fix: improve dhclient checker and add dhcpd checker (#2642)

- isc:dhcp CPE ID is not only related to ISC DHCP client but also to ISC DHCP server as both components have the same source code - Drop second pattern which is not used to find version in RPM - Add debian and OpenWRT test packages as well as additional signatures - Add dhcpd checker Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
intel · Feb 8, 2023 · b5e1d0c · b5e1d0c
1 parent 0052c5f
commit b5e1d0c
Show file tree

Hide file tree

Showing 10 changed files with 80 additions and 13 deletions.
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -52,6 +52,7 @@
     "dbus",
     "dhclient",
     "dhcpcd",
+    "dhcpd",
     "dnsmasq",
     "domoticz",
     "dovecot",

diff --git a/cve_bin_tool/checkers/dhclient.py b/cve_bin_tool/checkers/dhclient.py
@@ -3,11 +3,10 @@
 
 
 """
-CVE checker for dhcp-client
-
-This checker only supports .rpm distros as no useful version patterns were found for .deb
+CVE checker for dhcp-client (ISC DHCP client)
 
 https://www.cvedetails.com/product/610/ISC-Dhcp-Client.html?vendor_id=64
+https://www.cvedetails.com/product/17706/ISC-Dhcp.html?vendor_id=64
 
 """
 from __future__ import annotations
@@ -19,7 +18,7 @@ class DhclientChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS: list[str] = [r"dhclient"]
     VERSION_PATTERNS = [
-        r'"name":"dhcp","version":"([0-9]+.[0-9]+(.[0-9]+)?)',
-        r"dhcp([0-9]+.[0-9]+(.[0-9]+)?)",
+        r"dhclient\.c[a-zA-Z0-9 \'%-\[\]{}<>#%|\.:\r\n]*([0-9]+\.[0-9]+\.[0-9]+)",
+        r"([0-9]+\.[0-9]+\.[0-9]+)[a-zA-Z0-9 \'%-\[\]{}<>#%|\.:\r\n]*dhclient\.c",
     ]
-    VENDOR_PRODUCT = [("isc", "dhcp")]
+    VENDOR_PRODUCT = [("isc", "dhcp"), ("isc", "dhcp_client")]
diff --git a/cve_bin_tool/checkers/dhcpd.py b/cve_bin_tool/checkers/dhcpd.py
@@ -0,0 +1,24 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for dhcpd (ISC DHCP server)
+
+https://www.cvedetails.com/product/2017/ISC-Dhcpd.html?vendor_id=64
+https://www.cvedetails.com/product/17706/ISC-Dhcp.html?vendor_id=64
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class DhcpdChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [
+        r"\r?\ndhcpd\.c[a-zA-Z0-9 \'%-\[\]{}<>#%|\.:\r\n]*([0-9]+\.[0-9]+\.[0-9]+)",
+        r"([0-9]+\.[0-9]+\.[0-9]+)[a-zA-Z0-9 \'%-\[\]{}<>#%|\.:\r\n]*dhcpd\.c\r?\n",
+    ]
+    VENDOR_PRODUCT = [("isc", "dhcp"), ("isc", "dhcpd")]
diff --git a/test/condensed-downloads/dhcp-server-4.4.3-7.P1.fc38.aarch64.rpm.tar.gz b/test/condensed-downloads/dhcp-server-4.4.3-7.P1.fc38.aarch64.rpm.tar.gz
diff --git a/test/condensed-downloads/isc-dhcp-client-ipv4_4.4.1-4_x86_64.ipk.tar.gz b/test/condensed-downloads/isc-dhcp-client-ipv4_4.4.1-4_x86_64.ipk.tar.gz
diff --git a/test/condensed-downloads/isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb.tar.gz b/test/condensed-downloads/isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb.tar.gz
diff --git a/test/condensed-downloads/isc-dhcp-server-ipv6_4.4.1-4_x86_64.ipk.tar.gz b/test/condensed-downloads/isc-dhcp-server-ipv6_4.4.1-4_x86_64.ipk.tar.gz
diff --git a/test/condensed-downloads/isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb.tar.gz b/test/condensed-downloads/isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb.tar.gz
diff --git a/test/test_data/dhclient.py b/test/test_data/dhclient.py
@@ -2,11 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 mapping_test_data = [
-    {
-        "product": "dhcp",
-        "version": "4.4.3",
-        "version_strings": [r'"name":"dhcp","version":"4.4.3"'],
-    },
+    {"product": "dhcp", "version": "4.3.1", "version_strings": ["dhclient.c\n4.3.1"]},
+    {"product": "dhcp", "version": "4.4.3", "version_strings": ["4.4.3\ndhclient.c"]},
 ]
 package_test_data = [
     {
@@ -16,6 +13,18 @@
         "version": "4.4.3",
         "other_products": [],
     },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/",
+        "package_name": "isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb",
+        "product": "dhcp",
+        "version": "4.3.1",
+        "other_products": [],
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "isc-dhcp-client-ipv4_4.4.1-4_x86_64.ipk",
+        "product": "dhcp",
+        "version": "4.4.1",
+        "other_products": [],
+    },
 ]
-
-# This checker only supports .rpm distros as no useful version patterns were found for .deb
diff --git a/test/test_data/dhcpd.py b/test/test_data/dhcpd.py
@@ -0,0 +1,34 @@
+# Copyright (C) 2023 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {"product": "dhcpd", "version": "4.3.5", "version_strings": ["4.3.5\ndhcpd.c"]},
+    {
+        "product": "dhcpd",
+        "version": "4.4.3",
+        "version_strings": ["dhcpd.c\nCan't allocate new generic object: %s\n4.4.3"],
+    },
+]
+package_test_data = [
+    {
+        "url": "https://www.rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/d/",
+        "package_name": "dhcp-server-4.4.3-7.P1.fc38.aarch64.rpm",
+        "product": "dhcpd",
+        "version": "4.4.3",
+        "other_products": ["dhcp"],
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/",
+        "package_name": "isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb",
+        "product": "dhcpd",
+        "version": "4.3.5",
+        "other_products": ["dhcp"],
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "isc-dhcp-server-ipv6_4.4.1-4_x86_64.ipk",
+        "product": "dhcpd",
+        "version": "4.4.1",
+        "other_products": ["dhcp"],
+    },
+]