cve-bin-tool
cve-bin-tool copied to clipboard
intel
Scan process was broken if 7z not installed
It's similar to #1742 which I created. And I think some tools was not installed should not kill all the scan process. May just give a warning and continue to run. Because scan the whole disk may time consuming, and failed in the middle of the way is not a good experience.
I agree, we should log an error but not stop the scan.
BUT, if you're scanning windows without 7z installed you basically aren't doing any extraction, which might not be what you want. We should think about whether we want to issue a more obvious warning (e.g. repeat the warning at the end of the output or make it really brightly coloured or something) in conjunction with the individual "can't open this file" ones.
Thanks! Actually I am not running it on Windows but trying run(porting) this tool on IBMi(also know as OS400) on Power arch.
@terriko I wonder if we should be actually capturing a list of all the external applications which cve-bin-tool needs and validating that they are available before starting a scan? This would also catch the issue raised in #1760.
@terriko I wonder if we should be actually capturing a list of all the external applications which cve-bin-tool needs and validating that they are available before starting a scan? This would also catch the issue raised in #1760.
Yeah, either do that or use the existing wrapper to make it fail-with-error instead of raise an exception when it gets a "command not found" error. The pre-check approach would potentially save us some execution time since we wouldn't even have to try those file extensions, but the at-extraction-time check can probably be added with a few lines pretty easily.