Releases: intel/cve-bin-tool
CVE Binary Tool 3.3
Release highlights
-
GSoC 2023 contributor @Rexbeast2 added support for EPSS scores to help users assess vulnerability risks (more info : https://cve-bin-tool.readthedocs.io/en/latest/MANUAL.html#metric)
-
GSoC 2023 contributor @b31ngd3v has set up a github action (available here: https://github.com/intel/cve-bin-tool-action) and did a lot of work related to using our new NVD mirror (available here: https://cveb.in/)
-
We now default to using our own NVD mirror unless an NVD_API_KEY is set.
- The data is updated multiple times per day and duplicated to mirrors in several countries across the globe. They should be significantly faster than getting data from NVD directly, especially if you need to populate a database from scratch.
- Mirroring infrastructure is provided by FCIX Software Mirrors, who currently provide a large portion of the global mirroring for linux distributions and other open source projects.
- If you have difficulties with the mirrors or wish us to activate a mirror closer to you (we're only using a fraction of the servers available), please file an issue https://github.com/intel/cve-bin-tool/issues
- These mirrors can be used in other tools or as part of research. We'd love to know if and how you use them!
-
Breaking Change: Windows users will now need to use python 3.12 if they want to scan tarfiles.
- Testing has been disabled on windows for python < 3.12. It's likely that older versions of python will continue to work on Windows as long as you don't need tarfile support, but our binary checker tests use tarfiles so we can no longer run the full test suite.
-
We now provide our own version compare function, which will not be limited to PEP 440 compliant semantic versions.
-
Thanks especially to @ffontaine we are up to 359 binary checkers!
-
Our fuzz testing has been improved to cover more of our language file parsers. Thanks especially to @joydeep049, @mastersans , @raffifu and @inosmeet for their work in setting these up and fixing errors found via fuzzing.
We've also got a large number of new contributors, many of whom participated in Hacktoberfest 2023 or the first part of GSoC 2024, as well as users and security experts who were generous enough to share their time and expertise with us outside of these open source beginner-focused programs. Thank you!
Change Log
List of pull requests merged (quite long)
- fix: java parser failing to match vendor on product without '-' by @bcieszko in #2961
- feat(checker): New checker request - GNU emacs by @bcieszko in #2941
- chore: update SBOM for Python 3.7 by @github-actions in #3025
- chore: update SBOM for Python 3.10 by @github-actions in #3024
- chore: update SBOM for Python 3.9 by @github-actions in #3023
- chore: update SBOM for Python 3.8 by @github-actions in #3022
- chore: update SBOM for Python 3.11 by @github-actions in #3021
- [StepSecurity] Apply security best practices by @step-security-bot in #3031
- fix: Enhance SBOM docs (fixes #2922) by @offsake in #3029
- ci: adjust dependabot config to limit false positives by @terriko in #3033
- chore: update checkers table by @github-actions in #3026
- chore: bump to dev version 3.2.2dev0 by @terriko in #3019
- chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @dependabot in #3034
- chore: update SBOM for Python 3.7 by @github-actions in #3040
- chore: update SBOM for Python 3.8 by @github-actions in #3039
- chore: update SBOM for Python 3.9 by @github-actions in #3038
- chore: update SBOM for Python 3.11 by @github-actions in #3037
- chore: update SBOM for Python 3.10 by @github-actions in #3036
- feat(checker): add mini_httpd checker by @ffontaine in #3020
- feat(checker): add libmicrohttpd checker by @ffontaine in #3014
- ci: fix dependabot config by @terriko in #3041
- chore: update pre-commit config by @github-actions in #2968
- feat(checker): add cpio checker by @ffontaine in #3013
- ci: Harden GitHub Actions [StepSecurity] by @step-security-bot in #3043
- feat(checker): add sngrep checker by @ffontaine in #3035
- feat(checker): add fluidsynth checker by @ffontaine in #3012
- feat(checker): add pixman checker by @ffontaine in #3010
- feat(checker): add ldns checker by @ffontaine in #3004
- feat(checker): add gzip checker by @ffontaine in #2998
- chore: update checkers table by @github-actions in #3044
- ci: Dependabot "duplicated" lines and ignore "*" by @terriko in #3045
- chore(deps): bump github/codeql-action from 2.1.27 to 2.3.5 by @dependabot in #3049
- chore(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #3051
- chore(deps): bump actions/checkout from 3.1.0 to 3.5.2 by @dependabot in #3050
- chore: update pre-commit config by @github-actions in #3048
- ci: pin dependency-review linux, fix dependabot by @terriko in #3055
- feat(checker): add gdk-pixbuf checker by @ffontaine in #3011
- feat(checker): add libtasn1 checker by @ffontaine in #3000
- feat(checker): add dmidecode checker by @ffontaine in #2997
- feat(checker): add libgd checker by @ffontaine in #2978
- feat: merged report content change and comments added in html reports by @gvozzolo in #2913
- feat: add support for pgp signing (#2577) by @b31ngd3v in #2882
- chore: update checkers table by @github-actions in #3061
- chore: update SBOM for Python 3.8 by @github-actions in #3070
- chore: update SBOM for Python 3.7 by @github-actions in #3069
- chore: update SBOM for Python 3.10 by @github-actions in #3068
- chore: update SBOM for Python 3.9 by @github-actions in #3067
- chore: update SBOM for Python 3.11 by @github-actions in #3066
- ci: up timeouts on short and long tests by @terriko in #3072
- feat(checker): add udisks checker by @ffontaine in #2999
- feat(scanner): slight update in version display by @ffontaine in #3063
- feat(checker): add readline checker by @ffontaine in #2976
- feat(checker): add ntfs-3g checker by @ffontaine in #2973
- feat(checker): add ngircd checker by @ffontaine in #3003
- feat(checker): add libmodbus checker by @ffontaine in #3002
- feat(checker): add coreutils checker by @ffontaine in #3001
- fix: improve openssl checker by @ffontaine in #2987
- chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #3052
- chore: update SBOM for Python 3.8 by @github-actions in #3082
- fix: root file path of vulnerable component is missing by @b31ngd3v in #3088
- chore: update SBOM for Python 3.9 by @github-actions in #3081
- chore: update SBOM for Python 3.10 by @github-actions in #3080
- chore: update SBOM for Python 3.11 by @github-actions in #3079
- chore: update SBOM for Python 3.7 by @github-actions in #3078
- chore: update checkers table by @github-actions in #3073
- chore(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by @dependabot in #3090
- chore(deps-dev): bump pre-commit from 3.3.2 to 3.3.3 by @dependabot in #3087
- chore(deps): bump github/codeql-action from 2.3.5 to 2.20.0 by @dependabot in https://github.com/intel/cve-bin-tool...
CVE Binary Tool 3.3rc3 pre-release
Assorted bugfixes, new checkers, and improvements (see details below). This may be the last pre-release before 3.3 if we don't find any additional issues.
