Skip to content

Commit

Permalink
fix: fix xerces CPE ID
Browse files Browse the repository at this point in the history 
apache:xerces-c has been deprecated in favor of apache-xerces-c\+\+
since February 2023:

<cpe-item name="cpe:/a:apache:xerces-c:3.1.1" deprecated="true" deprecation_date="2023-02-05T21:10:01.860Z">
      <reference href="https://marc.info/?l=xerces-c-users&amp;m=157653840106914&amp;w=2">Advisory</reference>
      <reference href="https://xerces.apache.org/xerces-c/releases_archive.html">Version</reference>
    <cpe-23:cpe23-item name="cpe:2.3:a:apache:xerces-c:3.1.1:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
  • Loading branch information
@ffontaine
ffontaine committed Jun 21, 2023
1 parent 0e9749a commit 544c27a
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 5 deletions.
2 changes: 1 addition & 1 deletion cve_bin_tool/checkers/xerces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ class XercesChecker(Checker):
r"\/xerces-c-src_([0-9]+_[0-9]+_[0-9]+)\/",
r"xercesc_([0-9]+\_[0-9]+):",
]
VENDOR_PRODUCT = [("apache", "xerces-c\+\+")]
VENDOR_PRODUCT = [("apache", "xerces-c\\+\\+")]
1 change: 1 addition & 0 deletions test/test_available_fix.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ def test_long_debian_available_fix_output(
"avahi: CVE-2011-1002 has available fix in v0.6.28-4 release.",
"avahi: CVE-2017-6519 has available fix in v0.7-5 release.",
"avahi: CVE-2021-26720 has available fix in v0.8-4 release.",
"avahi: CVE-2021-3468 has available fix in v0.8-5+deb11u2 release.",
]

assert expected_output == [rec.message for rec in caplog.records]
Expand Down
4 changes: 2 additions & 2 deletions test/test_data/xerces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

mapping_test_data = [
{
"product": "xerces-c\+\+",
"product": "xerces-c\\+\\+",
"version": "3.1.1",
"version_strings": ["/xerces-c-src_3_1_1/"],
}
Expand All @@ -12,7 +12,7 @@
{
"url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
"package_name": "xerces-c-3.1.1-10.el7_7.x86_64.rpm",
"product": "xerces-c\+\+",
"product": "xerces-c\\+\\+",
"version": "3.1",
}
]
4 changes: 2 additions & 2 deletions test/test_scanner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,10 @@ def test_version_mapping(self, product, version, version_strings):
f"{'.'.join(list(product))}-{version}.out",
]
for filename in filenames:
# Replace space in filename to avoid a failure on Windows
# Replace colon and backslash in filename to avoid a failure on Windows
with tempfile.NamedTemporaryFile(
"w+b",
suffix=filename.replace(":", "_"),
suffix=filename.replace(":", "_").replace("\\", "_"),
dir=self.mapping_test_dir,
delete=False,
) as f:
Expand Down

0 comments on commit 544c27a

Please sign in to comment.