Skip to content

Commit

Permalink
fix: update jq checker
Browse files Browse the repository at this point in the history
Update jq pattern to avoid false positives with the following strings:

0.2
jqPzsA

Moreover, add a new pattern to detect jq 1.7.1

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
  • Loading branch information
ffontaine committed Aug 29, 2024
1 parent eb8da07 commit e54393e
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
5 changes: 4 additions & 1 deletion cve_bin_tool/checkers/jq.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,8 @@
class JqChecker(Checker):
CONTAINS_PATTERNS: list[str] = []
FILENAME_PATTERNS: list[str] = []
VERSION_PATTERNS = [r"([0-9]+\.[0-9]+)[a-zA-Z0-9:\-\r\n]*jq"]
VERSION_PATTERNS = [
r"jq-([0-9]+\.[0-9]+\.[0-9]+)",
r"([0-9]+\.[0-9]+(\.[0-9]+)?)[a-zA-Z0-9:\-\r\n]*jq[ :]",
]
VENDOR_PRODUCT = [("jq_project", "jq"), ("jqlang", "jq")]
Binary file not shown.
9 changes: 8 additions & 1 deletion test/test_data/jq.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
# SPDX-License-Identifier: GPL-3.0-or-later

mapping_test_data = [
{"product": "jq", "version": "1.5", "version_strings": ["1.5\njq:"]}
{"product": "jq", "version": "1.5", "version_strings": ["1.5\njq:"]},
{"product": "jq", "version": "1.7.1", "version_strings": ["jq-1.7.1"]},
]
package_test_data = [
{
Expand All @@ -17,6 +18,12 @@
"product": "jq",
"version": "1.5",
},
{
"url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/",
"package_name": "jq_1.7.1-3_arm64.deb",
"product": "jq",
"version": "1.7.1",
},
{
"url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
"package_name": "jq_1.6-1_x86_64.ipk",
Expand Down

0 comments on commit e54393e

Please sign in to comment.