feat(checker): Add sudo checker (#1259)

* feat(checker): Add sudo checker * add condensed downloads for sudo
intel · Jul 21, 2021 · 6248aef · 6248aef
1 parent 219e05a
commit 6248aef
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -119,8 +119,8 @@ match certain vulnerable versions of the following libraries and tools:
 | libtiff  | libvirt   | lighttpd       | mariadb            | memcached  | ncurses    | nessus  |
 | netpbm   | nginx     | node           | openafs            | openldap   | openssh    | openssl |
 | openswan | openvpn   | png            | polarssl_fedora    | postgresql | python     | qt      |
-| radare2  | rsyslog   | samba          | sqlite             | strongswan | syslogng   | systemd |
-| tcpdump  | varnish   | wireshark      | xerces             | xml2       | zlib       |         |
+| radare2  | rsyslog   | samba          | sqlite             | strongswan | sudo       | syslogng| 
+| systemd  | tcpdump   | varnish        | wireshark          | xerces     | xml2       | zlib    | 
 
 
 All the checkers can be found in the checkers directory, as can the

diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -95,6 +95,7 @@
     "sqlite",
     "strongswan",
     "subversion",
+    "sudo",
     "syslogng",
     "systemd",
     "tcpdump",

diff --git a/cve_bin_tool/checkers/sudo.py b/cve_bin_tool/checkers/sudo.py
@@ -0,0 +1,33 @@
+# Copyright (C) 2021 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for sudo
+References:
+https://www.sudo.ws/
+https://www.cvedetails.com/vulnerability-list/vendor_id-15714/product_id-32625/Sudo-Project-Sudo.html
+"""
+from cve_bin_tool.checkers import Checker
+
+
+class SudoChecker(Checker):
+
+    CONTAIN_PATTERNS = [
+        r"sudo_debug_exit_str_masked_v1",
+        r"sudo_debug_set_active_instance_v1",
+        r"sudo_fatal_callback_register_v1",
+    ]
+    FILENAME_PATTERNS = [
+        r"sudo_logsrvd",
+        r"sudo_sendlog",
+        r"sudoers.so",
+    ]
+    VERSION_PATTERNS = [
+        r"Sudo Audit Server ([0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?)",
+        r"Sudo Sendlog ([0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?)",
+        r"sudoers ([0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?)",
+    ]
+    VENDOR_PRODUCT = [
+        ("sudo_project", "sudo"),
+    ]
diff --git a/test/condensed-downloads/sudo-1.9.5p2-1.5.x86_64.rpm.tar.gz b/test/condensed-downloads/sudo-1.9.5p2-1.5.x86_64.rpm.tar.gz
diff --git a/test/condensed-downloads/sudo_1.9.1-1ubuntu1.1_arm64.deb.tar.gz b/test/condensed-downloads/sudo_1.9.1-1ubuntu1.1_arm64.deb.tar.gz
diff --git a/test/test_data/sudo.py b/test/test_data/sudo.py
@@ -0,0 +1,32 @@
+# Copyright (C) 2021 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "sudo",
+        "version": "1.9.1",
+        "version_strings": [
+            r"Sudo Audit Server 1.9.1",
+            r"Sudo Sendlog 1.9.1",
+            r"sudoers 1.9.1",
+            r"subversion-1.13.0",
+            r"sudo_debug_exit_str_masked_v1",
+            r"sudo_debug_set_active_instance_v1",
+            r"sudo_fatal_callback_register_v1",
+        ],
+    }
+]
+package_test_data = [
+    {
+        "url": "http://ports.ubuntu.com/pool/main/s/sudo/",
+        "package_name": "sudo_1.9.1-1ubuntu1.1_arm64.deb",
+        "product": "sudo",
+        "version": "1.9.1",
+    },
+    {
+        "url": "https://ftp.lysator.liu.se/pub/opensuse/ports/aarch64/distribution/leap/15.3/repo/oss/x86_64/",
+        "package_name": "sudo-1.9.5p2-1.5.x86_64.rpm",
+        "product": "sudo",
+        "version": "1.9.5p2",
+    },
+]