Skip to content

Commit 78f6c87

Browse files
ffontaineffontaine
committed
fix: update varnish CPE IDs
Current varnish CPE ID is deprecated, so update it to avoid missing latest CVEs. While at it, also add debian and alpine test packages. Signed-off-by: Fabrice Fontaine <[email protected]>
1 parent 24d4462 commit 78f6c87

File tree

4 files changed

+26
-5
lines changed

4 files changed

+26
-5
lines changed

cve_bin_tool/checkers/varnish.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@
44

55
"""
66
CVE checker for varnish
7-
https://www.cvedetails.com/vulnerability-list/vendor_id-12937/product_id-26407/Varnish-cache-Varnish.html
7+
https://www.cvedetails.com/product/118293/Varnish-Cache-Project-Varnish-Cache.html?vendor_id=27905
8+
https://www.cvedetails.com/product/118294/Varnish-software-Varnish-Cache.html?vendor_id=26396
89
"""
910
from cve_bin_tool.checkers import Checker
1011

@@ -19,4 +20,7 @@ class VarnishChecker(Checker):
1920
]
2021
FILENAME_PATTERNS = [r"varnish"]
2122
VERSION_PATTERNS = [r"varnish-([0-9]+\.[0-9]+\.[0-9]+)"]
22-
VENDOR_PRODUCT = [("varnish-cache", "varnish")]
23+
VENDOR_PRODUCT = [
24+
("varnish_cache_project", "varnish_cache"),
25+
("varnish-software", "varnish_cache"),
26+
]

test/condensed-downloads/varnish-7.7.3-r0.apk.tar.gz

221 KB
Binary file not shown.

test/condensed-downloads/varnish_6.5.1-1+deb11u3_amd64.deb.tar.gz

384 KB
Binary file not shown.

test/test_data/varnish.py

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,30 @@
22
# SPDX-License-Identifier: GPL-3.0-or-later
33

44
mapping_test_data = [
5-
{"product": "varnish", "version": "4.1.1", "version_strings": ["varnish-4.1.1"]}
5+
{
6+
"product": "varnish_cache",
7+
"version": "4.1.1",
8+
"version_strings": ["varnish-4.1.1"],
9+
}
610
]
711
package_test_data = [
812
{
913
"url": "https://kojipkgs.fedoraproject.org/packages/varnish/4.0.5/1.el7/x86_64/",
1014
"package_name": "varnish-4.0.5-1.el7.x86_64.rpm",
11-
"product": "varnish",
15+
"product": "varnish_cache",
1216
"version": "4.0.5",
13-
}
17+
},
18+
{
19+
"url": "http://ftp.debian.org/debian/pool/main/v/varnish/",
20+
"package_name": "varnish_6.5.1-1+deb11u3_amd64.deb",
21+
"product": "varnish_cache",
22+
"version": "6.5.1",
23+
"other_products": ["zlib"],
24+
},
25+
{
26+
"url": "https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/",
27+
"package_name": "varnish-7.7.3-r0.apk",
28+
"product": "varnish_cache",
29+
"version": "7.7.3",
30+
},
1431
]

0 commit comments

Comments
 (0)