-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(checker): add ngircd checker #3003
Conversation
Codecov Report
@@ Coverage Diff @@
## main #3003 +/- ##
==========================================
- Coverage 82.92% 82.27% -0.65%
==========================================
Files 674 704 +30
Lines 10650 10933 +283
Branches 1429 1476 +47
==========================================
+ Hits 8831 8995 +164
- Misses 1457 1555 +98
- Partials 362 383 +21
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 50 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor change: I'd just like the comment about detection on 2-digits to go in the checker so it's a bit easier for people to find if it comes up.
We could potentially look into having a 2-character scan happen if and only if the pattern ngIRCd
is found. I don't think it would impossible to engineer that somehow by overriding the checker functions to grab the strings, but I don't know off the top of my head how much work it would be. We could also see if enabling 2-character strings in all scans would cause a performance hit or break any existing checkers.
|
||
https://www.cvedetails.com/product/4749/Ngircd-Ngircd.html?vendor_id=2709 | ||
https://www.cvedetails.com/product/26242/Barton-Ngircd.html?vendor_id=12890 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: Unfortunately, we can't catch some ngircd version which are on two digits (e.g. 25) | |
because cve-bin-tool only extracts strings which have more than 3 characters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the time-being, I added the comment in the checker as requested
0a761d0
to
54e5336
Compare
Unfortunately, we can't catch some ngircd version which are on two digits (e.g. 25) because cve-bin-tool only extracts strings which have more than 3 characters Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
54e5336
to
6740fc3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Let's get this merged then, and I'll open a separate issue about the string lengths just so I don't forget about it.
Unfortunately, we can't catch some ngircd version which are on two digits (e.g. 25) because cve-bin-tool only extracts strings which have more than 3 characters