fix: improve openssh signature

Update openssh signature to avoid catching OpenSSH_3.0 strings, etc. While at it, add debian and OpenWRT test packages Signed-off-by: Fabrice Fontaine <[email protected]>
intel · Feb 10, 2023 · 3679b11 · 3679b11
1 parent 02e4438
commit 3679b11
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 3 deletions.
diff --git a/cve_bin_tool/checkers/openssh.py b/cve_bin_tool/checkers/openssh.py
@@ -28,5 +28,5 @@ class OpensshChecker(Checker):
         r"slogin",
         r"sshd",
     ]
-    VERSION_PATTERNS = [r"OpenSSH_([0-9]+\.[0-9]+[0-9a-z\s]*)"]
+    VERSION_PATTERNS = [r"\r?\nOpenSSH_([0-9]+\.[0-9]+(\.[0-9]+)?p[0-9]+)(?:\r?\n| )"]
     VENDOR_PRODUCT = [("openbsd", "openssh")]
diff --git a/test/condensed-downloads/openssh-client_6.7p1-5+deb8u4_amd64.deb.tar.gz b/test/condensed-downloads/openssh-client_6.7p1-5+deb8u4_amd64.deb.tar.gz
diff --git a/test/condensed-downloads/openssh-client_8.0p1-1_x86_64.ipk.tar.gz b/test/condensed-downloads/openssh-client_8.0p1-1_x86_64.ipk.tar.gz
diff --git a/test/test_data/openssh.py b/test/test_data/openssh.py
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 mapping_test_data = [
-    {"product": "openssh", "version": "6.9", "version_strings": ["OpenSSH_6.9"]}
+    {"product": "openssh", "version": "6.8p1", "version_strings": ["OpenSSH_6.8p1"]}
 ]
 package_test_data = [
     {
@@ -11,5 +11,19 @@
         "product": "openssh",
         "version": "6.8p1",
         "other_products": [],
-    }
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/o/openssh/",
+        "package_name": "openssh-client_6.7p1-5+deb8u4_amd64.deb",
+        "product": "openssh",
+        "version": "6.7p1",
+        "other_products": [],
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "openssh-client_8.0p1-1_x86_64.ipk",
+        "product": "openssh",
+        "version": "8.0p1",
+        "other_products": ["putty"],
+    },
 ]