BREAKING CHANGE: Windows users will now have to use python 3.12 if they intend to scan tarfiles.
What's Changed
- fix: java parser failing to match vendor on product without '-' by @bcieszko in #2961
- feat(checker): New checker request - GNU emacs by @bcieszko in #2941
- chore: update SBOM for Python 3.7 by @github-actions in #3025
- chore: update SBOM for Python 3.10 by @github-actions in #3024
- chore: update SBOM for Python 3.9 by @github-actions in #3023
- chore: update SBOM for Python 3.8 by @github-actions in #3022
- chore: update SBOM for Python 3.11 by @github-actions in #3021
- [StepSecurity] Apply security best practices by @step-security-bot in #3031
- fix: Enhance SBOM docs (fixes #2922) by @offsake in #3029
- ci: adjust dependabot config to limit false positives by @terriko in #3033
- chore: update checkers table by @github-actions in #3026
- chore: bump to dev version 3.2.2dev0 by @terriko in #3019
- chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @dependabot in #3034
- chore: update SBOM for Python 3.7 by @github-actions in #3040
- chore: update SBOM for Python 3.8 by @github-actions in #3039
- chore: update SBOM for Python 3.9 by @github-actions in #3038
- chore: update SBOM for Python 3.11 by @github-actions in #3037
- chore: update SBOM for Python 3.10 by @github-actions in #3036
- feat(checker): add mini_httpd checker by @ffontaine in #3020
- feat(checker): add libmicrohttpd checker by @ffontaine in #3014
- ci: fix dependabot config by @terriko in #3041
- chore: update pre-commit config by @github-actions in #2968
- feat(checker): add cpio checker by @ffontaine in #3013
- ci: Harden GitHub Actions [StepSecurity] by @step-security-bot in #3043
- feat(checker): add sngrep checker by @ffontaine in #3035
- feat(checker): add fluidsynth checker by @ffontaine in #3012
- feat(checker): add pixman checker by @ffontaine in #3010
- feat(checker): add ldns checker by @ffontaine in #3004
- feat(checker): add gzip checker by @ffontaine in #2998
- chore: update checkers table by @github-actions in #3044
- ci: Dependabot "duplicated" lines and ignore "*" by @terriko in #3045
- chore(deps): bump github/codeql-action from 2.1.27 to 2.3.5 by @dependabot in #3049
- chore(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #3051
- chore(deps): bump actions/checkout from 3.1.0 to 3.5.2 by @dependabot in #3050
- chore: update pre-commit config by @github-actions in #3048
- ci: pin dependency-review linux, fix dependabot by @terriko in #3055
- feat(checker): add gdk-pixbuf checker by @ffontaine in #3011
- feat(checker): add libtasn1 checker by @ffontaine in #3000
- feat(checker): add dmidecode checker by @ffontaine in #2997
- feat(checker): add libgd checker by @ffontaine in #2978
- feat: merged report content change and comments added in html reports by @gvozzolo in #2913
- feat: add support for pgp signing (#2577) by @b31ngd3v in #2882
- chore: update checkers table by @github-actions in #3061
- chore: update SBOM for Python 3.8 by @github-actions in #3070
- chore: update SBOM for Python 3.7 by @github-actions in #3069
- chore: update SBOM for Python 3.10 by @github-actions in #3068
- chore: update SBOM for Python 3.9 by @github-actions in #3067
- chore: update SBOM for Python 3.11 by @github-actions in #3066
- ci: up timeouts on short and long tests by @terriko in #3072
- feat(checker): add udisks checker by @ffontaine in #2999
- feat(scanner): slight update in version display by @ffontaine in #3063
- feat(checker): add readline checker by @ffontaine in #2976
- feat(checker): add ntfs-3g checker by @ffontaine in #2973
- feat(checker): add ngircd checker by @ffontaine in #3003
- feat(checker): add libmodbus checker by @ffontaine in #3002
- feat(checker): add coreutils checker by @ffontaine in #3001
- fix: improve openssl checker by @ffontaine in #2987
- chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #3052
- chore: update SBOM for Python 3.8 by @github-actions in #3082
- fix: root file path of vulnerable component is missing by @b31ngd3v in #3088
- chore: update SBOM for Python 3.9 by @github-actions in #3081
- chore: update SBOM for Python 3.10 by @github-actions in #3080
- chore: update SBOM for Python 3.11 by @github-actions in #3079
- chore: update SBOM for Python 3.7 by @github-actions in #3078
- chore: update checkers table by @github-actions in #3073
- chore(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by @dependabot in #3090
- chore(deps-dev): bump pre-commit from 3.3.2 to 3.3.3 by @dependabot in #3087
- chore(deps): bump github/codeql-action from 2.3.5 to 2.20.0 by @dependabot in #3086
- chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 by @dependabot in #3085
- chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #3084
- fix: improve luajit checker by @ffontaine in #2993
- fix: improve gimp checker by @ffontaine in #2992
- ci: Automatically committing/suggesting linter fixes for PRs by @metabiswadeep in #3017
- chore(deps): bump sphinx from 4.4.0 to 7.0.1 in /doc by @dependabot in #3056
- fix: improve nghttp2 checker by @ffontaine in #2991
- docs: adding database schema by @Rexbeast2 in #3097
- chore(deps): bump github/codeql-action from 2.20.0 to 2.20.1 by @dependabot in #3098
- fix: fix xerces CPE ID by @ffontaine in #2932
- docs: including doc in build by @Rexbeast2 in #3102
- chore: update SBOM for Python 3.8 by @github-actions in #3111
- chore: update SBOM for Python 3.11 by @github-actions in #3110
- chore: update SBOM for Python 3.7 by @github-actions in #3109
- chore: update SBOM for Python 3.10 by @github-actions in #3108
- chore: update SBOM for Python 3.9 by @github-actions in #3107
- fix: report is not generated when no CVEs detected (#3028) by @b31ngd3v in #3075
- ci: dedeuplicate usage of codeql by @metabiswadeep in #3100
- feat: adding epss data by @Rexbeast2 in #3104
- feat: updating schema by @Rexbeast2 in #3106
- chore(deps): bump ossf/scorecard-action from 2.1.3 t...
