added new checker libseccomp

.github/actions/spelling/allow.txt

@@ -180,6 +180,7 @@ liblas
 libnss
 libpng
 libraryname
+libseccomp
 libsndfile
 libsoup
 libsqlite

README.md

@@ -191,23 +191,23 @@ The following checkers are available for finding components in binary files:
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |--------- |------------- |---------- |------------- |---------- |------------ |
+|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver |
-| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached |
-| mtr |mysql |nano |ncurses |nessus |netpbm |nginx |
-| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh |
-| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png |
-| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 |
-| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo |
-| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark |
-| wpa_supplicant |xerces |xml2 |zlib |zsh | | |
+| libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
+| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
+| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
+| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
+| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
+| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
+| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
+| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
+| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
 <!--CHECKERS TABLE END-->
 
 All the checkers can be found in the checkers directory, as can the

cve_bin_tool/checkers/__init__.py

@@ -60,6 +60,7 @@
     "libjpeg_turbo",
     "liblas",
     "libnss",
+    "libseccomp",
     "libsndfile",
     "libsoup",
     "libsrtp",

cve_bin_tool/checkers/libseccomp.py

@@ -0,0 +1,18 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+CVE checker for libseccomp
+
+https://www.cvedetails.com/vulnerability-list/vendor_id-19760/product_id-53398/Libseccomp-Project-Libseccomp.html
+"""
+from cve_bin_tool.checkers import Checker
+
+
+class LibseccompChecker(Checker):
+    CONTAINS_PATTERNS = []
+    FILENAME_PATTERNS = [r"libseccomp"]
+    VERSION_PATTERNS = [
+        r"libseccomp.so.([0-9]+\.[0-9]+\.[0-9]+)"
+    ]  # patterns like this aren't ideal
+    VENDOR_PRODUCT = [("libseccomp_project", "libseccomp")]

doc/MANUAL.md

@@ -118,23 +118,23 @@ which is useful if you're trying the latest code from
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |--------- |------------- |---------- |------------- |---------- |------------ |
+|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
-| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver |
-| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached |
-| mtr |mysql |nano |ncurses |nessus |netpbm |nginx |
-| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh |
-| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png |
-| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 |
-| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo |
-| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark |
-| wpa_supplicant |xerces |xml2 |zlib |zsh | | |
+| libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
+| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
+| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
+| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
+| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
+| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
+| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
+| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
+| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
 <!--CHECKERS TABLE END-->
 
 For a quick overview of usage and how it works, you can also see [the readme file](README.md).

test/test_data/libseccomp.py

@@ -0,0 +1,29 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "libseccomp",
+        "version": "2.3.1",
+        "version_strings": ["libseccomp.so.2.3.1"],
+    },
+    {
+        "product": "libseccomp",
+        "version": "2.5.0",
+        "version_strings": ["libseccomp.so.2.5.0"],
+    },
+]
+package_test_data = [
+    {
+        "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
+        "package_name": "libseccomp-2.3.1-4.el7.x86_64.rpm",
+        "product": "libseccomp",
+        "version": "2.3.1",
+    },
+    {
+        "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/Packages/l/",
+        "package_name": "libseccomp-2.5.0-4.fc34.x86_64.rpm",
+        "product": "libseccomp",
+        "version": "2.5.0",
+    },
+]