feat: New checker: gnome librsvg (fixes #1494) (#1533)

.github/actions/spelling/allow.txt

@@ -180,6 +180,7 @@ liblas
 libnss
 libpng
 libraryname
+librsvg
 libsndfile
 libsoup
 libsqlite

README.md

@@ -194,23 +194,23 @@ The following checkers are available for finding components in binary files:
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |--------- |------------- |---------- |------------- |---------- |------------ |
+|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver |
-| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached |
-| mtr |mysql |nano |ncurses |nessus |netpbm |nginx |
-| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh |
-| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png |
-| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 |
-| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo |
-| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark |
-| wpa_supplicant |xerces |xml2 |zlib |zsh | | |
+| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
+| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
+| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
+| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
+| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
+| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
+| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
+| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
+| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
 <!--CHECKERS TABLE END-->
 
 All the checkers can be found in the checkers directory, as can the

cve_bin_tool/checkers/__init__.py

@@ -60,6 +60,7 @@
     "libjpeg_turbo",
     "liblas",
     "libnss",
+    "librsvg",
     "libsndfile",
     "libsoup",
     "libsrtp",

cve_bin_tool/checkers/librsvg.py

@@ -0,0 +1,18 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+CVE checker for librsvg
+
+https://www.cvedetails.com/vulnerability-list/vendor_id-283/product_id-23082/Gnome-Librsvg.html
+
+"""
+
+from cve_bin_tool.checkers import Checker
+
+
+class LibrsvgChecker(Checker):
+    CONTAINS_PATTERNS = []
+    FILENAME_PATTERNS = [r"librsvg"]
+    VERSION_PATTERNS = [r"librsvg[0-9]?-([0-9]+\.[0-9]+\.[0-9]+)"]
+    VENDOR_PRODUCT = [("gnome", "librsvg")]

doc/MANUAL.md

@@ -118,23 +118,23 @@ which is useful if you're trying the latest code from
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |--------- |------------- |---------- |------------- |---------- |------------ |
+|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver |
-| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached |
-| mtr |mysql |nano |ncurses |nessus |netpbm |nginx |
-| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh |
-| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png |
-| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 |
-| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo |
-| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark |
-| wpa_supplicant |xerces |xml2 |zlib |zsh | | |
+| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
+| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
+| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
+| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
+| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
+| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
+| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
+| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
+| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
 <!--CHECKERS TABLE END-->
 
 For a quick overview of usage and how it works, you can also see [the readme file](README.md).

test/test_data/librsvg.py

@@ -0,0 +1,29 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "librsvg",
+        "version": "2.46.5",
+        "version_strings": ["librsvg-2.46.5"],
+    },
+    {
+        "product": "librsvg",
+        "version": "2.50.7",
+        "version_strings": ["librsvg2-2.50.7"],
+    },
+]
+package_test_data = [
+    {
+        "url": "https://ftp.lysator.liu.se/pub/opensuse/distribution/leap/15.3/repo/oss/aarch64/",
+        "package_name": "librsvg-2-2-2.46.5-3.3.1.aarch64.rpm",
+        "product": "librsvg",
+        "version": "2.46.5",
+    },
+    {
+        "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/35/Everything/aarch64/os/Packages/l/",
+        "package_name": "librsvg2-2.50.7-2.fc35.aarch64.rpm",
+        "product": "librsvg",
+        "version": "2.50.7",
+    },
+]