fix: update jq checker

ffontaine · ffontaine · commit 22958484dc72 · 2024-08-29T12:32:29.000+02:00
Update jq pattern to avoid false positives with the following strings:

0.2
jqPzsA

Moreover, add a new pattern to detect jq 1.7.1

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/jq.py b/cve_bin_tool/checkers/jq.py
@@ -17,5 +17,8 @@
 class JqChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS: list[str] = []
-    VERSION_PATTERNS = [r"([0-9]+\.[0-9]+)[a-zA-Z0-9:\-\r\n]*jq"]
+    VERSION_PATTERNS = [
+        r"jq-([0-9]+\.[0-9]+\.[0-9]+)",
+        r"([0-9]+\.[0-9]+)[a-zA-Z0-9:\-\r\n]*jq[ :]",
+    ]
     VENDOR_PRODUCT = [("jq_project", "jq"), ("jqlang", "jq")]
diff --git a/test/condensed-downloads/jq_1.7.1-3_arm64.deb.tar.gz b/test/condensed-downloads/jq_1.7.1-3_arm64.deb.tar.gz
diff --git a/test/test_data/jq.py b/test/test_data/jq.py
@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 mapping_test_data = [
-    {"product": "jq", "version": "1.5", "version_strings": ["1.5\njq:"]}
+    {"product": "jq", "version": "1.5", "version_strings": ["1.5\njq:"]},
+    {"product": "jq", "version": "1.7.1", "version_strings": ["jq-1.7.1"]},
 ]
 package_test_data = [
     {
@@ -17,6 +18,12 @@
         "product": "jq",
         "version": "1.5",
     },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/",
+        "package_name": "jq_1.7.1-3_arm64.deb",
+        "product": "jq",
+        "version": "1.7.1",
+    },
     {
         "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
         "package_name": "jq_1.6-1_x86_64.ipk",
