Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: added libseccomp checker #1556

Merged
merged 1 commit into from
Feb 22, 2022
Merged

feat: added libseccomp checker #1556

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/actions/spelling/allow.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ libnss
libpng
libraryname
librsvg
libseccomp
libsndfile
libsoup
libsqlite
Expand Down
20 changes: 10 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,23 +194,23 @@ The following checkers are available for finding components in binary files:

<!--CHECKERS TABLE BEGIN-->
| | | | Available checkers | | | |
|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- |
| accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
| busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
| dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
| ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
| gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
| icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |
| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |
| mdadm |memcached |mtr |mysql |nano |ncurses |nessus |
| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg |
| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |
| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python |
| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |
| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish |
| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh |
<!--CHECKERS TABLE END-->

All the checkers can be found in the checkers directory, as can the
Expand Down
1 change: 1 addition & 0 deletions cve_bin_tool/checkers/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
"liblas",
"libnss",
"librsvg",
"libseccomp",
"libsndfile",
"libsoup",
"libsrtp",
Expand Down
18 changes: 18 additions & 0 deletions cve_bin_tool/checkers/libseccomp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copyright (C) 2022 Intel Corporation
# SPDX-License-Identifier: GPL-3.0-or-later

"""
CVE checker for libseccomp

https://www.cvedetails.com/vulnerability-list/vendor_id-19760/product_id-53398/Libseccomp-Project-Libseccomp.html
"""
from cve_bin_tool.checkers import Checker


class LibseccompChecker(Checker):
CONTAINS_PATTERNS = []
FILENAME_PATTERNS = [r"libseccomp"]
VERSION_PATTERNS = [
r"libseccomp.so.([0-9]+\.[0-9]+\.[0-9]+)"
] # patterns like this aren't ideal
VENDOR_PRODUCT = [("libseccomp_project", "libseccomp")]
20 changes: 10 additions & 10 deletions doc/MANUAL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,23 +118,23 @@ which is useful if you're trying the latest code from

<!--CHECKERS TABLE BEGIN-->
| | | | Available checkers | | | |
|--------------- |--------------- |--------- |------------- |------------- |---------- |---------- |
|--------------- |------------ |--------------- |---------- |------------- |---------- |---------- |
| accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
| busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
| dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
| ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
| gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
| icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss |
| librsvg |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |
| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm |
| memcached |mtr |mysql |nano |ncurses |nessus |netpbm |
| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap |
| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |
| png |polarssl_fedora |poppler |postgresql |pspp |python |qt |
| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion |
| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |
| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | |
| librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |libtiff |
| libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |
| mdadm |memcached |mtr |mysql |nano |ncurses |nessus |
| netpbm |nginx |node |ntp |open_vm_tools |openafs |openjpeg |
| openldap |openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |
| pigz |png |polarssl_fedora |poppler |postgresql |pspp |python |
| qt |radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |
| subversion |sudo |syslogng |systemd |tcpdump |trousers |varnish |
| webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh |
<!--CHECKERS TABLE END-->

For a quick overview of usage and how it works, you can also see [the readme file](README.md).
Expand Down
Binary file added test/condensed-downloads/libseccomp-2.3.1-4.el7.x86_64.rpm.tar.gz
View file
Open in desktop
Binary file not shown.
Binary file added test/condensed-downloads/libseccomp-2.5.0-4.fc34.x86_64.rpm.tar.gz
View file
Open in desktop
Binary file not shown.
29 changes: 29 additions & 0 deletions test/test_data/libseccomp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Copyright (C) 2022 Intel Corporation
# SPDX-License-Identifier: GPL-3.0-or-later

mapping_test_data = [
{
"product": "libseccomp",
"version": "2.3.1",
"version_strings": ["libseccomp.so.2.3.1"],
},
{
"product": "libseccomp",
"version": "2.5.0",
"version_strings": ["libseccomp.so.2.5.0"],
},
]
package_test_data = [
{
"url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
"package_name": "libseccomp-2.3.1-4.el7.x86_64.rpm",
"product": "libseccomp",
"version": "2.3.1",
},
{
"url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/Packages/l/",
"package_name": "libseccomp-2.5.0-4.fc34.x86_64.rpm",
"product": "libseccomp",
"version": "2.5.0",
},
]