fix: update libuv checker (#4999)

ffontaine · web-flow · commit d93bc2d614e6 · 2025-04-04T16:45:49.000+02:00
Update libuv pattern to detect version in alpine package

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/libuv.py b/cve_bin_tool/checkers/libuv.py
@@ -18,7 +18,7 @@ class LibuvChecker(Checker):
     CONTAINS_PATTERNS: list[str] = []
     FILENAME_PATTERNS: list[str] = []
     VERSION_PATTERNS = [
-        r"(?:\n|lib)uv[a-z-_\r\n]*([0-9]+\.[0-9]+\.[0-9]+)",
-        r"([0-9]+\.[0-9]+\.[0-9]+)[a-zA-Z/_%: \-\r\n]*\r?\nUV",
+        r"(?:\n|lib|/)uv[0-9a-z_= \-\.\r\n]*\r?\n([0-9]+\.[0-9]+\.[0-9]+)\r?\n",
+        r"\r?\n([0-9]+\.[0-9]+\.[0-9]+)\r?\n[0-9a-zA-Z/_%:* \.\-\t\r\n]*(?:\nUV|libuv)",
     ]
     VENDOR_PRODUCT = [("libuv_project", "libuv"), ("libuv", "libuv")]
diff --git a/test/condensed-downloads/libuv-1.48.0-r0.apk.tar.gz b/test/condensed-downloads/libuv-1.48.0-r0.apk.tar.gz
diff --git a/test/test_data/libuv.py b/test/test_data/libuv.py
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 mapping_test_data = [
-    {"product": "libuv", "version": "1.24.1", "version_strings": ["libuv-v1.24.1"]}
+    {"product": "libuv", "version": "1.24.1", "version_strings": ["libuv\n1.24.1"]}
 ]
 package_test_data = [
     {
@@ -23,4 +23,10 @@
         "product": "libuv",
         "version": "1.40.0",
     },
+    {
+        "url": "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/",
+        "package_name": "libuv-1.48.0-r0.apk",
+        "product": "libuv",
+        "version": "1.48.0",
+    },
 ]
diff --git a/test/test_data/node.py b/test/test_data/node.py
@@ -21,6 +21,7 @@
         "package_name": "nodejs_0.10.29~dfsg-2_amd64.deb",
         "product": "node.js",
         "version": "0.10.29",
+        "other_products": ["libuv"],
     },
     {
         "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`# SPDX-License-Identifier: GPL-3.0-or-later`
`3`	`3`
`4`	`4`	`mapping_test_data = [`
`5`		`- {"product": "libuv", "version": "1.24.1", "version_strings": ["libuv-v1.24.1"]}`
	`5`	`+ {"product": "libuv", "version": "1.24.1", "version_strings": ["libuv\n1.24.1"]}`
`6`	`6`	`]`
`7`	`7`	`package_test_data = [`
`8`	`8`	`{`
`@@ -23,4 +23,10 @@`
`23`	`23`	`"product": "libuv",`
`24`	`24`	`"version": "1.40.0",`
`25`	`25`	`},`
	`26`	`+ {`
	`27`	`+ "url": "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/",`
	`28`	`+ "package_name": "libuv-1.48.0-r0.apk",`
	`29`	`+ "product": "libuv",`
	`30`	`+ "version": "1.48.0",`
	`31`	`+ },`
`26`	`32`	`]`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`"package_name": "nodejs_0.10.29~dfsg-2_amd64.deb",`
`22`	`22`	`"product": "node.js",`
`23`	`23`	`"version": "0.10.29",`
	`24`	`+ "other_products": ["libuv"],`
`24`	`25`	`},`
`25`	`26`	`{`
`26`	`27`	`"url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",`