search

TimesysGit / vigiles-openwrt

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.
10 stars 6 forks source link

Fix missing cases in get_libc_info, get_libgcc_info #6

Closed tjdavey closed 1 year ago

tjdavey commented 1 year ago

When libc or libgcc are not selected in the .config file the tool currently fails.

Missing libc error: 

Traceback (most recent call last):
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 257, in <module>
    __main__()
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 251, in __main__
    collect_metadata(vgls)
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 212, in collect_metadata
    vgls["packages"] = packages.get_package_info(vgls)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ranlytics/src/vigiles-openwrt/lib/packages.py", line 357, in get_package_info
    pkg_dict = get_toolchain_info(vgls, known_packages)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ranlytics/src/vigiles-openwrt/lib/packages.py", line 457, in get_toolchain_info
    libc_package, libc_info = get_libc_info(vgls)
    ^^^^^^^^^^^^^^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object

Missing libgcc error:

Traceback (most recent call last):
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 257, in <module>
    __main__()
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 251, in __main__
    collect_metadata(vgls)
  File "/Users/ranlytics/src/vigiles-openwrt/vigiles-openwrt.py", line 212, in collect_metadata
    vgls["packages"] = packages.get_package_info(vgls)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ranlytics/src/vigiles-openwrt/lib/packages.py", line 357, in get_package_info
    pkg_dict = get_toolchain_info(vgls, known_packages)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ranlytics/src/vigiles-openwrt/lib/packages.py", line 465, in get_toolchain_info
    dbg("%s version: %s" % (libgcc_info["name"], libgcc_info["version"]))
                            ~~~~~~~~~~~^^^^^^^^
TypeError: tuple indices must be integers or slices, not str

This PR corrects the short circuit cases in get_libc_info and get_libgcc_info to match the number of expected return values from these methods as per their usage in get_toolchain_info. I've tested this against a .config file missing both libc and libgcc to validate that both cases failing is well supported.

harish-bansal commented 1 year ago

Thank you @tjdavey for this PR. Our team has reviewed and pushed your commit fb480ca27cc1fd0b48b43c317828a10f562153a1 to the master branch.