CVE Binary Tool 3.3rc2 pre-release
This pre-release improved the version compare function so it can handle certain distro versions and other special version cases more smoothly. Note that it does not have any special handling for hashes because they appear infrequently in the NVD data, but you may have some unpredictable results if you have hashes listed in an SBOM or local version.
auto-generated notes follow:
What's Changed
- chore: update SBOM for Python 3.9 by @github-actions in #3623
- chore: update SBOM for Python 3.8 by @github-actions in #3622
- chore: update SBOM for Python 3.10 by @github-actions in #3621
- chore: update SBOM for Python 3.11 by @github-actions in #3620
- feat(checker): add protobuf-c checker by @ffontaine in #3596
- feat: disable metrics by default by @ffontaine in #3618
- feat(checker): add socat checker by @ffontaine in #3597
- fix: improve lua checker by @ffontaine in #3598
- feat(checker): add tar checker by @ffontaine in #3600
- feat(checker): add libvpx checker by @ffontaine in #3602
- fix: drop wrong gnutls VENDOR_PRODUCT by @ffontaine in #3604
- fix: update squashfs VENDOR_PRODUCT by @ffontaine in #3605
- fix: update tor VENDOR_PRODUCT by @ffontaine in #3606
- fix: update gawk pattern by @ffontaine in #3607
- feat(checker): add lrzip checker by @ffontaine in #3608
- fix: update glibc pattern by @ffontaine in #3611
- fix: update zsh pattern by @ffontaine in #3613
- fix: improve gdb pattern by @ffontaine in #3614
- chore: bump version for 3.3 release by @terriko in #3630
- fix: update coreutils pattern by @ffontaine in #3616
- fix: update binutils pattern by @ffontaine in #3615
- fix: update bison pattern by @ffontaine in #3617
- feat(checker): add mbedtls checker by @ffontaine in #3619
- feat(checker): add php checker by @ffontaine in #3627
- fix: drop gpgme CPE ID without CVEs by @ffontaine in #3632
- fix: drop rsync CPE ID without CVEs by @ffontaine in #3634
- fix: drop netatalk CPE ID without CVEs by @ffontaine in #3635
- feat(checker): add jq checker by @ffontaine in #3636
- feat(checker): add libheif checker by @ffontaine in #3641
- chore: update checkers table by @github-actions in #3624
- docs: Updated examples in sbom_generation.md by @Mayankrai449 in #3640
- feat(checker): add heimdal checker by @ffontaine in #3643
- feat(checker): add libde265 checker by @ffontaine in #3645
- ci: fix sbom test skipping logic by @terriko in #3631
- chore: update checkers table by @github-actions in #3647
- docs: add cmd for installing the cve-tool in virtualenv by @ayushthe1 in #3649
- fix: update detailed description by @ffontaine in #3650
- feat: Enable metrics if epss-{percentile,probability} is set by @ffontaine in #3642
- chore: update SBOM for Python 3.8 by @github-actions in #3669
- chore: update SBOM for Python 3.11 by @github-actions in #3668
- chore: update SBOM for Python 3.9 by @github-actions in #3667
- chore: update SBOM for Python 3.10 by @github-actions in #3666
- test: temporarily disable failing tests by @terriko in #3655
- fix: temporary disabling due to #3674 by @terriko in #3676
- test: added test for OutputEngine with metrics=False by @mastersans in #3672
- fix: Deprecate NVD API 1.0 by @akshatgokul in #3671
- docs: add PHP launguage specification to docs by @Mahhheshh in #3665
- feat: Fuzz Testing RParser by @crazytrain328 in #3664
- docs: Clarifying use of --metrics and epss options by @Mayankrai449 in #3663
- chore: update spdx header by @github-actions in #3679
- chore: update js dependencies by @github-actions in #3680
- docs: Add appropriate docstring to output_engine/print_mode.py (#3457) by @aptitudepi in #3677
- chore: update pre-commit config by @github-actions in #3678
- docs(README.md): updated options list in README.md by @DEVESH-N2 in #3662
- ci: add interrogate to github actions & exclude some directories by @ayushthe1 in #3612
- feat(checker): add iwd checker by @ffontaine in #3660
- chore: add template for docstrings issues by @terriko in #3685
- chore: update SBOM for Python 3.9 by @github-actions in #3691
- chore: update SBOM for Python 3.8 by @github-actions in #3690
- chore: update SBOM for Python 3.10 by @github-actions in #3689
- chore: update SBOM for Python 3.11 by @github-actions in #3688
- chore: update checkers table by @github-actions in #3686
- fix: add additional CPE IDs to faad2 by @ffontaine in #3699
- chore(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #3695
- feat(checker): add netdata checker by @ffontaine in #3648
- chore: fix broken docstrings issue template by @terriko in #3702
- feat(checker): add micropython checker by @ffontaine in #3704
- chore: update SBOM for Python 3.8 by @github-actions in #3709
- chore: update SBOM for Python 3.9 by @github-actions in #3708
- chore: update SBOM for Python 3.11 by @github-actions in #3707
- chore: update SBOM for Python 3.10 by @github-actions in #3706
- chore: update checkers table by @github-actions in #3703
- feat: test handling of
~=
in requirements.txt and add it to docs by @ayushthe1 in #3610 - ci: improve interrogate/pre-commit config by @terriko in #3714
- fix: [Snyk] Security upgrade pillow from 9.5.0 to 10.0.1 by @terriko in #3601
- test: re-enable failing tests from #3653 by @terriko in #3720
- fix: fail gracefully for npm .package-lock.json files by @terriko in #3654
- chore: update SBOM for Python 3.9 by @github-actions in #3732
- chore: update SBOM for Python 3.8 by @github-actions in #3731
- chore: update SBOM for Python 3.11 by @github-actions in #3730
- chore: update SBOM for Python 3.10 by @github-actions in #3729
- chore(deps): bump actions/cache from 3.3.2 to 4.0.0 by @dependabot in #3739
- feat(checker): add go checker by @ffontaine in #3651
- docs: add docstrings to cve-bin-tool/util by @Mahhheshh in #3715
- chore(deps): bump github/codeql-action from 2.22.9 to 3.23.0 by @dependabot in #3705
- docs: added docstring to swid_parser.py by @Mahhheshh in #3716
- feat: Fuzz testing PerlParser by @crazytrain328 in #3725
- chore: update checkers table by @github-actions in #3740
- fix: improve robustness of version compare by @terriko in #3694
- chore: update SBOM for Python 3.8 by @github-actions ...
CVE Binary Tool 3.3rc1 pre-release
This has some fixes for the version compare function that were reported against the previous pre-release, as well as some new checkers and bugfixes. Automated release notes below.
