Merge branch 'main' into add-cpe-summary

intel · Oct 16, 2023 · f0e577e · f0e577e
2 parents 3b3e5a3 + 9b23ea9
commit f0e577e
Show file tree

Hide file tree

Showing 137 changed files with 2,963 additions and 1,590 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -28,6 +28,7 @@ autoescape
 autoextract
 autoextracts
 avahi
+axel
 backend
 backends
 backport
@@ -77,6 +78,7 @@ checkername
 chess
 chris
 chrony
+civetweb
 clamav
 cleartext
 clnt
@@ -123,6 +125,7 @@ davfs
 dbus
 dearmor
 debian
+debianutils
 debuginfo
 devops
 dgst
@@ -136,6 +139,7 @@ dnsmasq
 docstring
 DOCTYPE
 domoticz
+dosfstools
 dovecot
 downloading
 doxygen
@@ -144,6 +148,7 @@ dropbear
 dsa
 dtls
 e
+ed
 elfutils
 emacs
 endoflife
@@ -192,7 +197,9 @@ ftpd
 fuzzer
 g
 GAD
+gawk
 gcc
+gdal
 gdb
 gdk
 Gemfile
@@ -248,6 +255,7 @@ httpd
 https
 hunspell
 hur
+hwloc
 i
 icecast
 icu
@@ -369,6 +377,7 @@ mentoring
 metabiswadeep
 metadata
 microsoft
+minetest
 mingw
 mini
 minicom
@@ -379,16 +388,19 @@ mkdir
 modsecurity
 modulename
 Molkree
+monit
 mosquitto
 motion
 mozilla
+mpg
 mpv
 msgid
 msgstr
 msi
 msmtp
 msys
 mtr
+mupdf
 mutt
 myfork
 mypy
@@ -493,6 +505,7 @@ python
 pythonapp
 pyupgrade
 qemu
+qpdf
 Qqe
 qt
 quagga
@@ -518,6 +531,7 @@ reportlab
 rhythmrx
 Romi
 rossburton
+rpm
 rpmfile
 rpmfind
 RSD
@@ -583,6 +597,7 @@ taskbar
 tcpdump
 tcpreplay
 templating
+terminology
 terri
 terriko
 testfiles
@@ -605,6 +620,7 @@ triaging
 trousers
 tss
 turbo
+twonky
 u
 ubuntu
 udisks

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -20,39 +20,39 @@ updates:
 
 # Scanning is disabled for files in /test/ to avoid false positives.
 # These files are used for testing; vulnerable code is never installed or used.
-
-  - package-ecosystem: cargo
-    directory: /test/language_data
-    schedule:
-      interval: monthly
-    ignore:
-      - dependency-name: "*"
-
-  - package-ecosystem: bundler
-    directory: /test/language_data
-    schedule:
-      interval: monthly
-    ignore:
-      - dependency-name: "*"
-
-  - package-ecosystem: gomod
-    directory: /test/language_data
-    schedule:
-      interval: monthly
-    ignore:
-      - dependency-name: "*"
-
-  - package-ecosystem: pip
-    directory: /test/language_data
-    schedule:
-      interval: monthly
-    ignore:
-      - dependency-name: "*"
-
-  - package-ecosystem: maven
-    directory: /test/language_data
-    schedule:
-      interval: monthly
-    ignore:
-      - dependency-name: "*"
-
+# These are commented out because they caused problems with other automated checks
+
+#  - package-ecosystem: cargo
+#    directory: /test/language_data
+#    schedule:
+#      interval: monthly
+#    ignore:
+#      - dependency-name: "*"
+
+#  - package-ecosystem: bundler
+#    directory: /test/language_data
+#    schedule:
+#      interval: monthly
+#    ignore:
+#      - dependency-name: "*"
+
+#  - package-ecosystem: gomod
+#    directory: /test/language_data
+#    schedule:
+#      interval: monthly
+#    ignore:
+#      - dependency-name: "*"
+
+#  - package-ecosystem: pip
+#    directory: /test/language_data
+#    schedule:
+#      interval: monthly
+#    ignore:
+#      - dependency-name: "*"
+
+#  - package-ecosystem: maven
+#    directory: /test/language_data
+#    schedule:
+#      interval: monthly
+#    ignore:
+#      - dependency-name: "*"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -42,16 +42,16 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
       with:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+      uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+      uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
     - uses: vapier/coverity-scan-action@cae3c096a2eb21c431961a49375ac17aea2670ce # v1.7.0
       with:
         email: ${{ secrets.COVERITY_SCAN_EMAIL }}

diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
@@ -15,12 +15,12 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'
           cache: 'pip'
@@ -30,7 +30,7 @@ jobs:
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
       - name: Get cached database
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8
+        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
diff --git a/.github/workflows/export_data.yml b/.github/workflows/export_data.yml
@@ -26,13 +26,13 @@ jobs:
 
     steps: 
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
-      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'
 

diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'
           cache: 'pip'

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -20,12 +20,12 @@ jobs:
         tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'
           cache: 'pip'
@@ -46,5 +46,5 @@ jobs:
         run: |
           python -m pip install --upgrade gitlint
           echo "$TITLE" | gitlint
-      - uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a
+      - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d
 
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -15,18 +15,19 @@ jobs:
       contents: write  # for peter-evans/create-pull-request to create branch
       pull-requests: write  # for peter-evans/create-pull-request to create a PR
     name: Generate SBOM
+    if: github.repository == 'intel/cve-bin-tool'  # for SBOM generation on forks
     runs-on: ubuntu-22.04
     strategy:
       matrix:
         python: ['3.8', '3.9', '3.10', '3.11']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: ${{ matrix.python }}
           cache: 'pip'

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -22,24 +22,24 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
     - uses: check-spelling/check-spelling@d7cd2973c513e84354f9d6cf50a6417a628a78ce # v0.0.21
       with:
         post_comment: '0'