fix: merge conflict

.github/actions/spelling/allow.txt

@@ -52,6 +52,7 @@ bluetoothctl
 bluez
 boinc
 bolt
+boot
 botan
 brainwane
 bro
@@ -562,6 +563,7 @@ triaging
 trousers
 tss
 turbo
+u
 ubuntu
 udupa
 uid

.github/workflows/export_data.yml

@@ -3,9 +3,9 @@
 name: Export database
 
 on:
-  schedule:
-    # Runs at 00:00 UTC every Sunday
-    - cron: '0 0 * * 0'
+  # schedule:
+  #   # Runs at 00:00 UTC every Sunday
+  #   - cron: '0 0 * * 0'
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -30,15 +30,20 @@ jobs:
           python -m pip install --upgrade wheel
           python -m pip install .
 
+      - name: Try single CLI run of tool
+        run: |
+          NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli -u now test/assets/test-kerberos-5-1.15.1.out
+
       - name: Export database
         run: |
-          python -m cve_bin_tool.cli --update now --export database/cve_bin_tool.db
+          python -m cve_bin_tool.cli --export-json exported_data
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:
-          commit-message: "chore: update database copy"
-          title: "chore: create copy of NVD database"
+          commit-message: 'chore: update database copy'
+          title: 'chore: create copy of NVD database'
           branch: chore-update_database-copy
+          base: mirror
           delete-branch: true
           author: GitHub <noreply@github.com>

.github/workflows/testing.yml

@@ -59,11 +59,23 @@ jobs:
         id: get-date
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
-      - name: Get cached database
+          echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+      - name: Print Cache Keys
+        run: |
+          echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+          echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+      - name: Get today's cached database
         uses: actions/cache@v3
+        id: todays-cache
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+      - name: Get yesterday's cached database if today's is not available
+        uses: actions/cache@v3
+        if: steps.todays-cache.outputs.cache-hit != 'true'
+        with:
+          path: cache
+          key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
       - name: Install cabextract
         run: sudo apt-get update && sudo apt-get install cabextract
       - name: Install OS dependencies for testing PDF
@@ -111,11 +123,23 @@ jobs:
         id: get-date
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
-      - name: Get cached database
+          echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+      - name: Print Cache Keys
+        run: |
+          echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+          echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+      - name: Get today's cached database
         uses: actions/cache@v3
+        id: todays-cache
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+      - name: Get yesterday's cached database if today's is not available
+        uses: actions/cache@v3
+        if: steps.todays-cache.outputs.cache-hit != 'true'
+        with:
+          path: cache
+          key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
       - uses: technote-space/get-diff-action@v6
         with:
           PATTERNS: |
@@ -190,11 +214,23 @@ jobs:
         id: get-date
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
-      - name: Get cached database
+          echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+      - name: Print Cache Keys
+        run: |
+          echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+          echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+      - name: Get today's cached database
         uses: actions/cache@v3
+        id: todays-cache
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+      - name: Get yesterday's cached database if today's is not available
+        uses: actions/cache@v3
+        if: steps.todays-cache.outputs.cache-hit != 'true'
+        with:
+          path: cache
+          key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
       - uses: technote-space/get-diff-action@v6
         with:
           PATTERNS: |
@@ -262,13 +298,26 @@ jobs:
       - name: Get date
         id: get-date
         run: |
-          echo "DATE=$(powershell get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
-      - name: Get cached database
+          echo "DATE=$(get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "YESTERDAY=$(get-date (get-date).addDays(-1)  -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
+      - name: Print Cache Keys
+        run: |
+          echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}"
+          echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}"
+      - name: Get today's cached database
         uses: actions/cache@v3
+        id: todays-cache
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
           enableCrossOsArchive: true
+      - name: Get yesterday's cached database if today's is not available
+        uses: actions/cache@v3
+        if: steps.todays-cache.outputs.cache-hit != 'true'
+        with:
+          path: cache
+          key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}
+          enableCrossOsArchive: true
       - name: Move cache to ~/.cache/cve-bin-tool
         run: |
           mkdir '~\.cache'
@@ -313,13 +362,26 @@ jobs:
       - name: Get date
         id: get-date
         run: |
-          echo "DATE=$(powershell get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
-      - name: Get cached database
+          echo "DATE=$(get-date -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "YESTERDAY=$(get-date (get-date).addDays(-1)  -format "yyyyMMdd")" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
+      - name: Print Cache Keys
+        run: |
+          echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}"
+          echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}"
+      - name: Get today's cached database
         uses: actions/cache@v3
+        id: todays-cache
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
           enableCrossOsArchive: true
+      - name: Get yesterday's cached database if today's is not available
+        uses: actions/cache@v3
+        if: steps.todays-cache.outputs.cache-hit != 'true'
+        with:
+          path: cache
+          key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}
+          enableCrossOsArchive: true
       - name: Move cache to ~/.cache/cve-bin-tool
         run: |
           mkdir '~\.cache'

