New Checker Request: opensuse libsolv

[terriko]

Note: I'm adding some new checker requests based on lib* packages on CentOS that have known vulnerabilities. None of these are urgent requests, they're meant to just add some new beginner-friendly stuff to the queue. If it turns out to be hard to do, please comment here so we can remove the "good first issue" tag!

New checker request: opensuse libsolv

Website: ??

CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-8184/product_id-51703/Opensuse-Libsolv.html

Instructions: How to add a new checker to the CVE Binary Tool

This may also be a great opportunity to try out the checker creation helper script created by @peb-peb.

• Helper script documentation

[deepakdinesh1123]

Can I work on this?

[deepakdinesh1123]

@terriko Should the checker for libsolv-tools also be added ? I ran the helper script against libsolv-0.6.34-lp150.1.2.src.rpm but except for the vendor product all the other patterns came up empty. I tried to build the library myself and ran the strings and find commands against the binaries but I could not obtain the version patterns or the contains patterns could you please tell me on how to properly build the library myself and obtain the patterns?

[terriko]

Go ahead and try libsolv-tools if it works!

It's entirely possible that libsolv itself doesn't have good pattern strings (or more accurately, doesn't have ones that work with our methodology). Sometimes checkers are hard to build and you're not doing anything wrong! Since that seems to be the case here, I'm going to go ahead and remove the "good first issue" flag and instead add a "signature needs work" flag to indicate that writing this checker may require some creative thinking.

Since you're a new contributor here, I'd recommend you try another easy issue instead and leave this one for another time (or for someone else who's looking for a challenge!).