cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard
verified publisher icon intel

add description for commented lines in checkers

Open peb-peb opened this issue 4 years ago • 8 comments

In #1189, we dicussed to add # Alternate optional contains patterns, see <link to helper script docs> for more details in checkers where we have commented out strings in CONTAINS_PATTERNS, but it was not merged with #1189. So, the task for anyone who wants to work on this would be:

  • [ ] to add # Alternate optional contains patterns, see <link to helper script docs> for more details in checkers which have strings commented out in them.

Also, not every checker which do not have strings in CONTAINS_PATTERNS was searched and looked into in #1189. So, just putting the list down here to search in for those checkers:

  • [ ] expat
  • [ ] ffmpeg
  • [ ] gcc
  • [ ] gimp
  • [ ] gnupg
  • [ ] haproxy
  • [ ] hostpad
  • [ ] icecast
  • [ ] libssh2
  • [ ] libvirt
  • [ ] memchand
  • [ ] netpbm
  • [ ] openafs
  • [ ] openldap
  • [ ] openssh
  • [ ] openvpn
  • [ ] polarssl_fedora
  • [ ] postgresql
  • [ ] qt
  • [ ] radare2
  • [ ] rsyslog
  • [ ] samba
  • [ ] strongswan
  • [ ] tcpdump
  • [ ] varnish
  • [ ] wireshark

peb-peb avatar Aug 19 '21 16:08 peb-peb

Hey, I'm going to work on this issue.

snosratiershad avatar May 18 '22 20:05 snosratiershad

Go ahead! If you have any problems regarding this, feel free to ask it here or on our communication channel.

peb-peb avatar May 18 '22 20:05 peb-peb

@peb-peb, is https://github.com/intel/cve-bin-tool/tree/main/cve_bin_tool/checkers#helper-script the expected link to helper script docs? I couldn't found it's copy on https://cve-bin-tool.readthedocs.io.

snosratiershad avatar May 24 '22 10:05 snosratiershad

@snosratiershad yup! that is the link for the docs.

peb-peb avatar May 24 '22 21:05 peb-peb

@peb-peb, I tried to find contains patterns with helper script on radare2, gimp, expat, ... but almost everytime it returns blank list. should I install or compile codebase of this packages and finally find patterns with analyzing strings in binary files? (for example using strings of gnu development tools). I tested it for contains patterns of current checkers and always found them in binary files.

snosratiershad avatar May 26 '22 14:05 snosratiershad

If the helper-script is failing in finding any appropriate patterns, then Yes, you would have to do it manually by extracting and searching for possible patterns.

I'll also check for these (i.e. radare2, gimp, expat) and see why the script is returning an empty array.

peb-peb avatar May 26 '22 14:05 peb-peb

@peb-peb, I just noticed that wireshark, ffmpeg, ... has already CONTAINS_PATTERNS. should we update them?

snosratiershad avatar Jun 08 '22 22:06 snosratiershad

@peb-peb, @terriko Also I think I've found why helper script couldn't found related information about CONTAINS_PATTERNS of too many versions and types of expat package, that I've tested. are we looking for libexpats checkers all this times?

snosratiershad avatar Jun 08 '22 23:06 snosratiershad

It looks like this is pretty much done and safe to close. @anthonyharrison says we might have missed openLDAP so I'll open a separate issue for that.

terriko avatar Oct 25 '22 21:10 terriko

Hm, openLDAP looks ok to me (no commented lines) so I'm just gonna leave it as is.

terriko avatar Oct 25 '22 21:10 terriko