diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index aa04553535..6718ef963a 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -287,6 +287,7 @@ "varnish", "vorbis_tools", "vsftpd", + "vim", "webkitgtk", "wget", "wireshark", diff --git a/cve_bin_tool/checkers/vim.py b/cve_bin_tool/checkers/vim.py new file mode 100644 index 0000000000..1e919e3cb4 --- /dev/null +++ b/cve_bin_tool/checkers/vim.py @@ -0,0 +1,26 @@ +# Copyright (C) 2023 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + + +""" +CVE checker for vim: + +https://www.cvedetails.com/vulnerability-list/vendor_id-8218/product_id-14270/Vim-Vim.html + +""" + +from cve_bin_tool.checkers import Checker + + +class VimChecker(Checker): + CONTAINS_PATTERNS = [ + r"# This viminfo file was generated by Vim %s.", + r"-u Use instead of any .vimrc", + r"- append vim.VIM_SPECIAL_PATH to sys.path", + ] + FILENAME_PATTERNS = [r"vim"] + VERSION_PATTERNS = [ + r"vim-([0-9]+\.[0-9]+\.[0-9]{4})", + r"VIM - Vi IMproved ([0-9]\.[0-9] (?:\([1-9]\d{3,} [A-Z][a-z]{2} [0-9]{1,2}\))?)", + ] + VENDOR_PRODUCT = [("vim", "vim")] diff --git a/test/condensed-downloads/vim-enhanced-9.0.1429-1.fc38.aarch64.rpm.tar.gz b/test/condensed-downloads/vim-enhanced-9.0.1429-1.fc38.aarch64.rpm.tar.gz new file mode 100644 index 0000000000..52f29e74cf Binary files /dev/null and b/test/condensed-downloads/vim-enhanced-9.0.1429-1.fc38.aarch64.rpm.tar.gz differ diff --git a/test/condensed-downloads/vim_8.1.2269-1ubuntu5_amd64.deb.tar.gz b/test/condensed-downloads/vim_8.1.2269-1ubuntu5_amd64.deb.tar.gz new file mode 100644 index 0000000000..07178b3750 Binary files /dev/null and b/test/condensed-downloads/vim_8.1.2269-1ubuntu5_amd64.deb.tar.gz differ diff --git a/test/condensed-downloads/vim_8.2.2434-3+deb11u1_amd64.deb.tar.gz b/test/condensed-downloads/vim_8.2.2434-3+deb11u1_amd64.deb.tar.gz new file mode 100644 index 0000000000..760d38bb65 Binary files /dev/null and b/test/condensed-downloads/vim_8.2.2434-3+deb11u1_amd64.deb.tar.gz differ diff --git a/test/test_checkers.py b/test/test_checkers.py index 8f55c70c6e..8ff1f94b75 100644 --- a/test/test_checkers.py +++ b/test/test_checkers.py @@ -111,6 +111,8 @@ def setup_class(cls): ("syslogng", "syslog-ng.so", ["syslog-ng"]), ("systemd", "libsystemd.so.0", ["systemd"]), ("varnish", "varnish", ["varnish"]), + ("vim", "vim", ["vim"]), + ("vim", "vim-enhanced", ["vim"]), ("wireshark", "rawshark", ["wireshark"]), ("xerces", "libxerces-c.so", ["xerces"]), ("xml2", "libxml2.so.0", ["xml2"]), diff --git a/test/test_data/vim.py b/test/test_data/vim.py new file mode 100644 index 0000000000..4af0f1ce81 --- /dev/null +++ b/test/test_data/vim.py @@ -0,0 +1,44 @@ +# Copyright (C) 2023 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "vim", + "version": "9.0.1429", + "version_strings": ["vim-9.0.1429"], + }, + { + "product": "vim", + "version": "8.2.2434", + "version_strings": ["vim-8.2.2434"], + }, + { + "product": "vim", + "version": "8.1.2269", + "version_strings": [ + "vim-8.1.2269", + "E136: viminfo: Too many errors, skipping rest of file", + ], + }, +] +package_test_data = [ + { + "url": "https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/aarch64/os/Packages/v/", + "package_name": "vim-enhanced-9.0.1429-1.fc38.aarch64.rpm", + "product": "vim", + "version": "9.0.1429", + "other_products": ["lua"], + }, + { + "url": "http://ftp.de.debian.org/debian/pool/main/v/vim/", + "package_name": "vim_8.2.2434-3+deb11u1_amd64.deb", + "product": "vim", + "version": "8.2.2434", + }, + { + "url": "http://archive.ubuntu.com/ubuntu/pool/main/v/vim/", + "package_name": "vim_8.1.2269-1ubuntu5_amd64.deb", + "product": "vim", + "version": "8.1.2269", + }, +]