cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard
verified publisher icon intel

feat: add extraction enhancements to include binary identification

Open jananir640 opened this issue 1 year ago • 3 comments

TLDR; add extraction enhancements to include binary identification

Upon using cve-bin-tool, ran into extraction failures. To combat this, added binary matching capabilities instead of relying solely on matching file extension names. Python library filetype can guess a file's type by matching against its hex representation.

Noticed that extraction failures commonly occur after encountering LZMA compression type, so utilized filetype library to create matching capabilities against this type of file. This significantly improved extraction capabilities in being able to further extract large files.

jananir640 avatar Feb 12 '24 22:02 jananir640

Codecov Report

Attention: Patch coverage is 64.44444% with 16 lines in your changes are missing coverage. Please review.

Project coverage is 81.06%. Comparing base (d6cbe40) to head (ead1902). Report is 49 commits behind head on main.

Files Patch % Lines
cve_bin_tool/extractor.py 52.94% 13 Missing and 3 partials :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3812      +/-   ##
==========================================
+ Coverage   75.41%   81.06%   +5.65%     
==========================================
  Files         808      809       +1     
  Lines       11983    12138     +155     
  Branches     1598     1642      +44     
==========================================
+ Hits         9037     9840     +803     
+ Misses       2593     1877     -716     
- Partials      353      421      +68
Flag Coverage Δ
longtests 80.53% <64.44%> (+5.11%) :arrow_up:
win-longtests 78.73% <64.44%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Feb 13 '24 19:02 codecov-commenter

Thank you for this!

Just a heads up that since this adds a new dependency on filetype, I've gotta go through our legal process to make sure it goes through our internal licensing checks. It's MIT, so I don't anticipate any problems, but it'll take a few days before I can merge anything.

terriko avatar Feb 13 '24 22:02 terriko

Sounds good, thank you so much!

jananir640 avatar Feb 13 '24 23:02 jananir640

Sounds great, thank you so much for your help! Excited to have been able to contribute.

jananir640 avatar Mar 05 '24 15:03 jananir640