Fix some bug risks and quality issues

Changes:
 - Fixed mutable default arguments used in `cve_bin_tool/csv2cve.py` and `cve_bin_tool/cli.py`
 - Removed unused imports in `cve_bin_tool/cli.py`, `cve_bin_tool/checkers/openssh.py` and `cve_bin_tool/NVDAutoUpdate.py`
 - Use raw strings in `cve_bin_tool/checkers/openssh.py`, `cve_bin_tool/NVDAutoUpdate.py` and `cve_bin_tool/checkers/expat.py`
 - Replaced `range(len(..))` with `enumerate()` in `cve_bin_tool/cli.py`

Author: sanketsaurav

cve_bin_tool/NVDAutoUpdate.py

@@ -190,10 +190,9 @@ def find_curl_list(
 ):
     """ Extract curl data """
     # import urllib.request
-    import re
 
     cve_pattern = re.compile('name=(CVE-[^"]*)')
-    nextver_pattern = re.compile("the subsequent release: ([\d.]+)")
+    nextver_pattern = re.compile(r"the subsequent release: ([\d.]+)")
 
     # Start with version 6.0 since that's currently first
     version = "6.0"

cve_bin_tool/checkers/expat.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 # pylint: disable=anomalous-backslash-in-string, invalid-name
-"""
+r"""
 CVE checker for libexpat
 
 References:

cve_bin_tool/checkers/openssh.py

@@ -6,9 +6,7 @@
 References:
 https://www.cvedetails.com/product/585/Openbsd-Openssh.html?vendor_id=97
 """
-from ..util import regex_find
-
-import sys, re
+import re
 
 
 def get_version(lines, filename):
@@ -17,7 +15,7 @@ def get_version(lines, filename):
 
     VPkg: openbsd, openssh
     """
-    regex = re.compile("OpenSSH_([0-9]+\.[0-9]+[0-9a-z\s]*)")
+    regex = re.compile(r"OpenSSH_([0-9]+\.[0-9]+[0-9a-z\s]*)")
     version_info = dict()
 
     # determine version

cve_bin_tool/cli.py

@@ -15,7 +15,6 @@
 import sys
 import os
 import csv
-import glob
 import platform
 import subprocess
 import logging
@@ -120,7 +119,7 @@ def get_cves(self, vendor_package_pairs, vers):
         """
         cves = defaultdict(list)
 
-        for i in range(len(vendor_package_pairs)):
+        for i, _ in enumerate(vendor_package_pairs):
             vendor_package_pairs[i] = tuple(vendor_package_pairs[i])[:2] + (
                 "%" + str(vers) + "%",
             )
@@ -290,8 +289,11 @@ def output_cves(outfile, modules, include_details=False):
                 writer.writerow(row)
 
 
-def main(argv=sys.argv, outfile=sys.stdout):
+def main(argv=None, outfile=sys.stdout):
     """ Scan a binary file for certain open source libraries that may have CVEs """
+    if argv is None:
+        argv = sys.argv
+
     parser = argparse.ArgumentParser(
         prog="cve-bin-tool",
         description="The CVE Binary Tool scans for a number of common, vulnerable open source components (openssl, libpng, libxml2, expat and a few others) to let you know if a given directory or binary file includes common libraries with known vulnerabilities.",

cve_bin_tool/csv2cve.py

@@ -12,10 +12,16 @@
 ERR_MISSINGCOLUMN = -2
 
 
-def main(argv=sys.argv, outfile=sys.stdout):
+def main(argv=None, outfile=None):
     """ Take a list of package information + versions from a CSV file,
     and output a list of matching CVES """
 
+    if argv is None:
+        argv = sys.argv
+
+    if outfile is None:
+        outfile = sys.stdout
+
     parser = argparse.ArgumentParser(
         prog="csv2cve",
         description="This tool takes a list of software + versions from a CSV file and outputs a list of CVEs known to affect those versions",