fix: improve curl checker pattern (#5048)

ffontaine · web-flow · commit 07495da66196 · 2025-04-24T11:49:18.000-07:00
Drop "/" from curl pattern to avoid wrongly detecting curl inside some
proprietary binaries which hardcodes "curl/7.66.0" as their User-Agent.

Signed-off-by: Fabrice Fontaine &lt;fabrice.fontaine@orange.com&gt;
diff --git a/cve_bin_tool/checkers/curl.py b/cve_bin_tool/checkers/curl.py
@@ -30,5 +30,5 @@ class CurlChecker(Checker):
     FILENAME_PATTERNS = [
         r"curl",
     ]
-    VERSION_PATTERNS = [r"\r?\ncurl[ -/]([678]+\.[0-9]+\.[0-9]+)"]
+    VERSION_PATTERNS = [r"\r?\ncurl[ -]([678]+\.[0-9]+\.[0-9]+)"]
     VENDOR_PRODUCT = [("haxx", "curl")]
diff --git a/test/test_data/curl.py b/test/test_data/curl.py
@@ -4,7 +4,6 @@
 mapping_test_data = [
     {"product": "curl", "version": "7.34.0", "version_strings": ["curl 7.34.0"]},
     {"product": "curl", "version": "7.34.0", "version_strings": ["curl-7.34.0"]},
-    {"product": "curl", "version": "7.34.0", "version_strings": ["curl/7.34.0"]},
 ]
 package_test_data = [
     {

Original file line number	Diff line number	Diff line change
`@@ -30,5 +30,5 @@ class CurlChecker(Checker):`
`30`	`30`	`FILENAME_PATTERNS = [`
`31`	`31`	`r"curl",`
`32`	`32`	`]`
`33`		`- VERSION_PATTERNS = [r"\r?\ncurl[ -/]([678]+\.[0-9]+\.[0-9]+)"]`
	`33`	`+ VERSION_PATTERNS = [r"\r?\ncurl[ -]([678]+\.[0-9]+\.[0-9]+)"]`
`34`	`34`	`VENDOR_PRODUCT = [("haxx", "curl")]`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@`
`4`	`4`	`mapping_test_data = [`
`5`	`5`	`{"product": "curl", "version": "7.34.0", "version_strings": ["curl 7.34.0"]},`
`6`	`6`	`{"product": "curl", "version": "7.34.0", "version_strings": ["curl-7.34.0"]},`
`7`		`- {"product": "curl", "version": "7.34.0", "version_strings": ["curl/7.34.0"]},`
`8`	`7`	`]`
`9`	`8`	`package_test_data = [`
`10`	`9`	`{`