feat(checker): libsolv checker (closes #1491) (#1562)

rhythmrx9 · BreadGenie · web-flow · commit 70973dd44725 · 2022-03-03T15:01:44.000-08:00
Co-authored-by: Bread Genie &lt;63963181+BreadGenie@users.noreply.github.com&gt;
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -185,6 +185,7 @@ libraryname
 librsvg
 libseccomp
 libsndfile
+libsolv
 libsoup
 libsqlite
 libsrtp
diff --git a/README.md b/README.md
@@ -194,24 +194,24 @@ The following checkers are available for finding components in binary files:
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- |
+|--------------- |---------- |---------- |------------ |--------------- |------------- |------------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas |
-| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |
-| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |
-| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses |
-| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs |
-| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip |
-| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp |
-| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite |
-| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers |
-| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |
-| zsh | | | | | | |
+| libnss |librsvg |libseccomp |libsndfile |libsolv |libsoup |libsrtp |
+| libssh2 |libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |
+| lua |mariadb |mdadm |memcached |mtr |mysql |nano |
+| ncurses |nessus |netpbm |nginx |node |ntp |open_vm_tools |
+| openafs |openjpeg |openldap |openssh |openssl |openswan |openvpn |
+| p7zip |pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |
+| pspp |python |qt |radare2 |rsyslog |samba |sane_backends |
+| sqlite |strongswan |subversion |sudo |syslogng |systemd |tcpdump |
+| trousers |varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |
+| zlib |zsh | | | | | |
 <!--CHECKERS TABLE END-->
 
 All the checkers can be found in the checkers directory, as can the
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -64,6 +64,7 @@
     "librsvg",
     "libseccomp",
     "libsndfile",
+    "libsolv",
     "libsoup",
     "libsrtp",
     "libssh2",
diff --git a/cve_bin_tool/checkers/libsolv.py b/cve_bin_tool/checkers/libsolv.py
@@ -0,0 +1,18 @@
+# Copyright (C) 2022 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+CVE checker for libsolv
+
+https://www.cvedetails.com/vulnerability-list/vendor_id-8184/product_id-51703/Opensuse-Libsolv.html
+
+"""
+
+from cve_bin_tool.checkers import Checker
+
+
+class LibsolvChecker(Checker):
+    CONTAINS_PATTERNS = []
+    FILENAME_PATTERNS = [r"libsolv.so", r"libsolvext.so"]
+    VERSION_PATTERNS = [r"libsolv(?:\.so\.1)?-([0-9]+\.[0-9]+\.[0-9]+)"]
+    VENDOR_PRODUCT = [("opensuse", "libsolv")]
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
@@ -118,24 +118,24 @@ which is useful if you're trying the latest code from
 
 <!--CHECKERS TABLE BEGIN-->
 |   |  |  | Available checkers |  |  |  |
-|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- |
+|--------------- |---------- |---------- |------------ |--------------- |------------- |------------- |
 | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap |
 | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus |
 | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius |
 | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls |
 | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell |
 | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive |
 | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas |
-| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 |
-| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua |
-| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses |
-| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs |
-| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip |
-| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp |
-| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite |
-| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers |
-| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib |
-| zsh | | | | | | |
+| libnss |librsvg |libseccomp |libsndfile |libsolv |libsoup |libsrtp |
+| libssh2 |libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |
+| lua |mariadb |mdadm |memcached |mtr |mysql |nano |
+| ncurses |nessus |netpbm |nginx |node |ntp |open_vm_tools |
+| openafs |openjpeg |openldap |openssh |openssl |openswan |openvpn |
+| p7zip |pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |
+| pspp |python |qt |radare2 |rsyslog |samba |sane_backends |
+| sqlite |strongswan |subversion |sudo |syslogng |systemd |tcpdump |
+| trousers |varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |
+| zlib |zsh | | | | | |
 <!--CHECKERS TABLE END-->
 
 For a quick overview of usage and how it works, you can also see [the readme file](README.md).
diff --git a/test/condensed-downloads/libsolv-0.6.34-4.el7.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.6.34-4.el7.x86_64.rpm.tar.gz
diff --git a/test/condensed-downloads/libsolv-0.7.16-2.el8.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.7.16-2.el8.x86_64.rpm.tar.gz
diff --git a/test/condensed-downloads/libsolv-0.7.17-3.fc34.x86_64.rpm.tar.gz b/test/condensed-downloads/libsolv-0.7.17-3.fc34.x86_64.rpm.tar.gz
diff --git a/test/test_data/libsolv.py b/test/test_data/libsolv.py
@@ -0,0 +1,40 @@
+# Copyright (C) 2021 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "libsolv",
+        "version": "0.6.34",
+        "version_strings": ["libsolv-0.6.34"],
+    },
+    {
+        "product": "libsolv",
+        "version": "0.7.16",
+        "version_strings": ["libsolv.so.1-0.7.16"],
+    },
+    {
+        "product": "libsolv",
+        "version": "0.7.17",
+        "version_strings": ["libsolv.so.1-0.7.17"],
+    },
+]
+package_test_data = [
+    {
+        "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
+        "package_name": "libsolv-0.6.34-4.el7.x86_64.rpm",
+        "product": "libsolv",
+        "version": "0.6.34",
+    },
+    {
+        "url": "http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/",
+        "package_name": "libsolv-0.7.16-2.el8.x86_64.rpm",
+        "product": "libsolv",
+        "version": "0.7.16",
+    },
+    {
+        "url": "https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/Packages/l/",
+        "package_name": "libsolv-0.7.17-3.fc34.x86_64.rpm",
+        "product": "libsolv",
+        "version": "0.7.17",
+    },
+]
