Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gnutls file test added for version 2.3.11 #311

Merged
merged 4 commits into from
Jan 28, 2020
Merged

gnutls file test added for version 2.3.11 #311

merged 4 commits into from
Jan 28, 2020

Conversation

SinghHrmn
Copy link
Contributor

@SinghHrmn SinghHrmn commented Jan 28, 2020
edited
Loading

Added gnutls file test for version 2.3.11. The 2.3.11 version was downloaded from the official gnutls website. All the test were fine. I've attached the test screenshot
Screenshot (9)

terriko
terriko requested changes Jan 28, 2020
View reviewed changes
test/test_scanner.py Outdated Show resolved Hide resolved
@SinghHrmn
Copy link
Contributor Author

@terriko I've removed those comments from the PR.

@SinghHrmn
Copy link
Contributor Author

SinghHrmn commented Jan 28, 2020
edited
Loading

@terriko @pdxjohnny I'd like to mention a problem with gnutls checker. The checker was unable to find the CVE's in the given version as you can see from the below output

mastervulcan@DESKTOP-DMEM457:~/gsoc-cve-bin-tool$ cve-bin-tool ./testFilesCVE-bin-tool/gnutls-2.3.11/
Checking if CVE data needs an update.
Last Update: 2020-01-28
Local database has been updated in the past 24h.
New data not downloaded.  Use "-u now" to force an update

Overall CVE summary: 
There are 0 files with known CVEs detected

where ./testFilesCVE-bin-tool/gnutls-2.3.11/ is the location where I've extracted gnutls-2.3.11.tar.bz2 file. The File test which I've written uses the same file. But the test said ok.

@terriko
Copy link
Contributor

terriko commented Jan 28, 2020

@SinghHrmn That happens sometimes if it finds a version but doesn't find any CVEs associated with that version -- the file test checks if this is 2.3.11 as you said it was, but it doesn't look for CVEs. You can check to see what it thinks it found by using --log debug right now. If it's not finding anything, this might be a bug so please file an issue for it so we can investigate further.

@terriko
Copy link
Contributor

terriko commented Jan 28, 2020

Hm, put some more thought into this:

  • test_gnutls_bz2_2_3_11 will pass if gnutls 2.3.11 is found.
  • the cli will only print versions if cves are found.

If cve-bin-tool thinks for some reason that there are no CVEs in 2.3.11 exist, then what you're seeing would be normal behaviour. But 2.3.11 is pretty old, so I put it in a csv file to test and got some results. So that definitely looks like a bug.

$ python -m cve_bin_tool.csv2cve ~/tmp/gnutls.csv
cve_bin_tool.CVEDB - INFO - Using cached CVE data (<24h old). Use -u now to update immediately.
cve_bin_tool - INFO - CVES for gnu gnutls, version 2.3.11
cve_bin_tool - INFO - CVE-2008-1948
CVE-2008-1949
CVE-2008-1950
CVE-2008-4989
CVE-2009-1390
CVE-2009-1415
CVE-2009-1417
CVE-2009-2409
CVE-2009-2730
CVE-2009-3555
CVE-2009-5138
CVE-2012-0390
CVE-2012-1569
CVE-2012-1573
CVE-2012-1663
CVE-2013-1619
CVE-2014-0092
CVE-2014-1959
CVE-2014-3466
CVE-2014-3467
CVE-2014-3468
CVE-2014-3469
CVE-2014-8155
CVE-2015-0282
CVE-2015-3308
CVE-2015-8313
CVE-2016-7444
CVE-2017-5334
CVE-2017-5335
CVE-2017-5336
CVE-2017-5337
CVE-2017-7507
CVE-2017-7869

@terriko terriko merged commit bdbecae into intel:master Jan 28, 2020
@SinghHrmn SinghHrmn mentioned this pull request Jan 29, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pdxjohnny pdxjohnny Awaiting requested review from pdxjohnny

@terriko terriko Awaiting requested review from terriko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SinghHrmn @terriko