.github/workflows/update-cache.yml

@@ -15,7 +15,7 @@ jobs:
   linux:
     if: github.repository == 'intel/cve-bin-tool'
     name: Update linux cached database
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@v3

cve_bin_tool/checkers/__init__.py

@@ -272,6 +272,7 @@
     "tpm2_tss",
     "transmission",
     "trousers",
+    "u_boot",
     "unbound",
     "unixodbc",
     "upx",

cve_bin_tool/checkers/hostapd.py

@@ -17,5 +17,8 @@ class HostapdChecker(Checker):
     # FIXME: fix contains pattern
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS = [r"hostapd"]
-    VERSION_PATTERNS = [r"hostapd[_a-z]* v([0-9]+\.[0-9]+)"]
+    VERSION_PATTERNS = [
+        r"hostapd[_a-z]* v([0-9]+\.[0-9]+)",
+        r"([0-9]+\.[0-9]+)[a-z-]*\r?\nhostapd",
+    ]
     VENDOR_PRODUCT = [("w1.fi", "hostapd")]

cve_bin_tool/checkers/kexectools.py

@@ -6,6 +6,7 @@
 CVE checker for kexec-tools
 
 https://www.cvedetails.com/product/27100/?q=Kexec-tools
+https://www.cvedetails.com/product/121743/Kexec-tools-Project-Kexec-tools.html?vendor_id=28449
 
 """
 from __future__ import annotations
@@ -17,4 +18,4 @@ class KexectoolsChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS = [r"kexec"]
     VERSION_PATTERNS = [r"kexec-tools ([0-9]+\.[0-9]+\.[0-9]+)"]
-    VENDOR_PRODUCT = [("redhat", "kexec-tools")]
+    VENDOR_PRODUCT = [("kexec-tools_project", "kexec-tools"), ("redhat", "kexec-tools")]

cve_bin_tool/checkers/u_boot.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for u-boot
+
+https://www.cvedetails.com/product/48033/Denx-U-boot.html?vendor_id=18843
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class UBootChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [r"U-Boot ([0-9]+\.[0-9]+)"]
+    VENDOR_PRODUCT = [("denx", "u-boot")]

cve_bin_tool/cli.py

@@ -39,6 +39,7 @@
     get_backport_supported_distros,
 )
 from cve_bin_tool.config import ConfigParser
+from cve_bin_tool.config_generator import config_generator
 from cve_bin_tool.cve_scanner import CVEScanner
 from cve_bin_tool.cvedb import CVEDB, OLD_CACHE_DIR
 from cve_bin_tool.data_sources import (
@@ -240,6 +241,13 @@ def main(argv=None):
         metavar="{csv,json,console,html,pdf}",
         default="console",
     )
+    output_group.add_argument(
+        "--generate-config",
+        action="store",
+        default="",
+        choices=["yaml", "toml", "yaml,toml", "toml,yaml"],
+        help="generate config file for cve bin tool in toml and yaml formats.",
+    )
     output_group.add_argument(
         "-c",
         "--cvss",
@@ -494,6 +502,14 @@ def main(argv=None):
     if int(args["cvss"]) > 0:
         score = int(args["cvss"])
 
+    config_generate = set(args["generate_config"].split(","))
+    config_generate = [config_type.strip() for config_type in config_generate]
+    for config_type in config_generate:
+        LOGGER.debug(f"Arguments declared in generating config file {args}")
+        config_generator.config_generator(args, config_type)
+    if args["generate_config"] != "":
+        return 0
+
     # Offline processing
     if args["offline"]:
         # Override version check and database update arguments

