feat(checker): add zstandard checker (#3590)

Signed-off-by: Fabrice Fontaine <[email protected]>

Author: ffontaine

cve_bin_tool/checkers/__init__.py

@@ -348,6 +348,7 @@
     "zlib",
     "znc",
     "zsh",
+    "zstandard",
 ]
 
 VendorProductPair = collections.namedtuple("VendorProductPair", ["vendor", "product"])

cve_bin_tool/checkers/zstandard.py

@@ -0,0 +1,23 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for zstandard:
+
+https://www.cvedetails.com/product/57378/Facebook-Zstandard.html?vendor_id=7758
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class ZstandardChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [
+        r"Frame requires too much memory for decoding[a-zA-Z :(#$'/\r\n]*([0-9]+\.[0-9]+\.[0-9]+)",
+        r"\r?\n([0-9]+\.[0-9]+\.[0-9]+)[a-zA-Z0-9 -|<>/._=%:(#$'/\[\]\r\n]*Frame requires too much memory for decoding",
+    ]
+    VENDOR_PRODUCT = [("facebook", "zstandard")]

test/condensed-downloads/libzstd-1.5.2-3.fc37.aarch64.rpm.tar.gz

@@ -10,12 +10,14 @@
         "package_name": "grub2-2.06-150400.11.5.2.aarch64.rpm",
         "product": "grub2",
         "version": "2.06",
+        "other_products": ["zstandard"],
     },
     {
         "url": "http://rpmfind.net/linux/opensuse/distribution/leap/15.5/repo/oss/ppc64le/",
         "package_name": "grub2-2.06-150400.11.5.2.ppc64le.rpm",
         "product": "grub2",
         "version": "2.06",
+        "other_products": ["zstandard"],
     },
     {
         "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/",

test/condensed-downloads/libzstd1_1.3.8+dfsg-3+deb10u2_amd64.deb.tar.gz

@@ -0,0 +1,30 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "zstandard",
+        "version": "1.4.0",
+        "version_strings": ["Frame requires too much memory for decoding/n1.4.0"],
+    }
+]
+package_test_data = [
+    {
+        "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/l/",
+        "package_name": "libzstd-1.5.2-3.fc37.aarch64.rpm",
+        "product": "zstandard",
+        "version": "1.5.2",
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/libz/libzstd/",
+        "package_name": "libzstd1_1.3.8+dfsg-3+deb10u2_amd64.deb",
+        "product": "zstandard",
+        "version": "1.3.8",
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "libzstd_1.4.5-2_x86_64.ipk",
+        "product": "zstandard",
+        "version": "1.4.5",
+    },
+]