Skip to content

fix: update pcre2 pattern for android (#5441) #5447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jackulau wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: update pcre2 pattern for android (#5441) #5447

jackulau wants to merge 2 commits into from

Conversation

@jackulau
Copy link

@jackulau jackulau commented Dec 10, 2025

Add pattern to detect libpcre2 version in Android libraries where the version string format differs from standard Linux binaries.

  • Add FILENAME_PATTERNS to match pcre2 library files
  • Add VERSION_PATTERNS for Android format where version+date appears between DEFINE and BSR_ANYCRLF strings
  • Add test cases for Android libpcre2 format

Summary

Addresses #5441 - Android libpcre2 library not detected by CVE-bin-tool.

  • Added FILENAME_PATTERNS to match pcre2 library files
  • Added new VERSION_PATTERNS to detect version in Android binaries
  • Added test cases for Android libpcre2 format

Details

The existing pattern required BSR_UNICODE) to be immediately followed by the version number, which is not the case in Android binaries. In Android's libpcre2.so, the version string (e.g., 10.33 2019-04-16) appears standalone between other PCRE2 option strings.

New patterns added:

r"DEFINE\r?\n([0-9]+\.[0-9]+) [0-9]{4}-[0-9]{2}-[0-9]{2}"
r"([0-9]+\.[0-9]+) [0-9]{4}-[0-9]{2}-[0-9]{2}\r?\nBSR_ANYCRLF"

These match the PCRE2 version+date format (MAJOR.MINOR YYYY-MM-DD) using adjacent PCRE2-specific strings as anchors.

Test plan

  • Run pytest -k pcre2 to validate test cases
  • Verified against actual Android libpcre2.so binary

@EternalDreamer01 EternalDreamer01 mentioned this pull request Dec 11, 2025
Open
@jackulau
fix: update pcre2 pattern for android (ossf#5441)
53d5549 
Add pattern to detect libpcre2 version in Android libraries where the
version string format differs from standard Linux binaries.

- Add FILENAME_PATTERNS to match pcre2 library files
- Add VERSION_PATTERNS for Android format with version+date and
  "this version of PCRE2" error message as anchor
- Add test case for Android libpcre2 format

Signed-off-by: Jack <[email protected]>
@jackulau
fix: update pcre2 pattern for android
da69ef9 
Add support for detecting pcre2 versions in Android binaries which use
null byte separators instead of newlines. Each Android API version has
different string layouts requiring separate patterns.

Tested on Android APIs 28, 29, 30, and 34.

Signed-off-by: Jack <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jackulau