search

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
https://cve-bin-tool.readthedocs.io/en/latest/
GNU General Public License v3.0
1.23k stars 464 forks source link

May need new test file for cab_extract #936

Closed terriko closed 3 years ago

terriko commented 4 years ago

The test file used in the cab extraction test ( https://master.dl.sourceforge.net/project/winpe/VmWare%20Drivers/VmWare%20Drivers%20v1.1/vmware-1.1.cab ) works for me locally but is causing problems in CI. I sort of think that it could be a rate limit or something between sourceforge and github.

I'm going to disable text_extract_file_cab for now, but I'm filing this issue to remind us that we need to find an alternative file for this test (or possibly generate a very small one we can include in the repository ourselves?)

asnature commented 4 years ago

Hello @terriko , Abhishek here! I'm a complete beginner to Open Source and would like to contribute to this project. Kindly guide me. Thanks!

terriko commented 4 years ago

@asnature So, for this bug, we're just looking for a .cab file that we can be sure will be available long-term. The one we had was an old sourceforge link and it doesn't seem to be working in Github Actions.

You can read about the cab file format here: https://en.wikipedia.org/wiki/Cabinet_(file_format)

Possibly the best long-term solution would be to create a very small .cab file that we could store in the repo directly for tests so that we don't have to worry about what's in there. I'd suggest figuring out one of the libraries we already support (e.g. libxml2) and archiving a copy of the library into the .cab format and see if that works. The smaller the library the better; I don't know offhand what our smallest libraries are but you could check.

If that's not viable, it's a fairly commonly used format in Windows -- we may be able to find one associated with a public, stable project that's unlikely to change and consistently works from Github Actions and use that. We were using one from VMWare -- they likely have things thave have migrated to GitHub that would be easier to access without causing network errors.

terriko commented 4 years ago

@asnature and if this bug doesn't sound like something that suits you, I also put a few more new checker issues under the "good first issue" tag which may be easier.

terriko commented 3 years ago

Fixed in #1122