fix: android libraries not handled #5405
Description
Description
Some versions of libraries are not correctly parsed/handled, and no issue are raised.
To reproduce
Steps to reproduce the behaviour:
- create android emulator via android studio or connect a physical device
- pull libraries
adb pull /system/lib64 - scan
cve-bin-tool . --exploits --metrics -f json -o android.json
Expected behaviour:
Raise issues for libxml2.so and libsqlite.so
Actual behaviour:
No CVE raised
Version/platform info
Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4
Installed from pypi or github? GitHub
Operating system:
- Host: Linux
- Android emulator:
- Tested with API 30, 33, 34
- libxml2: 2.9.9
- libsqlite: 3.28.0
Anything else?
Their names have the format libsqlite.so, without any version in their name.
To determine their versions :
$ strings libxml2.so | grep -iE ".*v2(\.[0-9]+)+.*"
20909-GITv2.9.9-rc2-2-g7c4949afa
$ strings libsqlite.so | grep -iE ".*3(\.[0-9]+)+.*"
3.32.2Tested with libxml2.so and libsqlite.so, but there might be others.