What's Changed
- chore(deps): bump actions/dependency-review-action from 3.1.3 to 3.1.4 by @dependabot in #3546
- chore(deps): bump conda-incubator/setup-miniconda from 2.3.0 to 3.0.1 by @dependabot in #3549
- typo in issue template by @perrinjerome in #3557
- test_version_compare: use different pytest.raises for each instruction by @perrinjerome in #3555
- version_compare: support + in versions by @perrinjerome in #3554
- chore: update SBOM for Python 3.8 by @github-actions in #3563
- chore: update SBOM for Python 3.9 by @github-actions in #3562
- chore: update SBOM for Python 3.11 by @github-actions in #3561
- chore: update SBOM for Python 3.10 by @github-actions in #3560
- feat(checker): add exfatprogs checker by @ffontaine in #3542
- chore: update checkers table by @github-actions in #3564
- chore(deps): bump actions/setup-python from 4 to 5 by @dependabot in #3567
- fix: improve version_compare to drop hashes by @terriko in #3566
- chore: update SBOM for Python 3.10 by @github-actions in #3574
- chore: update SBOM for Python 3.9 by @github-actions in #3573
- chore: update SBOM for Python 3.8 by @github-actions in #3572
- chore: update SBOM for Python 3.11 by @github-actions in #3571
- chore(deps): bump github/codeql-action from 2.22.6 to 2.22.9 by @dependabot in #3568
- fix: improve openssl checker by @ffontaine in #3569
- feat(checker): add tesseract checker by @ffontaine in #3570
- fix: update mosquitto pattern by @ffontaine in #3580
- chore(deps-dev): bump pre-commit from 3.5.0 to 3.6.0 by @dependabot in #3577
- chore: update checkers table by @github-actions in #3584
- fix: improve version_compare logic by @terriko in #3548
- fix: non-alphanumeric characters as separators by @terriko in #3565
- feat(checker): add libevent checker by @ffontaine in #3587
- fix: remove resizeGraph function by @terriko in #3585
- feat(checker): add zstandard checker by @ffontaine in #3590
- feat(checker): add xwayland checker by @ffontaine in #3591
- feat(checker): add vlc checker by @ffontaine in #3593
- chore: update checkers table by @github-actions in #3589
- fix: remove cases of resizeGraph from examples by @terriko in #3592
New Contributors
- @perrinjerome made their first contribution in #3557
Full Changelog: v3.3a0...v3.3rc1
CVE Binary Tool pre-release 3.3a0
Preview release for 3.3, which will hopefully be coming in December.
There's a lot of changes in this release (see below, more curated release notes to come), but I'm particularly eager to have people try out the new version compare function and make sure it is sufficiently robust for arbitrary versions, as we needed to migrate away from the function provided in python packaging as it could not handle some of the versions we see in the NVD data.
What's Changed
- fix: java parser failing to match vendor on product without '-' by @bcieszko in #2961
- feat(checker): New checker request - GNU emacs by @bcieszko in #2941
- chore: update SBOM for Python 3.7 by @github-actions in #3025
- chore: update SBOM for Python 3.10 by @github-actions in #3024
- chore: update SBOM for Python 3.9 by @github-actions in #3023
- chore: update SBOM for Python 3.8 by @github-actions in #3022
- chore: update SBOM for Python 3.11 by @github-actions in #3021
- [StepSecurity] Apply security best practices by @step-security-bot in #3031
- fix: Enhance SBOM docs (fixes #2922) by @offsake in #3029
- ci: adjust dependabot config to limit false positives by @terriko in #3033
- chore: update checkers table by @github-actions in #3026
- chore: bump to dev version 3.2.2dev0 by @terriko in #3019
- chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @dependabot in #3034
- chore: update SBOM for Python 3.7 by @github-actions in #3040
- chore: update SBOM for Python 3.8 by @github-actions in #3039
- chore: update SBOM for Python 3.9 by @github-actions in #3038
- chore: update SBOM for Python 3.11 by @github-actions in #3037
- chore: update SBOM for Python 3.10 by @github-actions in #3036
- feat(checker): add mini_httpd checker by @ffontaine in #3020
- feat(checker): add libmicrohttpd checker by @ffontaine in #3014
- ci: fix dependabot config by @terriko in #3041
- chore: update pre-commit config by @github-actions in #2968
- feat(checker): add cpio checker by @ffontaine in #3013
- ci: Harden GitHub Actions [StepSecurity] by @step-security-bot in #3043
- feat(checker): add sngrep checker by @ffontaine in #3035
- feat(checker): add fluidsynth checker by @ffontaine in #3012
- feat(checker): add pixman checker by @ffontaine in #3010
- feat(checker): add ldns checker by @ffontaine in #3004
- feat(checker): add gzip checker by @ffontaine in #2998
- chore: update checkers table by @github-actions in #3044
- ci: Dependabot "duplicated" lines and ignore "*" by @terriko in #3045
- chore(deps): bump github/codeql-action from 2.1.27 to 2.3.5 by @dependabot in #3049
- chore(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #3051
- chore(deps): bump actions/checkout from 3.1.0 to 3.5.2 by @dependabot in #3050
- chore: update pre-commit config by @github-actions in #3048
- ci: pin dependency-review linux, fix dependabot by @terriko in #3055
- feat(checker): add gdk-pixbuf checker by @ffontaine in #3011
- feat(checker): add libtasn1 checker by @ffontaine in #3000
- feat(checker): add dmidecode checker by @ffontaine in #2997
- feat(checker): add libgd checker by @ffontaine in #2978
- feat: merged report content change and comments added in html reports by @gvozzolo in #2913
- feat: add support for pgp signing (#2577) by @b31ngd3v in #2882
- chore: update checkers table by @github-actions in #3061
- chore: update SBOM for Python 3.8 by @github-actions in #3070
- chore: update SBOM for Python 3.7 by @github-actions in #3069
- chore: update SBOM for Python 3.10 by @github-actions in #3068
- chore: update SBOM for Python 3.9 by @github-actions in #3067
- chore: update SBOM for Python 3.11 by @github-actions in #3066
- ci: up timeouts on short and long tests by @terriko in #3072
- feat(checker): add udisks checker by @ffontaine in #2999
- feat(scanner): slight update in version display by @ffontaine in #3063
- feat(checker): add readline checker by @ffontaine in #2976
- feat(checker): add ntfs-3g checker by @ffontaine in #2973
- feat(checker): add ngircd checker by @ffontaine in #3003
- feat(checker): add libmodbus checker by @ffontaine in #3002
- feat(checker): add coreutils checker by @ffontaine in #3001
- fix: improve openssl checker by @ffontaine in #2987
- chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #3052
- chore: update SBOM for Python 3.8 by @github-actions in #3082
- fix: root file path of vulnerable component is missing by @b31ngd3v in #3088
- chore: update SBOM for Python 3.9 by @github-actions in #3081
- chore: update SBOM for Python 3.10 by @github-actions in #3080
- chore: update SBOM for Python 3.11 by @github-actions in #3079
- chore: update SBOM for Python 3.7 by @github-actions in #3078
- chore: update checkers table by @github-actions in #3073
- chore(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by @dependabot in #3090
- chore(deps-dev): bump pre-commit from 3.3.2 to 3.3.3 by @dependabot in #3087
- chore(deps): bump github/codeql-action from 2.3.5 to 2.20.0 by @dependabot in #3086
- chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 by @dependabot in #3085
- chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #3084
- fix: improve luajit checker by @ffontaine in #2993
- fix: improve gimp checker by @ffontaine in #2992
- ci: Automatically committing/suggesting linter fixes for PRs by @metabiswadeep in #3017
- chore(deps): bump sphinx from 4.4.0 to 7.0.1 in /doc by @dependabot in #3056
- fix: improve nghttp2 checker by @ffontaine in #2991
- docs: adding database schema by @Rexbeast2 in #3097
- chore(deps): bump github/codeql-action from 2.20.0 to 2.20.1 by @dependabot in #3098
- fix: fix xerces CPE ID by @ffontaine in #2932
- docs: including doc in build by @Rexbeast2 in #3102
- chore: update SBOM for Python 3.8 by @github-actions in #3111
- chore: update SBOM for Python 3.11 by @github-actions in #3110
- chore: update SBOM for Python 3.7 by @github-actions in #3109
- chore: update SBOM for Python 3.10 by @github-actions in #3108
- chore: update SBOM for Python 3.9 by @github-actions in #3107
- fix: report is not generated when no CVEs detected (#3028) by @b31ngd3v in #3075
- ci: dedeuplicate usage of codeql by @metabiswadeep in #3100
- feat: adding epss data by @Rexbeast...
