cve-bin-tool
cve-bin-tool copied to clipboard
intel
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
### Description: The following functions in `cve_bin_tool/fetch_json_db.py` lack proper test coverage and need unit tests to ensure reliability: ### Functions Needing Tests: ~~ [report](https://app.codecov.io/gh/intel/cve-bin-tool/blob/kanakOS01%2Fcve-bin-tool%3Atest_mismatch_pkg/cve_bin_tool%2Ffetch_json_db.py) 1. **`get_failed_downloads(self)`** - Ensures missing JSON...
Python 3.8 is no longer getting security updates, so we'll be dropping support. It's likely that things will continue to work for some time, but we'll stop running tests and...
Check generated HTML report for any regressions [here][1]. [1]: https://github.com/intel/cve-bin-tool/actions/runs/12575646979
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
### Description Hi cve-bin-tool team. We currently evaluate the integration of cve-bin-tool into [EMBA](https://github.com/e-m-b-a/emba). In EMBA we query the CVE data via grep queries. These include sometimes regular expressions for...
The inpath() function appears to not be getting tested on windows: Coverage details: https://app.codecov.io/gh/intel/cve-bin-tool/blob/main/cve_bin_tool/util.py#L112 It looks like there is a test in test/test_util.py already; is there some reason it's not...
The script helper_script.py takes an arbitrary file and tries to guess the product and find potential signatures. It works really well with distro package files like rpms. Right now, if...
Our test suite has been sometimes throwing the following error: ``` sqlite3.OperationalError: database is locked ``` I think some of our immediate problem can be fixed with improving our test...
As a side-effect, this also finds OpenSSL in a bunch of other libraries.
We're working on some stuff that would have been nice to have a place for announcements that aren't really bugs, this is a reminder so I actually do that.
### Description SPDX3.0 has introduced a VEX format ### Why? Ensures that cve-bin-tool supports all VEX formats ### Anything else? Lib4vex already includes support for SPDX VEX. Update is primarily...
