fix: improve nghttp2 checker

Improve nghttp2 checker to avoid false positives with node and wireshark binaries which links dynamically with nghttp2 library (and saves the associated version number) Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
intel · May 10, 2023 · d9657ed · d9657ed
1 parent 9bdba0c
commit d9657ed
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/cve_bin_tool/checkers/nghttp2.py b/cve_bin_tool/checkers/nghttp2.py
@@ -18,6 +18,6 @@ class Nghttp2Checker(Checker):
     FILENAME_PATTERNS: list[str] = []
     VERSION_PATTERNS = [
         r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",
-        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",
     ]
     VENDOR_PRODUCT = [("nghttp2", "nghttp2")]
diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py
@@ -3,7 +3,11 @@
 
 mapping_test_data = [
     {"product": "nghttp2", "version": "1.50.0", "version_strings": ["nghttp2/1.50.0"]},
-    {"product": "nghttp2", "version": "1.18.1", "version_strings": ["1.18.1\nnghttp2"]},
+    {
+        "product": "nghttp2",
+        "version": "1.18.1",
+        "version_strings": ["1.18.1\nnghttp2-"],
+    },
 ]
 package_test_data = [
     {

diff --git a/test/test_data/node.py b/test/test_data/node.py
@@ -28,6 +28,6 @@
         "package_name": "node_v8.16.1-1_x86_64.ipk",
         "product": "node.js",
         "version": "8.16.1",
-        "other_products": ["nghttp2", "openssl"],
+        "other_products": ["openssl"],
     },
 ]
diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py
@@ -40,6 +40,6 @@
         "package_name": "libwireshark16_4.0.3-1_amd64.deb",
         "product": "wireshark",
         "version": "4.0.3",
-        "other_products": ["lua", "nghttp2"],
+        "other_products": ["lua"],
     },
 ]