CVE Binary Tool 3.2.1
Due to a change in the data used for the curl
data source, we're issuing a slightly out of band point release for users unable to use 3.2.
There are a number of checker updates to address false positives, new checkers, and other bug fixes and features as described below.
One commonly requested feature has made it into this release: generation of SBOMs. Please try it out and let us know where it can be improved!
Thanks especially to the many new contributors in this release (you can see the list at the bottom)
- Many of you joined us via the Google Summer of Code 2023 selection process: I wish we'd had mentors and slots available to have more of you as paid contributors this year!
- Some of you also joined us via the Intel Open Source Hackathon: thank you so much for taking the time to work with us and it's been a delight to work with so many experienced coders during the event.
- And some of you just stopped by on your own with great ideas and fixes. Thank you!
What's Changed
- feat(checker): Added Mozilla Thunderbird checker by @metabiswadeep in #2429
- feat(checker): add dropbear checker by @ffontaine in #2452
- chore: update checkers table by @github-actions in #2454
- ci: Switching version of python used for long tests by @metabiswadeep in #2438
- feat(checker): add doxygen checker by @ffontaine in #2455
- feat(checker): add faad2 checker by @ffontaine in #2458
- feat(checker): add flac checker by @ffontaine in #2459
- feat(checker): Added qemu checker by @metabiswadeep in #2460
- feat(checker): Added kubernetes checker by @metabiswadeep in #2462
- chore: bump version to 3.2.1dev0 by @terriko in #2468
- chore: update checkers table by @github-actions in #2467
- docs: Add short new contributor tips for copying into pull requests by @terriko in #2466
- fix: Improve firefox checker pattern by @metabiswadeep in #2469
- chore: update spdx header by @github-actions in #2478
- ci: remove pdf tests from windows short tests by @DangerChamp in #2465
- fix: improve output of cve-scan github action for cve by @ayushthe1 in #2475
- ci(SBOM): better SBOM maintenance by @Molkree in #2481
- ci: test on Python 3.11 by @Molkree in #2419
- fix: gad_source error while updating cache by @b31ngd3v in #2484
- ci(js): update workflow for updating JS by @Molkree in #2479
- ci: add mypy for type checking by @Molkree in #2488
- fix(tests): use importlib_metadata.version on 3.7 by @Molkree in #2482
- chore: update js dependencies by @github-actions in #2491
- chore: update SBOM for Python 3.7 by @github-actions in #2506
- chore: update SBOM for Python 3.8 by @github-actions in #2505
- chore: update SBOM for Python 3.9 by @github-actions in #2503
- chore: update SBOM for Python 3.10 by @github-actions in #2502
- chore: update SBOM for Python 3.11 by @github-actions in #2504
- fix: encoding issues on Windows by @Molkree in #2499
- fix: improve sqlite pattern by @ffontaine in #2497
- fix: update cve count of mit.kerberos_5 by @b31ngd3v in #2531
- Let 'cve-bin-tool --version' return success by @raboof in #2524
- feat(checker): add capnproto checker by @ffontaine in #2510
- fix: fix false positives with filename patterns by @ffontaine in #2521
- fix: type for capnproto checker by @metabiswadeep in #2535
- chore: update SBOM for Python 3.8 by @github-actions in #2555
- chore: update SBOM for Python 3.7 by @github-actions in #2554
- chore: update SBOM for Python 3.11 by @github-actions in #2553
- chore: update SBOM for Python 3.10 by @github-actions in #2552
- chore: update SBOM for Python 3.9 by @github-actions in #2551
- chore: update checkers table by @github-actions in #2534
- fix: Fail more gracefully when pip --dry-run doesn't work by @metabiswadeep in #2476
- fix: fix recursively typo by @ffontaine in #2536
- ci: use linux cache since windows is broken by @terriko in #2558
- fix: test_update_flags and pdf encoding error by @terriko in #2557
- fix: replace space in test filename by @ffontaine in #2537
- fix: Remove LGTM badge by @metabiswadeep in #2561
- chore: update SBOM for Python 3.7 by @github-actions in #2572
- chore: update SBOM for Python 3.9 by @github-actions in #2571
- chore: update SBOM for Python 3.8 by @github-actions in #2570
- chore: update SBOM for Python 3.11 by @github-actions in #2569
- chore: update SBOM for Python 3.10 by @github-actions in #2568
- feat: add php language parser by @Rexbeast2 in #2567
- test: improve test_csv2cve_valid_file for future failures by @b31ngd3v in #2548
- docs: Docs claim that ar is installed by default on Windows by @metabiswadeep in #2496
- feat(cve_scanner): add vendor to affected by @ffontaine in #2512
- fix: commonmark no longer a dependency by @terriko in #2574
- test: Improve testing to include checkers that should not match by @metabiswadeep in #2560
- ci: extend windows timeouts by @terriko in #2578
- feat: Integration with NVD API 2.0 (#2542) by @anthonyharrison in #2562
- feat: Check database schema for cve_exploits table by @metabiswadeep in #2566
- feat(checker): add lxc checker by @ffontaine in #2538
- fix: improve gstreamer checker by @ffontaine in #2541
- fix: improve sudo checker by @ffontaine in #2527
- fix: improve openjpeg checker by @ffontaine in #2526
- fix: improve libarchive checker by @ffontaine in #2523
- fix: improve libjpeg-turbo checker by @ffontaine in #2514
- fix: improve systemd checker by @ffontaine in #2507
- feat(checker): add nasm checker by @ffontaine in #2470
- fix: improve icecast checker by @ffontaine in #2545
- fix: improve ftp checker by @ffontaine in #2544
- fix: Remove bogus comment by @metabiswadeep in #2585
- fix: improve logrotate checker by @ffontaine in #2528
- feat(checker): add msmtp checker by @ffontaine in #2588
- ci: removed windows-specific cache by @singh-anushka in #2587
- fix: xmlschema log msg by @ayushthe1 in #2546
- fix: improve libnss checker by @ffontaine in #2539
- fix: improve other_products by @ffontaine in #2579
- fix: improve avahi checker by @ffontaine in #2592
- fix: improve netpbm checker by @ffontaine in #2522
- fix: improve libsolv checker by @ffontaine in #2520
- chore: update checkers table by @github-actions in #2581
- fix: improve kerberos checker by @ffontaine in #2509
- fix: improve libvirt checker by @ffontaine in #2540
- chore: update SBOM for Python 3.8 by @github-actions in #2613
- chor...
