wazuh
wazuh copied to clipboard
wazuh
Add support for alternative syntaxes in PEP440 version matching
| Related issue |
|---|
| #22181 |
Description
This PR enhances the version matching functionality for PEP440 by reducing its restrictiveness, accepting also the alternative syntaxes documented at Version Specifiers - Normalization.
The following examples illustrate newly accepted version strings and their normalized equivalents:
1.1RC1 -> 1.1rc1
1.2.3.a1 -> 1.2.3a1
1.2.3a-1 -> 1.2.3a1
1.2.3alpha1 -> 1.2.3a1
1.2.3c1 -> 1.2.3rc1
1.2.3b -> 1.2.3b0
1.2.3_post1 -> 1.2.3.post1
1.2.3.rev1 -> 1.2.3.post1
1.2.3-1 -> 1.2.3.post1
Tests
New unit tests added:
$ ./vulnerability_scanner_unit_tests --gtest_filter=VersionMatcher*PEP440_AlternativeSyntax_*
Note: Google Test filter = VersionMatcher*PEP440_AlternativeSyntax_*
[==========] Running 3 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 3 tests from VersionMatcherTest
[ RUN ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkEqual
[ OK ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkEqual (8 ms)
[ RUN ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkLess
[ OK ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkLess (2 ms)
[ RUN ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkGreater
[ OK ] VersionMatcherTest.comparePEP440_AlternativeSyntax_OkGreater (2 ms)
[----------] 3 tests from VersionMatcherTest (12 ms total)
[----------] Global test environment tear-down
[==========] 3 tests from 1 test suite ran. (12 ms total)
[ PASSED ] 3 tests.
Tests cases were added to the vulnerability scanner qa tests: src/wazuh_modules/vulnerability_scanner/qa/test_data/006/
DEBUG test_efficacy_log:test_efficacy_log.py:171 Running test wazuh_modules/vulnerability_scanner/qa/test_data/006/
input_006.json
DEBUG test_efficacy_log:test_efficacy_log.py:192 Sending flatbuffer data
DEBUG test_efficacy_log:test_efficacy_log.py:30 Found 4 matches
DEBUG test_efficacy_log:test_efficacy_log.py:30 Found 5 matches
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'cfscrape', is vulnerable to 'CVE-2017-7235'. Current version: '1.7.0' (less than '1.8.0' or equal to ''). - Agent '' (ID: '001', Version: '').
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'pypdf2', is vulnerable to 'CVE-2023-36464'. Current version: '2.10.5' (less than '' or equal to '3.0.1'). - Agent '' (ID: '001', Version: '').
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'pypdf2', is vulnerable to 'CVE-2023-36807'. Current version: '2.10.5' (less than '2.10.6' or equal to ''). - Agent '' (ID: '001', Version: '').
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'py-evm', is vulnerable to 'CVE-2018-18920'. Current version: '0.2.0a32' (less than '0.2.0a33' or equal to ''). - Agent '' (ID: '001', Version: '').
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'py-evm', is vulnerable to 'CVE-2018-18920'. Current version: 'v0.2.0-alpha.32' (less than '0.2.0a33' or equal to ''). - Agent '' (ID: '001', Version: '').
DEBUG test_efficacy_log:test_efficacy_log.py:77 Found line: wazuh-modulesd:vulnerability-scanner:packageScanner.hpp:211 operator() : Match found, the package 'geonode', is vulnerable to 'CVE-2023-42439'. Current version: '4.1.0-1' (less than '4.1.3.post1' or equal to ''). - Agent '' (ID: '001', Version: '').
PASSED [100%]
