * fix: black Co-authored-by: John Andersen <[email protected]>
updated CONTAINS_PATTERNS and VERSIONS_PATTERNS for bzip2 checker
also added tests for wireshark, since latest versions of wireshark have "wireshark" as their common filename
added strings in CONTAINS_PATTERNS added a new string in VERSION_PATTERNS
added strings for CONTAINS_PATTERNS added another mapping_test_data
added new version string regex added tests
added CONTAIN_PATTERNS replaced the old version string with a more consistent one added tests for the same
peb-peb
force-pushed
the
update_checkers
branch
from
9ca16a5 to
a9ffcb9
Compare
27 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
# Alternate optional contains patterns, see <link to helper script docs> for more detailscheckers checked against the Helper Script:
CONTAINS_PATTERNS)CONTAINS_PATTERNS)