feat(checker): add mp4v2 checker (#4380)

ffontaine · web-flow · commit 1cb692cb3a88 · 2024-09-09T14:48:28.000-07:00
windows_fixup must be moved to util.py to reuse this function in
test_condensed_downloads.py

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -238,6 +238,7 @@
     "monit",
     "mosquitto",
     "motion",
+    "mp4v2",
     "mpg123",
     "mpv",
     "msmtp",
diff --git a/cve_bin_tool/checkers/mp4v2.py b/cve_bin_tool/checkers/mp4v2.py
@@ -0,0 +1,26 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for mp4v2
+
+https://www.cvedetails.com/product/48319/Techsmith-Mp4v2.html?vendor_id=9035
+https://www.cvedetails.com/product/44070/Mp4v2-Project-Mp4v2.html?vendor_id=17731
+https://www.cvedetails.com/product/142097/Mp4v2-Mp4v2.html?vendor_id=30832
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class Mp4V2Checker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [r"MP4v2\r?\nversion:\r?\n([0-9]+\.[0-9]+\.[0-9]+)"]
+    VENDOR_PRODUCT = [
+        ("mp4v2", "mp4v2"),
+        ("mp4v2_project", "mp4v2"),
+        ("techsmith", "mp4v2"),
+    ]
diff --git a/cve_bin_tool/util.py b/cve_bin_tool/util.py
@@ -609,3 +609,8 @@ def decode_cpe22(cpe22) -> list:
     vendor, product, version = cpe[2], cpe[3], cpe[4]
     # Return available data, convert empty fields to None
     return [vendor or None, product or None, version or None]
+
+
+def windows_fixup(filename):
+    """Replace colon and backslash in filename to avoid a failure on Windows"""
+    return filename.replace(":", "_").replace("\\", "_")
diff --git a/test/condensed-downloads/libmp4v2-1_2.1.3-2-aarch64.pkg.tar.xz.tar.gz b/test/condensed-downloads/libmp4v2-1_2.1.3-2-aarch64.pkg.tar.xz.tar.gz
diff --git a/test/test_condensed_downloads.py b/test/test_condensed_downloads.py
@@ -8,6 +8,7 @@
 import subprocess
 
 from cve_bin_tool.checkers import __all__ as all_test_name
+from cve_bin_tool.util import windows_fixup
 
 
 # Test to check condensed files are committed according to the package test data of checkers
@@ -21,7 +22,9 @@ def test_condensed_downloads():
     for package_test_data in package_test_data_list:
         for package_data in package_test_data:
             package_names.append(
-                "test/condensed-downloads/" + package_data["package_name"] + ".tar.gz"
+                "test/condensed-downloads/"
+                + windows_fixup(package_data["package_name"])
+                + ".tar.gz"
             )
 
     condensed_downloads = subprocess.run(
diff --git a/test/test_data/mp4v2.py b/test/test_data/mp4v2.py
@@ -0,0 +1,19 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "mp4v2",
+        "version": "4.1.2",
+        "version_strings": ["MP4v2\nversion:\n4.1.2"],
+    }
+]
+package_test_data = [
+    {
+        "url": "https://eu.mirror.archlinuxarm.org/aarch64/extra/",
+        "package_name": "libmp4v2-1:2.1.3-2-aarch64.pkg.tar.xz",
+        "product": "mp4v2",
+        "version": "2.1.3",
+        "other_products": ["gcc"],
+    },
+]
diff --git a/test/test_scanner.py b/test/test_scanner.py
@@ -25,6 +25,7 @@
 
 from cve_bin_tool.checkers import __all__ as all_test_name
 from cve_bin_tool.cvedb import CVEDB
+from cve_bin_tool.util import windows_fixup
 from cve_bin_tool.version_scanner import VersionScanner
 
 # load test data
@@ -83,10 +84,6 @@ def teardown_class(cls):
         shutil.rmtree(cls.package_test_dir)
         shutil.rmtree(cls.mapping_test_dir)
 
-    def windows_fixup(self, filename):
-        """Replace colon and backslash in filename to avoid a failure on Windows"""
-        return filename.replace(":", "_").replace("\\", "_")
-
     def test_false_positive(self):
         self.scanner.all_cves = []
         with tempfile.NamedTemporaryFile(
@@ -154,7 +151,7 @@ def test_version_mapping(self, product, version, version_strings):
         for filename in filenames:
             with tempfile.NamedTemporaryFile(
                 "w+b",
-                suffix=self.windows_fixup(filename),
+                suffix=windows_fixup(filename),
                 dir=self.mapping_test_dir,
                 delete=False,
             ) as f:
@@ -237,7 +234,7 @@ def condensed_filepath(self, url, package_name):
                 dirpath.mkdir()
         # Check if we've already made a condensed version of the file, if we
         # have, we're done.
-        condensed_path = condensed_dir / (self.windows_fixup(package_name) + ".tar.gz")
+        condensed_path = condensed_dir / (windows_fixup(package_name) + ".tar.gz")
         if condensed_path.is_file():
             return str(condensed_path)
         # Download the file if we don't have a condensed version of it and we
