From 544c27a91d6f54a702385bdd7e1e31d475a9adba Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 21 Apr 2023 15:55:46 +0200 Subject: [PATCH] fix: fix xerces CPE ID apache:xerces-c has been deprecated in favor of apache-xerces-c\+\+ since February 2023: Advisory Version Signed-off-by: Fabrice Fontaine --- cve_bin_tool/checkers/xerces.py | 2 +- test/test_available_fix.py | 1 + test/test_data/xerces.py | 4 ++-- test/test_scanner.py | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cve_bin_tool/checkers/xerces.py b/cve_bin_tool/checkers/xerces.py index 6a410ec7b2..e1855d3034 100644 --- a/cve_bin_tool/checkers/xerces.py +++ b/cve_bin_tool/checkers/xerces.py @@ -20,4 +20,4 @@ class XercesChecker(Checker): r"\/xerces-c-src_([0-9]+_[0-9]+_[0-9]+)\/", r"xercesc_([0-9]+\_[0-9]+):", ] - VENDOR_PRODUCT = [("apache", "xerces-c\+\+")] + VENDOR_PRODUCT = [("apache", "xerces-c\\+\\+")] diff --git a/test/test_available_fix.py b/test/test_available_fix.py index 1eee1aa979..b66384973c 100644 --- a/test/test_available_fix.py +++ b/test/test_available_fix.py @@ -66,6 +66,7 @@ def test_long_debian_available_fix_output( "avahi: CVE-2011-1002 has available fix in v0.6.28-4 release.", "avahi: CVE-2017-6519 has available fix in v0.7-5 release.", "avahi: CVE-2021-26720 has available fix in v0.8-4 release.", + "avahi: CVE-2021-3468 has available fix in v0.8-5+deb11u2 release.", ] assert expected_output == [rec.message for rec in caplog.records] diff --git a/test/test_data/xerces.py b/test/test_data/xerces.py index ca391f4902..93cd4bfa50 100644 --- a/test/test_data/xerces.py +++ b/test/test_data/xerces.py @@ -3,7 +3,7 @@ mapping_test_data = [ { - "product": "xerces-c\+\+", + "product": "xerces-c\\+\\+", "version": "3.1.1", "version_strings": ["/xerces-c-src_3_1_1/"], } @@ -12,7 +12,7 @@ { "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/", "package_name": "xerces-c-3.1.1-10.el7_7.x86_64.rpm", - "product": "xerces-c\+\+", + "product": "xerces-c\\+\\+", "version": "3.1", } ] diff --git a/test/test_scanner.py b/test/test_scanner.py index 32bd11db6e..4f43fe4b5c 100644 --- a/test/test_scanner.py +++ b/test/test_scanner.py @@ -138,10 +138,10 @@ def test_version_mapping(self, product, version, version_strings): f"{'.'.join(list(product))}-{version}.out", ] for filename in filenames: - # Replace space in filename to avoid a failure on Windows + # Replace colon and backslash in filename to avoid a failure on Windows with tempfile.NamedTemporaryFile( "w+b", - suffix=filename.replace(":", "_"), + suffix=filename.replace(":", "_").replace("\\", "_"), dir=self.mapping_test_dir, delete=False, ) as f: