diff --git a/cve_bin_tool/cve_scanner.py b/cve_bin_tool/cve_scanner.py index e2d4b22202..a302cc97b0 100644 --- a/cve_bin_tool/cve_scanner.py +++ b/cve_bin_tool/cve_scanner.py @@ -104,7 +104,7 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData): parsed_version, parsed_version_between = self.canonical_convert(product_info) # If canonical form of version numbering not found, exit if parsed_version == "UNKNOWN": - return + pass self.cursor.execute(query, [vendor, product_info.product, str(parsed_version)]) @@ -147,45 +147,50 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData): # check the start range passes_start = False - if ( - version_start_including is not self.RANGE_UNSET - and parsed_version >= parse_version(version_start_including) - ): - passes_start = True - - if ( - version_start_excluding is not self.RANGE_UNSET - and parsed_version > parse_version(version_start_excluding) - ): + if parsed_version == "UNKNOWN": passes_start = True + else: + if ( + version_start_including is not self.RANGE_UNSET + and parsed_version >= parse_version(version_start_including) + ): + passes_start = True + if ( + version_start_excluding is not self.RANGE_UNSET + and parsed_version > parse_version(version_start_excluding) + ): + passes_start = True - if ( - version_start_including is self.RANGE_UNSET - and version_start_excluding is self.RANGE_UNSET - ): - # then there is no start range so just say true - passes_start = True + if ( + version_start_including is self.RANGE_UNSET + and version_start_excluding is self.RANGE_UNSET + ): + # then there is no start range so just say true + passes_start = True # check the end range passes_end = False - if ( - version_end_including is not self.RANGE_UNSET - and parsed_version <= parse_version(version_end_including) - ): + if parsed_version == "UNKNOWN": passes_end = True + else: + if ( + version_end_including is not self.RANGE_UNSET + and parsed_version <= parse_version(version_end_including) + ): + passes_end = True - if ( - version_end_excluding is not self.RANGE_UNSET - and parsed_version < parse_version(version_end_excluding) - ): - passes_end = True + if ( + version_end_excluding is not self.RANGE_UNSET + and parsed_version < parse_version(version_end_excluding) + ): + passes_end = True - if ( - version_end_including is self.RANGE_UNSET - and version_end_excluding is self.RANGE_UNSET - ): - # then there is no end range so it passes - passes_end = True + if ( + version_end_including is self.RANGE_UNSET + and version_end_excluding is self.RANGE_UNSET + ): + # then there is no end range so it passes + passes_end = True # if it fits into both ends of the range, add the cve number if passes_start and passes_end: cve_list.append(cve_number) diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py index 58bfd4891f..b5307e70ec 100644 --- a/cve_bin_tool/version_scanner.py +++ b/cve_bin_tool/version_scanner.py @@ -265,6 +265,16 @@ def run_checkers(self, filename: str, lines: str) -> Iterator[ScanInfo]: yield ScanInfo( ProductInfo(vendor, product, version), file_path ) + # else for unknown versions add if identified to package + elif "is" in result["is_or_contains"]: + file_path = "".join(self.file_stack) + self.logger.debug( + f'{file_path} {result["is_or_contains"]} {dummy_checker_name} {version}' + ) + for vendor, product in checker.VENDOR_PRODUCT: + yield ScanInfo( + ProductInfo(vendor, product, version), file_path + ) self.logger.debug(f"Done scanning file: {filename}")