cve_bin_tool/config_generator.py

@@ -0,0 +1,100 @@
+class config_generator:
+    def config_generator(args, types):
+        if types == "toml":
+            first_char = "["
+            last_char = "]"
+            sign = "="
+            coma = '"'
+        elif types == "yaml":
+            first_char = ""
+            last_char = ":"
+            sign = ":"
+            coma = ""
+        else:
+            return
+
+        strings = f"""
+        # This is an automatically generated configuration file for the CVE Binary Tool. It allows you to customize and manage the tool to suit your needs.
+        # Please exercise caution when editing this file and follow the instructions provided.
+        # To generate a new configuration file, use the --generate-config option. For more information, please refer to the official CVE Binary Tool documentation at https://cve-bin-tool.readthedocs.io/en/latest/.
+        # This file enables you to specify options such as the installation directory of the tool, the data sources to be used, and other relevant settings. To make changes, simply modify the values to the right of the equal sign.
+        # For more information on the available options and how to configure them, please refer to the official documentation at https://cve-bin-tool.readthedocs.io/en/latest/.
+        # If you support the project and wish to contribute, you can find the official CVE Binary Tool Contributor Guide at https://cve-bin-tool.readthedocs.io/en/latest/CONTRIBUTING.html#cve-binary-tool-contributor-guide.
+        # And link for project github https://github.com/intel/cve-bin-tool
+        {first_char}cve_data_download{last_char}
+          #set your nvd api key
+          nvd_api_key {sign} {coma}{args["nvd_api_key"]}{coma}
+          # choose method for getting CVE lists from NVD (default: api) other option available api2, json
+          nvd {sign} {coma}{args["nvd"]}{coma}
+          # update schedule for data sources and exploits database (default: daily)
+          update {sign} {coma}{args["update"]}{coma}
+        {first_char}input{last_char}
+          # Directory to scan
+          directory {sign} {coma}{args["directory"]}{coma}
+          # To supplement triage data of previous scan or run standalone as csv2cve
+          # Currently we only support csv and json file.
+          input_file {sign} {coma}{args["input_file"]}{coma}
+          # provide config file
+          config {sign} {coma}{args["config"]}{coma}
+          # specify type of software bill of materials (sbom) (default: spdx) other option are cyclonedx, swid
+          sbom {sign} {coma}{args["sbom"]}{coma}
+          # provide sbom filename
+          sbom_file {sign} {coma}{args["sbom_file"]}{coma}
+        {first_char}checker{last_char}
+          # list of checkers you want to skip
+          skips {sign} {coma}{args["skips"]}{coma}
+          # list of checkers you want to run
+          runs {sign} {coma}{args["runs"]}{coma}
+        {first_char}output{last_char}
+          # specify output verbosity from [debug, info, warning, error, critical]
+          # verbosity will decreases as you go left to right (default: info)
+          log_level {sign} {coma}{args["log_level"]}{coma}
+          # if true then we don't display any output and
+          # only exit-code with number of cves get returned
+          # overwrites setting specified in log_level
+          # Note: it's lowercase true or false
+          quiet {sign} {coma}{args["quiet"]}{coma}
+          # specify one of an output format: [csv, json, html, console] (default: console)
+          format {sign} {coma}{args["format"]}{coma}
+          # provide output filename (optional)
+          # if not specified we will generate one according to output format specified
+          output_file {sign} {coma}{args["output_file"]}{coma}
+          # specify minimum CVE severity level to report from [low, medium, high, critical] (default: low)
+          severity {sign} {coma}{args["severity"]}{coma}
+          # specify minimum CVSS score to report from integer range 0 to 10 (default: 0)
+          cvss {sign} {args["cvss"]}
+          # Produces a report even if there are no CVE for the respective output format
+          report {sign} {coma}{args["report"]}{coma}
+          # Provide vulnerability exchange (vex) filename
+          vex {sign} {coma}{args["vex"]}{coma}
+        {first_char}other{last_char}
+          # set true if you want to skip checking for newer version
+          disable_version_check {sign} {coma}{args["disable_version_check"]}{coma}
+          # set true if you want to autoextract archive files. (default: true)
+          extract {sign} {coma}{args["extract"]}{coma}
+          # operate in offline mode
+          offline {sign} {coma}{args["offline"]}{coma}
+        {first_char}merge_report{last_char}
+          # save output as intermediate report in json format
+          append {sign} {coma}{args["append"]}{coma}
+          # add a unique tag to differentiate between multiple intermediate reports
+          tag {sign} {coma}{args["tag"]}{coma}
+          # comma separated intermediate reports path for merging
+          merge {sign} {coma}{args["merge"]}{coma}
+          # comma separated tag string for filtering intermediate reports
+          filter {sign} {coma}{args["filter"]}{coma}
+        {first_char}database{last_char}
+          # export database filename
+          export {sign} {coma}{args["export"]}{coma}
+          # import database filename
+          import {sign} {coma}{args["import"]}{coma}
+        {first_char}exploit{last_char}
+          # check for exploits from found cves
+          exploits {sign} {coma}{args["exploits"]}{coma}
+        {first_char}deprecated{last_char}
+          # autoextract compressed files
+          extract {sign} {coma}{args["extract"]}{coma}
+      """
+        f = open(f"config.{types}", "w")
+        f.write(strings)
+        f.close()