feat: "language" parser for Conan [ C/C++ ]

[mastersans]

We would like to request the addition of a Conan package parser to our tool. Conan is a popular package manager for C and C++ Current list of language parsers supported: here You can find conan file specification here: https://docs.conan.io/2/tutorial/consuming_packages/intro_to_versioning.html#tutorial-consuming-packages-versioning-lockfiles

Docs for adding new parser: https://github.com/intel/cve-bin-tool/blob/main/cve_bin_tool/parsers/README.md

[muddi900]

I have written a parser. However the documentation of writing tests seems to be confusing.

[mastersans]

hi @muddi900 you can start by adding a sample file for parser to scan here and add the expected entries of product(3-4 ) here and add the filename here: https://github.com/intel/cve-bin-tool/blob/a1c72262bae2b69b5cf139ba8062c38983e32cc5/test/test_language_scanner.py#L232

[muddi900]

parser type must also be added to parse.py inside valid_files dictionary to allow the tool to call that specific parser when that specific filename is detected.

This section suggests the list is maintained manually, but the code assigns it programatically.

https://github.com/muddi900/cve-bin-tool/blob/e4239bd3b838b1717e295412113030ee42631fc6/cve_bin_tool/parsers/parse.py#L56-L75

[terriko]

We recently changed how the parsers were loaded in https://github.com/intel/cve-bin-tool/commit/8c6d3dd3b1fd318281d02f13d742d0745ef2cef6, so probably the documentation needs an update.

Feel free to open a PR to fix that; docs updates are always appreciated!

(there's also a small chance that we missed something and we're loading things in two ways. But I think the refactor should have fixed it to be a single way back in June)

[muddi900]

I keep failing the test because I am running it on a mac.

These lines in question are the cause: https://github.com/intel/cve-bin-tool/blob/36ff40f8c7e0576b413ddedb130a8a72275162ff/cve_bin_tool/version_scanner.py#L230-L236

Is there a workaround?