CVE Bin Tool pre-release 3.2.1rc0
Due to a change in the data used for the curl
data source, we're issuing a slightly out of band point release for users unable to use 3.2.
There are a number of checker updates to address false positives, new checkers, and other bug fixes and features as described below.
One commonly requested feature has made it into this release: generation of SBOMs. Please try it out and let us know where it can be improved!
What's Changed
- feat(checker): Added Mozilla Thunderbird checker by @metabiswadeep in #2429
- feat(checker): add dropbear checker by @ffontaine in #2452
- chore: update checkers table by @github-actions in #2454
- ci: Switching version of python used for long tests by @metabiswadeep in #2438
- feat(checker): add doxygen checker by @ffontaine in #2455
- feat(checker): add faad2 checker by @ffontaine in #2458
- feat(checker): add flac checker by @ffontaine in #2459
- feat(checker): Added qemu checker by @metabiswadeep in #2460
- feat(checker): Added kubernetes checker by @metabiswadeep in #2462
- chore: bump version to 3.2.1dev0 by @terriko in #2468
- chore: update checkers table by @github-actions in #2467
- docs: Add short new contributor tips for copying into pull requests by @terriko in #2466
- fix: Improve firefox checker pattern by @metabiswadeep in #2469
- chore: update spdx header by @github-actions in #2478
- ci: remove pdf tests from windows short tests by @DangerChamp in #2465
- fix: improve output of cve-scan github action for cve by @ayushthe1 in #2475
- ci(SBOM): better SBOM maintenance by @Molkree in #2481
- ci: test on Python 3.11 by @Molkree in #2419
- fix: gad_source error while updating cache by @b31ngd3v in #2484
- ci(js): update workflow for updating JS by @Molkree in #2479
- ci: add mypy for type checking by @Molkree in #2488
- fix(tests): use importlib_metadata.version on 3.7 by @Molkree in #2482
- chore: update js dependencies by @github-actions in #2491
- chore: update SBOM for Python 3.7 by @github-actions in #2506
- chore: update SBOM for Python 3.8 by @github-actions in #2505
- chore: update SBOM for Python 3.9 by @github-actions in #2503
- chore: update SBOM for Python 3.10 by @github-actions in #2502
- chore: update SBOM for Python 3.11 by @github-actions in #2504
- fix: encoding issues on Windows by @Molkree in #2499
- fix: improve sqlite pattern by @ffontaine in #2497
- fix: update cve count of mit.kerberos_5 by @b31ngd3v in #2531
- Let 'cve-bin-tool --version' return success by @raboof in #2524
- feat(checker): add capnproto checker by @ffontaine in #2510
- fix: fix false positives with filename patterns by @ffontaine in #2521
- fix: type for capnproto checker by @metabiswadeep in #2535
- chore: update SBOM for Python 3.8 by @github-actions in #2555
- chore: update SBOM for Python 3.7 by @github-actions in #2554
- chore: update SBOM for Python 3.11 by @github-actions in #2553
- chore: update SBOM for Python 3.10 by @github-actions in #2552
- chore: update SBOM for Python 3.9 by @github-actions in #2551
- chore: update checkers table by @github-actions in #2534
- fix: Fail more gracefully when pip --dry-run doesn't work by @metabiswadeep in #2476
- fix: fix recursively typo by @ffontaine in #2536
- ci: use linux cache since windows is broken by @terriko in #2558
- fix: test_update_flags and pdf encoding error by @terriko in #2557
- fix: replace space in test filename by @ffontaine in #2537
- fix: Remove LGTM badge by @metabiswadeep in #2561
- chore: update SBOM for Python 3.7 by @github-actions in #2572
- chore: update SBOM for Python 3.9 by @github-actions in #2571
- chore: update SBOM for Python 3.8 by @github-actions in #2570
- chore: update SBOM for Python 3.11 by @github-actions in #2569
- chore: update SBOM for Python 3.10 by @github-actions in #2568
- feat: add php language parser by @Rexbeast2 in #2567
- test: improve test_csv2cve_valid_file for future failures by @b31ngd3v in #2548
- docs: Docs claim that ar is installed by default on Windows by @metabiswadeep in #2496
- feat(cve_scanner): add vendor to affected by @ffontaine in #2512
- fix: commonmark no longer a dependency by @terriko in #2574
- test: Improve testing to include checkers that should not match by @metabiswadeep in #2560
- ci: extend windows timeouts by @terriko in #2578
- feat: Integration with NVD API 2.0 (#2542) by @anthonyharrison in #2562
- feat: Check database schema for cve_exploits table by @metabiswadeep in #2566
- feat(checker): add lxc checker by @ffontaine in #2538
- fix: improve gstreamer checker by @ffontaine in #2541
- fix: improve sudo checker by @ffontaine in #2527
- fix: improve openjpeg checker by @ffontaine in #2526
- fix: improve libarchive checker by @ffontaine in #2523
- fix: improve libjpeg-turbo checker by @ffontaine in #2514
- fix: improve systemd checker by @ffontaine in #2507
- feat(checker): add nasm checker by @ffontaine in #2470
- fix: improve icecast checker by @ffontaine in #2545
- fix: improve ftp checker by @ffontaine in #2544
- fix: Remove bogus comment by @metabiswadeep in #2585
- fix: improve logrotate checker by @ffontaine in #2528
- feat(checker): add msmtp checker by @ffontaine in #2588
- ci: removed windows-specific cache by @singh-anushka in #2587
- fix: xmlschema log msg by @ayushthe1 in #2546
- fix: improve libnss checker by @ffontaine in #2539
- fix: improve other_products by @ffontaine in #2579
- fix: improve avahi checker by @ffontaine in #2592
- fix: improve netpbm checker by @ffontaine in #2522
- fix: improve libsolv checker by @ffontaine in #2520
- chore: update checkers table by @github-actions in #2581
- fix: improve kerberos checker by @ffontaine in #2509
- fix: improve libvirt checker by @ffontaine in #2540
- chore: update SBOM for Python 3.8 by @github-actions in #2613
- chore: update SBOM for Python 3.7 by @github-actions in #2612
- chore: update SBOM for Python 3.9 by @github-actions in #2611
- chore: update SBOM for Python 3.11 by @github-actions in #2610
- chore: update SBOM for Python 3.10 by @github-actions in #2609
- fix: libjpeg-turbo not found in gimp by @metabiswadeep in #2606
- ci: fix running isort using pre-commit ...
CVE Binary Tool 3.2
New features from our GSoC 2022 participants:
- @yashugarg added a large number of tests and work on fuzzing our interfaces
- @rhythmrx9 aded new data sources (we now support advisories from Gitlab, OSV and Redhat as well as NVD)
- @XDRAGON2002 for the new parsers that allow us to scan things like Ruby Gemfiles, Rust cargo files, and more.
