Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: handle : in filenames better #4401

Closed
terriko opened this issue Aug 29, 2024 · 0 comments · Fixed by #4418
Closed

feat: handle : in filenames better #4401

terriko opened this issue Aug 29, 2024 · 0 comments · Fixed by #4418
Labels
good first issue Good for newcomers tests

Comments

@terriko
Copy link
Contributor

terriko commented Aug 29, 2024

Windows and Linux have different filename restrictions and we recently hit a case in #4380 where the linux package name included the : character and thus windows couldn't handle it.

Now, the easy answer is "take the : out of the filename" but because of the way our condensed download tool works, it's currently using exactly the same name as the original file. (Terminology reminder: our "condensed download" files are .tar.gz files with all the strings found in a binary, typically a full linux install package, that we then use to test the vulnerabilty scanner and keep around to make sure that new checkers won't generate false positives with existing ones.)

Someone will need to go in and edit make_condensed_from_download (found in test/test_scanner.py:

cve-bin-tool/test/test_scanner.py

Line 174 in cbdff56

def make_condensed_from_download(self, download_path, condensed_path):
) so that we run a filter on filename it removes unwanted characters before making the local condensed download. That should be pretty easy. We may also need to have an identical filter where the downloads are found on disk during the testing phase.

That first part should be doable by a beginner but the latter part may be harder; I haven't looked. I'm going to mark this as a good first issue but if you get stuck let us know and I can re-evaluate if it's really beginner friendly!
@terriko terriko added good first issue Good for newcomers tests labels Aug 29, 2024
ffontaine added a commit to ffontaine/cve-bin-tool that referenced this issue Sep 6, 2024
@ffontaine
fix: handle : in filenames better
40dada8 
Replace colon and backslash in filename to avoid a failure on Windows in
condensed_filepath function as already done in test_version_mapping
function

Fix intel#4401

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
@ffontaine ffontaine mentioned this issue Sep 6, 2024
Merged
ffontaine added a commit to ffontaine/cve-bin-tool that referenced this issue Sep 6, 2024
@ffontaine
fix: handle : in filenames better
7aff0ee 
Replace colon and backslash in filename to avoid a failure on Windows in
condensed_filepath function as already done in test_version_mapping
function

Fix intel#4401

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
@terriko terriko closed this as completed in 17a6d41 Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: handle : in filenames better ffontaine/cve-bin-tool
1 participant
@terriko