fix: update polarssl checker (#5340)

ffontaine · web-flow · commit 5fee6efeee10 · 2025-09-17T08:06:38.000+02:00
Update polarssl pattern to detect version in alpine

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -340,7 +340,7 @@
     "pixman",
     "pjsip",
     "png",
-    "polarssl_fedora",
+    "polarssl",
     "poppler",
     "postgresql",
     "ppp",
diff --git a/cve_bin_tool/checkers/polarssl.py b/cve_bin_tool/checkers/polarssl.py
@@ -5,16 +5,13 @@
 """
 CVE checker for polarssl
 
-This checker currently works on only fedora distribution, because of lack of common signatures
-in other distributions, with unsuccessful attempts made for CentOS and ubuntu distributions.
-
 https://www.cvedetails.com/product/22470/Polarssl-Polarssl.html?vendor_id=12001
 
 """
 from cve_bin_tool.checkers import Checker
 
 
-class PolarsslFedoraChecker(Checker):
+class PolarsslChecker(Checker):
     CONTAINS_PATTERNS = [
         r"Bad usage of mbedtls_ssl_set_bio() or mbedtls_ssl_set_bio()",
         r"You must use mbedtls_ssl_set_timer_cb() for DTLS",
@@ -25,9 +22,7 @@ class PolarsslFedoraChecker(Checker):
         # r"mbedtls_x509_crt_check_extended_key_usage",
     ]
     FILENAME_PATTERNS = [r"libpolarssl.so."]
-    VERSION_PATTERNS = [
-        r"libpolarssl.so.([0-9]+\.[0-9]+\.[0-9]+)"
-    ]  # patterns like this aren't ideal
+    VERSION_PATTERNS = [r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nPOLARSSL"]
     VENDOR_PRODUCT = [("polarssl", "polarssl")]
 
 
diff --git a/test/condensed-downloads/polarssl-1.3.8-r1.apk.tar.gz b/test/condensed-downloads/polarssl-1.3.8-r1.apk.tar.gz
diff --git a/test/test_data/polarssl.py b/test/test_data/polarssl.py
@@ -5,7 +5,7 @@
     {
         "product": "polarssl",
         "version": "1.3.6",
-        "version_strings": ["libpolarssl.so.1.3.6.debug"],
+        "version_strings": ["1.3.6\nPOLARSSL"],
     }
 ]
 package_test_data = [
@@ -14,5 +14,12 @@
         "package_name": "polarssl-1.3.7-2.fc21.x86_64.rpm",
         "product": "polarssl",
         "version": "1.3.7",
-    }
+    },
+    {
+        "url": "https://dl-cdn.alpinelinux.org/alpine/v3.1/main/x86_64/",
+        "package_name": "polarssl-1.3.8-r1.apk",
+        "product": "polarssl",
+        "version": "1.3.8",
+        "other_products": ["gcc"],
+    },
 ]

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`{`
`6`	`6`	`"product": "polarssl",`
`7`	`7`	`"version": "1.3.6",`
`8`		`- "version_strings": ["libpolarssl.so.1.3.6.debug"],`
	`8`	`+ "version_strings": ["1.3.6\nPOLARSSL"],`
`9`	`9`	`}`
`10`	`10`	`]`
`11`	`11`	`package_test_data = [`
`@@ -14,5 +14,12 @@`
`14`	`14`	`"package_name": "polarssl-1.3.7-2.fc21.x86_64.rpm",`
`15`	`15`	`"product": "polarssl",`
`16`	`16`	`"version": "1.3.7",`
`17`		`- }`
	`17`	`+ },`
	`18`	`+ {`
	`19`	`+ "url": "https://dl-cdn.alpinelinux.org/alpine/v3.1/main/x86_64/",`
	`20`	`+ "package_name": "polarssl-1.3.8-r1.apk",`
	`21`	`+ "product": "polarssl",`
	`22`	`+ "version": "1.3.8",`
	`23`	`+ "other_products": ["gcc"],`
	`24`	`+ },`
`18`	`25`	`]`