Other interesting features in this release:
- @ffontaine has added a large number of new checkers, pushing us well over 200 binary checkers.
- @anthonyharrison has added initial support for NVD API 2.0. Note that at the time this was added the 2.0 version didn't work with their API keys, so the code behaves accordingly.
Thanks also to @BreadGenie for code review and mentoring support as well as a number of contributions listed below. A special shout out to @b31ngd3v and @metabiswadeep whose first contributions are in this release but they've been the first of many, as well as the many other folk who got their first commits in via Hacktoberfest or GSoC or goodfirstissue.dev or however you found us. Thanks to everyone for being part of this release!
Full change list
- fix: check return on re.search by @wyattearp in #1643
- chore: update pre-commit config by @github-actions in #1629
- refactor: add type hints in cvedb.py by @rhythmrx9 in #1603
- feat: add detailed flag (#781) by @XDRAGON2002 in #1588
- refactor: added type hints to csv2cve by @gaurav879 in #1636
- fix: broken quiet mode in main branch (#1587) by @b31ngd3v in #1648
- fix: improve excel macro filter (#1644) by @b31ngd3v in #1647
- fix: Improved debug output (fixes #1653) by @anthonyharrison in #1654
- chore: update pre-commit config by @github-actions in #1652
- fix: add debug statement if checkers didn't load (#1440) by @b31ngd3v in #1650
- docs: update checkers/README.md by @b31ngd3v in #1651
- test: Add Atheris fuzzing setup for cve-bin-tool by @terriko in #1661
- feat(checker): added jackson-databind checker (#1387) by @b31ngd3v in #1663
- fix: mismatch between cvedb.cve_count and nvd_api.total_results (#1669) by @b31ngd3v in #1670
- test:Updated libvncserver test by @gaurav879 in #1664
- feat: flag exploited cves (#1454) by @XDRAGON2002 in #1520
- test: add test for CLI output dependant on reportlab existence by @onyxcherry in #1641
- fix: add urllib3 explicitly to avoid CVEs by @terriko in #1628
- feat: add new checker pr template (#1268) by @b31ngd3v in #1671
- fix: broken test_console_output_depending_reportlab_existence (#1675) by @b31ngd3v in #1676
- refactor: helper script
filename
(#1351) by @b31ngd3v in #1672 - feat(checker): add Apache commons-compress checker (#1040) by @b31ngd3v in #1666
- refactor: add link to helper docs when alternate contains patterns by @snosratiershad in #1674
- fix: licence in setup.py (#1673) by @b31ngd3v in #1677
- feat: improve usability when --input_file is missing (#1649) by @b31ngd3v in #1668
- feat(checker): add rust checker by @b31ngd3v in #1679
- feat: console output to a file by @rhythmrx9 in #1632
- chore(deps): bump html5lib from 0.99 to 0.99999999 (#1686) by @b31ngd3v in #1687
- chore: update pre-commit config by @github-actions in #1680
- docs: multiline pattern issue in windows vs linux (#1678) by @b31ngd3v in #1685
- feat: add radare2 contains patterns by @snosratiershad in #1693
- fix: logger.warn() warning & test_output_vex test (#1691) by @M-Faheem-Khan in #1692
- fix: rpm extractor for windows by @b31ngd3v in #1696
- feat: add parser class(#1699) by @XDRAGON2002 in #1700
- feat: add multiline string finder in helper script by @b31ngd3v in #1690
- refactor(extractor): Prioritize 7z while extracting pkg files in windows by @yashugarg in #1689
- feat: Add options to import and export database (fixes #1655) by @anthonyharrison in #1656
- test(extractor): added tests for zst and pkg package extractors by @yashugarg in #1683
- docs: fix remote repo url by @b31ngd3v in #1715
- feat: Add mapping of vulnerable libraries to components (Fixed #1657) by @anthonyharrison in #1658
- docs: add checker instructions into Read the Docs build (#1703) by @b31ngd3v in #1716
- feat(checkers): Add polarssl fedora contains patterns by @snosratiershad in #1695
- refactor: use pathlib.Path instead of os.path by @b31ngd3v in #1714
- ci: bump
setup-python
version by @Molkree in #1711 - feat: add affected-versions to all formats (#1342) by @XDRAGON2002 in #1667
- test: added unit tests for format_checkers script by @yashugarg in #1709
- ci: use Dependabot to bump GitHub Actions by @Molkree in #1712
- chore(deps): bump peter-evans/create-pull-request from 3 to 4 by @dependabot in #1726
- chore(deps): bump actions/cache from 2 to 3 by @dependabot in #1727
- feat(checker): luajit checker by @ffontaine in #1705
- docs: fix file extension in package list scanning by @b31ngd3v in #1733
- fix(output_pdf): broken tests and mapping of libraries to components by @b31ngd3v in #1734
- refactor: cvedb structure and datasources by @rhythmrx9 in #1706
- test: unit tests for csv2cve.py by @yashugarg in #1737
- refactor(format_checkers): use pathlib instead of os.path (#1725) by @b31ngd3v in #1731
- refactor: switch to pathlib.Path in cvedb.py by @rhythmrx9 in #1751
- chore(deps): bump codecov/codecov-action from 2 to 3 by @dependabot in #1728
- test: Add triage to requirements test to address aiohttp disputed cve by @terriko in #1746
- test: unit tests for version.py by @yashugarg in #1739
- chore: update pre-commit config by @github-actions in #1732
- fix : Updated spdx_header.txt by @iamnandhu in #1762
- fix: update database before merging by @b31ngd3v in #1765
- chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #1729
- fix: fix is_file call in test_scanner.py by @ffontaine in #1761
- ci: update year in spdx header automatically (#1753) by @b31ngd3v in #1763
- test(language_scanner): use scan_file() & add tests for python packages by @yashugarg in #1758
- feat: provide multiple output formats for a single scan (#1724) by @b31ngd3v in #1740
- fix: delete unnecessary file by @b31ngd3v in #1767
- fix: add luajit to documentation by @ffontaine in #1768
- refactor: refactor javascript parser (#1721) by @XDRAGON2002 in #1722
- test(scanner): unittest to cover make_condensed_from_download() by @yashugarg in #1770
- test(extractor): use all possible libraries to extract a file by @yashugarg in #1720
- refactor: refactor java parser (#1771) by @XDRAGON2002 in #1772
- chore(deps): bump github/codeql-action from 1 to 2 by @dependabot in #1730
- chore(deps): bump html5lib version for dependabot by @terriko in #1780
- fix(TestExtractFilePkg): avoid downloading files in tests by @b31ngd3v in #1784
- test: fix test_extract_file_cab_no_cabextract for wi...
CVE Bin Tool pre-release 3.2rc0
Preview release for 3.2.
We're currently seeing an issue in our testing system where Windows systems are taking a long time to upgrade the database to store additional data source information. Windows users are particularly encouraged to try this pre-release to see if you have any issues!
