fix: improve gstreamer signature (#2688)

Improve gstreamer signature to avoid catching strings such as
libgstreamer-0.10.so.0 in version 0.10.36

This will fix false positives with freerdp, gstreamer, opencv and
webkitgtk

Moreover, drop gstreamermm test package which is not gstreamer:
https://gitlab.gnome.org/GNOME/gstreamermm

Signed-off-by: Fabrice Fontaine <[email protected]>

cve_bin_tool/checkers/gstreamer.py

@@ -18,7 +18,6 @@ class GstreamerChecker(Checker):
     FILENAME_PATTERNS = [r"gstreamer"]
     VERSION_PATTERNS = [
         r"((\d+\.)+\d+)[a-zA-Z \r\n]*GStreamer ",
-        r"gstreamer[a-zA-Z \r\n]*((\d+\.)+\d+)",
-        r"libgstreamer-((\d+\.)+\d+)",
+        r"gstreamer[a-zA-Z \r\n]+((\d+\.)+\d+)",
     ]
     VENDOR_PRODUCT = [("gstreamer", "gstreamer"), ("gstreamer_project", "gstreamer")]

test/test_data/freerdp.py

@@ -18,6 +18,6 @@
         "package_name": "libfreerdp-client2-2_2.0.0~git20190204.1.2693389a%2Bdfsg1-1~bpo9%2B1_amd64.deb",
         "product": "freerdp",
         "version": "2.0.0",
-        "other_products": ["gstreamer"],
+        "other_products": [],
     },
 ]

test/test_data/gstreamer.py

@@ -4,11 +4,8 @@
 mapping_test_data = [
     {
         "product": "gstreamer",
-        "version": "1.10.0",
-        "version_strings": [
-            "http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer",
-            "libgstreamer-1.10.0",
-        ],
+        "version": "0.10.36",
+        "version_strings": ["gstreamer\nLGPL\n0.10.36"],
     },
     {
         "product": "gstreamer",
@@ -17,13 +14,6 @@
     },
 ]
 package_test_data = [
-    {
-        "url": "http://archive.ubuntu.com/ubuntu/pool/universe/g/gstreamermm-1.0/",
-        "package_name": "libgstreamermm-1.0-0v5_1.4.3+dfsg-5_amd64.deb",
-        "product": "gstreamer",
-        "version": "1.0",
-        "other_products": [],
-    },
     {
         "url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
         "package_name": "gstreamer-0.10.36-7.el7.i686.rpm",

test/test_data/opencv.py

@@ -10,14 +10,14 @@
         "package_name": "libopencv405-4.5.5-150400.1.28.aarch64.rpm",
         "product": "opencv",
         "version": "4.5.5",
-        "other_products": ["gstreamer", "python"],
+        "other_products": ["python"],
     },
     {
         "url": "http://rpmfind.net/linux/opensuse/distribution/leap/15.4/repo/oss/ppc64le/",
         "package_name": "libopencv405-4.5.5-150400.1.28.ppc64le.rpm",
         "product": "opencv",
         "version": "4.5.5",
-        "other_products": ["gstreamer", "python"],
+        "other_products": ["python"],
     },
     {
         "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/",

test/test_data/spice.py

@@ -16,7 +16,7 @@
         "package_name": "libspice-server1-0.14.2-lp152.1.1.aarch64.rpm",
         "product": "spice",
         "version": "0.14.2",
-        "other_products": ["gstreamer"],
+        "other_products": [],
     },
     {
         "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/",

test/test_data/webkitgtk.py

@@ -14,13 +14,13 @@
         "package_name": "webkitgtk3-2.4.11-2.el7.x86_64.rpm",
         "product": "webkitgtk",
         "version": "2.4.11",
-        "other_products": ["gstreamer"],
+        "other_products": [],
     },
     {
         "url": "https://kojipkgs.fedoraproject.org/packages/webkitgtk/2.0.1/1.fc19/x86_64/",
         "package_name": "webkitgtk-2.0.1-1.fc19.x86_64.rpm",
         "product": "webkitgtk",
         "version": "2.0.1",
-        "other_products": ["gstreamer"],
+        "other_products": [],
     },
 ]