Skip to content

Commit

Permalink
Merge branch 'main' into version_compare
Browse files Browse the repository at this point in the history
  • Loading branch information
@terriko
terriko authored Oct 30, 2023
2 parents 0863e31 + 9459c05 commit 744ca88
Show file tree
Hide file tree
Showing 15 changed files with 303 additions and 150 deletions.
61 changes: 61 additions & 0 deletions .github/workflows/fuzzing.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Fuzzing

on:
schedule:
- cron: '0 7 * * 1' # Runs at 07:00 on monday every week

workflow_dispatch:

permissions:
contents: read

jobs:
fuzzing:
name: Fuzzing
runs-on: ubuntu-22.04
if: github.event.repository.fork == false
steps:
- name: Check out code
uses: actions/checkout@v2

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.9

- name: Install Bazel
run: |
sudo apt-get update
sudo apt-get install -y wget
wget -c https://github.com/bazelbuild/bazelisk/releases/download/v1.18.0/bazelisk-linux-amd64
chmod +x bazelisk-linux-amd64
sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel
bazel --version
- name: Install Fuzzing Dependencies
run: |
pip install --upgrade atheris
pip install --upgrade atheris-libprotobuf-mutator
pip install --upgrade protobuf
- name: Install Cve-bin-tool
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade setuptools
python -m pip install --upgrade -r dev-requirements.txt
python -m pip install --upgrade .
- name: Run Fuzzing
id: fuzzing
env:
PYTHONPATH: ${{ github.workspace }}
run: |
cd fuzz
export PYTHONPATH="$PYTHONPATH:/generated"
fuzzing_scripts=($(ls *.py))
echo "Found Fuzzing scripts: ${fuzzing_scripts[@]}"
current_week=($(date -u +%U))
echo "Current week number: $current_week"
at_index=$((($(date -u +%U) % ${#fuzzing_scripts[@]})))
selected_script="${fuzzing_scripts[$at_index]}"
echo "Selected script: $selected_script"
timeout --preserve-status --signal=SIGINT 60m python $selected_script
48 changes: 48 additions & 0 deletions .github/workflows/testing.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,19 @@ jobs:
with:
python-version: ${{ matrix.python }}
cache: 'pip'

- name: "Skip tests if this is an automated sbom job"
env:
COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
run: |
if ${COMMIT_VAR} == true; then
echo "sbom=true" >> $GITHUB_ENV
echo "sbom set to true"
else
echo "sbom=false" >> $GITHUB_ENV
echo "sbom set to false"
fi
- name: Get date
id: get-date
run: |
Expand All @@ -96,10 +109,13 @@ jobs:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
- name: Install cabextract
if: env.sbom == false
run: sudo apt-get update && sudo apt-get install cabextract
- name: Install OS dependencies for testing PDF
if: env.sbom == false
run: sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev
- name: Install pdftotext, reportlab and cve-bin-tool
if: env.sbom == false
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade setuptools
Expand All @@ -109,11 +125,13 @@ jobs:
python -m pip install --upgrade -r dev-requirements.txt
python -m pip install --upgrade .
- name: Try single CLI run of tool
if: env.sbom == false
run: |
[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
cp -r ~/.cache/cve-bin-tool cache
- name: Run async tests
if: env.sbom == false
run: >
pytest -n 4 -v
--ignore=test/test_cli.py
Expand All @@ -122,13 +140,23 @@ jobs:
--ignore=test/test_html.py
--ignore=test/test_json.py
- name: Run synchronous tests
if: env.sbom == false
run: >
pytest -v
test/test_cli.py
test/test_cvedb.py
long_tests:
name: Long tests on Python 3.10
if: |
! github.event.pull_request.user.login == 'github-actions[bot]' ||
! (
startsWith(github.head_ref, 'chore-sbom-py') ||
contains(
fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
github.head_ref
)
)
runs-on: ubuntu-22.04
timeout-minutes: 90
env:
Expand All @@ -144,6 +172,19 @@ jobs:
with:
python-version: '3.10'
cache: 'pip'

- name: "Skip tests if this is an automated sbom job"
env:
COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
run: |
if ${COMMIT_VAR} == true; then
echo "sbom=true" >> $GITHUB_ENV
echo "sbom set to true"
else
echo "sbom=false" >> $GITHUB_ENV
echo "sbom set to false"
fi
- name: Get date
id: get-date
run: |
Expand Down Expand Up @@ -182,10 +223,13 @@ jobs:
if_true: '1'
if_false: '0'
- name: Install cabextract
if: env.sbom == false
run: sudo apt-get update && sudo apt-get install cabextract
- name: Install OS dependencies for testing PDF
if: env.sbom == false
run: sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev
- name: Install pdftotext, reportlab and cve-bin-tool
if: env.sbom == false
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade setuptools
Expand All @@ -195,11 +239,13 @@ jobs:
python -m pip install --upgrade -r dev-requirements.txt
python -m pip install --editable .
- name: Try single CLI run of tool
if: env.sbom == false
run: |
[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
cp -r ~/.cache/cve-bin-tool cache
- name: Run async tests
if: env.sbom == false
env:
LONG_TESTS: ${{ steps.git-diff.outputs.value }}
run: >
Expand All @@ -210,13 +256,15 @@ jobs:
--ignore=test/test_html.py
--ignore=test/test_json.py
- name: Run synchronous tests
if: env.sbom == false
env:
LONG_TESTS: ${{ steps.git-diff.outputs.value }}
run: >
pytest -v --cov --cov-append --cov-report=xml
test/test_cli.py
test/test_cvedb.py
- name: Upload code coverage to codecov
if: env.sbom == false
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
files: ./coverage.xml
Expand Down
1 change: 1 addition & 0 deletions cve_bin_tool/checkers/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,7 @@
"xscreensaver",
"yasm",
"zabbix",
"zchunk",
"zeek",
"zlib",
"znc",
Expand Down
20 changes: 20 additions & 0 deletions cve_bin_tool/checkers/zchunk.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Copyright (C) 2023 Orange
# SPDX-License-Identifier: GPL-3.0-or-later


"""
CVE checker for zchunk
https://www.cvedetails.com/product/163243/Zchunk-Zchunk.html?vendor_id=33326
"""
from __future__ import annotations

from cve_bin_tool.checkers import Checker


class ZchunkChecker(Checker):
CONTAINS_PATTERNS: list[str] = []
FILENAME_PATTERNS: list[str] = []
VERSION_PATTERNS = [r"zchunk ([0-9]+\.[0-9]+\.[0-9]+)"]
VENDOR_PRODUCT = [("zchunk", "zchunk")]
4 changes: 4 additions & 0 deletions cve_bin_tool/data_sources/gad_source.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,8 @@ def parse_range_string(self, range_string):
return version_list

def format_data(self, all_cve_entries):
"""Formats data from a list of Common Vulnerabilities and Exposures (CVE) entries."""

severity_data = []
affected_data = []

Expand Down Expand Up @@ -327,6 +329,8 @@ def format_data(self, all_cve_entries):
return severity_data, affected_data

async def get_cve_data(self):
"""Asynchronously fetches and formats Common Vulnerabilities and Exposures (CVE) data."""

# skip GAD if connection fails
try:
await self.fetch_cves()
Expand Down
Loading

0 comments on commit 744ca88

Please sign in to comment.