fix: update kexec-tools checker (intel#2825)

kexec-tools_project:kexec-tools is a valid CPE ID for kexec-tools: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akexec-tools_project%3Akexec-tools Without this CPE, CVE-2021-20269 will be missed While at it, add an openWRT test package and drop empty other_products Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
ffontaine · Mar 16, 2023 · 8749b8b · 8749b8b
1 parent 68e64f9
commit 8749b8b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/cve_bin_tool/checkers/kexectools.py b/cve_bin_tool/checkers/kexectools.py
@@ -6,6 +6,7 @@
 CVE checker for kexec-tools
 
 https://www.cvedetails.com/product/27100/?q=Kexec-tools
+https://www.cvedetails.com/product/121743/Kexec-tools-Project-Kexec-tools.html?vendor_id=28449
 
 """
 from __future__ import annotations
@@ -17,4 +18,4 @@ class KexectoolsChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS = [r"kexec"]
     VERSION_PATTERNS = [r"kexec-tools ([0-9]+\.[0-9]+\.[0-9]+)"]
-    VENDOR_PRODUCT = [("redhat", "kexec-tools")]
+    VENDOR_PRODUCT = [("kexec-tools_project", "kexec-tools"), ("redhat", "kexec-tools")]
diff --git a/test/condensed-downloads/kexec_2.0.16-2_x86_64.ipk.tar.gz b/test/condensed-downloads/kexec_2.0.16-2_x86_64.ipk.tar.gz
diff --git a/test/test_data/kexectools.py b/test/test_data/kexectools.py
@@ -26,6 +26,11 @@
         "package_name": "kexec-tools_2.0.16-1ubuntu1_amd64.deb",
         "product": "kexec-tools",
         "version": "2.0.16",
-        "other_products": [],
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/base/",
+        "package_name": "kexec_2.0.16-2_x86_64.ipk",
+        "product": "kexec-tools",
+        "version": "2.0.16",
     },
 ]