When updating your database, make sure your NVD_API_KEY is set and you may have better results using -u now
to get a fresh database.
What's Changed
- fix: check return on re.search by @wyattearp in #1643
- chore: update pre-commit config by @github-actions in #1629
- refactor: add type hints in cvedb.py by @rhythmrx9 in #1603
- feat: add detailed flag (#781) by @XDRAGON2002 in #1588
- refactor: added type hints to csv2cve by @gaurav879 in #1636
- fix: broken quiet mode in main branch (#1587) by @b31ngd3v in #1648
- fix: improve excel macro filter (#1644) by @b31ngd3v in #1647
- fix: Improved debug output (fixes #1653) by @anthonyharrison in #1654
- chore: update pre-commit config by @github-actions in #1652
- fix: add debug statement if checkers didn't load (#1440) by @b31ngd3v in #1650
- docs: update checkers/README.md by @b31ngd3v in #1651
- test: Add Atheris fuzzing setup for cve-bin-tool by @terriko in #1661
- feat(checker): added jackson-databind checker (#1387) by @b31ngd3v in #1663
- fix: mismatch between cvedb.cve_count and nvd_api.total_results (#1669) by @b31ngd3v in #1670
- test:Updated libvncserver test by @gaurav879 in #1664
- feat: flag exploited cves (#1454) by @XDRAGON2002 in #1520
- test: add test for CLI output dependant on reportlab existence by @onyxcherry in #1641
- fix: add urllib3 explicitly to avoid CVEs by @terriko in #1628
- feat: add new checker pr template (#1268) by @b31ngd3v in #1671
- fix: broken test_console_output_depending_reportlab_existence (#1675) by @b31ngd3v in #1676
- refactor: helper script
filename
(#1351) by @b31ngd3v in #1672 - feat(checker): add Apache commons-compress checker (#1040) by @b31ngd3v in #1666
- refactor: add link to helper docs when alternate contains patterns by @snosratiershad in #1674
- fix: licence in setup.py (#1673) by @b31ngd3v in #1677
- feat: improve usability when --input_file is missing (#1649) by @b31ngd3v in #1668
- feat(checker): add rust checker by @b31ngd3v in #1679
- feat: console output to a file by @rhythmrx9 in #1632
- chore(deps): bump html5lib from 0.99 to 0.99999999 (#1686) by @b31ngd3v in #1687
- chore: update pre-commit config by @github-actions in #1680
- docs: multiline pattern issue in windows vs linux (#1678) by @b31ngd3v in #1685
- feat: add radare2 contains patterns by @snosratiershad in #1693
- fix: logger.warn() warning & test_output_vex test (#1691) by @M-Faheem-Khan in #1692
- fix: rpm extractor for windows by @b31ngd3v in #1696
- feat: add parser class(#1699) by @XDRAGON2002 in #1700
- feat: add multiline string finder in helper script by @b31ngd3v in #1690
- refactor(extractor): Prioritize 7z while extracting pkg files in windows by @yashugarg in #1689
- feat: Add options to import and export database (fixes #1655) by @anthonyharrison in #1656
- test(extractor): added tests for zst and pkg package extractors by @yashugarg in #1683
- docs: fix remote repo url by @b31ngd3v in #1715
- feat: Add mapping of vulnerable libraries to components (Fixed #1657) by @anthonyharrison in #1658
- docs: add checker instructions into Read the Docs build (#1703) by @b31ngd3v in #1716
- feat(checkers): Add polarssl fedora contains patterns by @snosratiershad in #1695
- refactor: use pathlib.Path instead of os.path by @b31ngd3v in #1714
- ci: bump
setup-python
version by @Molkree in #1711 - feat: add affected-versions to all formats (#1342) by @XDRAGON2002 in #1667
- test: added unit tests for format_checkers script by @yashugarg in #1709
- ci: use Dependabot to bump GitHub Actions by @Molkree in #1712
- chore(deps): bump peter-evans/create-pull-request from 3 to 4 by @dependabot in #1726
- chore(deps): bump actions/cache from 2 to 3 by @dependabot in #1727
- feat(checker): luajit checker by @ffontaine in #1705
- docs: fix file extension in package list scanning by @b31ngd3v in #1733
- fix(output_pdf): broken tests and mapping of libraries to components by @b31ngd3v in #1734
- refactor: cvedb structure and datasources by @rhythmrx9 in #1706
- test: unit tests for csv2cve.py by @yashugarg in #1737
- refactor(format_checkers): use pathlib instead of os.path (#1725) by @b31ngd3v in #1731
- refactor: switch to pathlib.Path in cvedb.py by @rhythmrx9 in #1751
- chore(deps): bump codecov/codecov-action from 2 to 3 by @dependabot in #1728
- test: Add triage to requirements test to address aiohttp disputed cve by @terriko in #1746
- test: unit tests for version.py by @yashugarg in #1739
- chore: update pre-commit config by @github-actions in #1732
- fix : Updated spdx_header.txt by @iamnandhu in #1762
- fix: update database before merging by @b31ngd3v in #1765
- chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #1729
- fix: fix is_file call in test_scanner.py by @ffontaine in #1761
- ci: update year in spdx header automatically (#1753) by @b31ngd3v in #1763
- test(language_scanner): use scan_file() & add tests for python packages by @yashugarg in #1758
- feat: provide multiple output formats for a single scan (#1724) by @b31ngd3v in #1740
- fix: delete unnecessary file by @b31ngd3v in #1767
- fix: add luajit to documentation by @ffontaine in #1768
- refactor: refactor javascript parser (#1721) by @XDRAGON2002 in #1722
- test(scanner): unittest to cover make_condensed_from_download() by @yashugarg in #1770
- test(extractor): use all possible libraries to extract a file by @yashugarg in #1720
- refactor: refactor java parser (#1771) by @XDRAGON2002 in #1772
- chore(deps): bump github/codeql-action from 1 to 2 by @dependabot in #1730
- chore(deps): bump html5lib version for dependabot by @terriko in #1780
- fix(TestExtractFilePkg): avoid downloading files in tests by @b31ngd3v in #1784
- test: fix test_extract_file_cab_no_cabextract for windows by @yashugarg in #1788
- test: add intermediate report in output_html test by @yashugarg in #1778
- ci: add scan.coverity.com workflow by @terriko in #1789
- fix: doc build error by @b31ngd3v in #1796
- test(csv2cve): 5 new cves in haxx.curl by @terriko in #1791
- ci: set coverity build command to --no-command by @terriko in #1800
- refactor(test): remove ALLOWED_PACKAGES ...
CVE Binary Tool 3.1.2
Minor update to force a downgrade of packaging to allow use of LegacyVersion (fixes #2428)
This is intended to be a temporary fix while we finish up the 3.2 release, but I believe we will be able to backport the removal for LegacyVersion without much trouble, so there may be one more release for the 3.1 tree if it looks like 3.2 is going to take more than a week.
Full Changelog: v3.1.1...v3.1.2