New features from our GSoC 2022 participants:
- @yashugarg added a large number of tests and work on fuzzing our interfaces
- @rhythmrx9 aded new data sources (we now support advisories from Gitlab, OSV and Redhat as well as NVD)
- @XDRAGON2002 for the new parsers that allow us to scan things like Ruby Gemfiles, Rust cargo files, and more.
Other interesting features in this release:
- @ffontaine has added a large number of new checkers, pushing us well over 200 binary checkers.
- @anthonyharrison has added initial support for NVD API 2.0. Note that at the time this was added the 2.0 version didn't work with their API keys, so the code behaves accordingly.
Thanks also to @BreadGenie for code review and mentoring support as well as a number of contributions listed below. A special shout out to @b31ngd3v and @metabiswadeep whose first contributions are in this release but they've been the first of many, as well as the many other folk who got their first commits in via Hacktoberfest or GSoC or goodfirstissue.dev or however you found us. Thanks to everyone for being part of this release!
Full change list
- fix: check return on re.search by @wyattearp in #1643
- chore: update pre-commit config by @github-actions in #1629
- refactor: add type hints in cvedb.py by @rhythmrx9 in #1603
- feat: add detailed flag (#781) by @XDRAGON2002 in #1588
- refactor: added type hints to csv2cve by @gaurav879 in #1636
- fix: broken quiet mode in main branch (#1587) by @b31ngd3v in #1648
- fix: improve excel macro filter (#1644) by @b31ngd3v in #1647
- fix: Improved debug output (fixes #1653) by @anthonyharrison in #1654
- chore: update pre-commit config by @github-actions in #1652
- fix: add debug statement if checkers didn't load (#1440) by @b31ngd3v in #1650
- docs: update checkers/README.md by @b31ngd3v in #1651
- test: Add Atheris fuzzing setup for cve-bin-tool by @terriko in #1661
- feat(checker): added jackson-databind checker (#1387) by @b31ngd3v in #1663
- fix: mismatch between cvedb.cve_count and nvd_api.total_results (#1669) by @b31ngd3v in #1670
- test:Updated libvncserver test by @gaurav879 in #1664
- feat: flag exploited cves (#1454) by @XDRAGON2002 in #1520
- test: add test for CLI output dependant on reportlab existence by @onyxcherry in #1641
- fix: add urllib3 explicitly to avoid CVEs by @terriko in #1628
- feat: add new checker pr template (#1268) by @b31ngd3v in #1671
- fix: broken test_console_output_depending_reportlab_existence (#1675) by @b31ngd3v in #1676
- refactor: helper script
filename
(#1351) by @b31ngd3v in #1672 - feat(checker): add Apache commons-compress checker (#1040) by @b31ngd3v in #1666
- refactor: add link to helper docs when alternate contains patterns by @snosratiershad in #1674
- fix: licence in setup.py (#1673) by @b31ngd3v in #1677
- feat: improve usability when --input_file is missing (#1649) by @b31ngd3v in #1668
- feat(checker): add rust checker by @b31ngd3v in #1679
- feat: console output to a file by @rhythmrx9 in #1632
- chore(deps): bump html5lib from 0.99 to 0.99999999 (#1686) by @b31ngd3v in #1687
- chore: update pre-commit config by @github-actions in #1680
- docs: multiline pattern issue in windows vs linux (#1678) by @b31ngd3v in #1685
- feat: add radare2 contains patterns by @snosratiershad in #1693
- fix: logger.warn() warning & test_output_vex test (#1691) by @M-Faheem-Khan in #1692
- fix: rpm extractor for windows by @b31ngd3v in #1696
- feat: add parser class(#1699) by @XDRAGON2002 in #1700
- feat: add multiline string finder in helper script by @b31ngd3v in #1690
- refactor(extractor): Prioritize 7z while extracting pkg files in windows by @yashugarg in #1689
- feat: Add options to import and export database (fixes #1655) by @anthonyharrison in #1656
- test(extractor): added tests for zst and pkg package extractors by @yashugarg in #1683
- docs: fix remote repo url by @b31ngd3v in #1715
- feat: Add mapping of vulnerable libraries to components (Fixed #1657) by @anthonyharrison in #1658
- docs: add checker instructions into Read the Docs build (#1703) by @b31ngd3v in #1716
- feat(checkers): Add polarssl fedora contains patterns by @snosratiershad in #1695
- refactor: use pathlib.Path instead of os.path by @b31ngd3v in #1714
- ci: bump
setup-python
version by @Molkree in #1711 - feat: add affected-versions to all formats (#1342) by @XDRAGON2002 in #1667
- test: added unit tests for format_checkers script by @yashugarg in #1709
- ci: use Dependabot to bump GitHub Actions by @Molkree in #1712
- chore(deps): bump peter-evans/create-pull-request from 3 to 4 by @dependabot in #1726
- chore(deps): bump actions/cache from 2 to 3 by @dependabot in #1727
- feat(checker): luajit checker by @ffontaine in #1705
- docs: fix file extension in package list scanning by @b31ngd3v in #1733
- fix(output_pdf): broken tests and mapping of libraries to components by @b31ngd3v in #1734
- refactor: cvedb structure and datasources by @rhythmrx9 in #1706
- test: unit tests for csv2cve.py by @yashugarg in #1737
- refactor(format_checkers): use pathlib instead of os.path (#1725) by @b31ngd3v in #1731
- refactor: switch to pathlib.Path in cvedb.py by @rhythmrx9 in #1751
- chore(deps): bump codecov/codecov-action from 2 to 3 by @dependabot in #1728
- test: Add triage to requirements test to address aiohttp disputed cve by @terriko in #1746
- test: unit tests for version.py by @yashugarg in #1739
- chore: update pre-commit config by @github-actions in #1732
- fix : Updated spdx_header.txt by @iamnandhu in #1762
- fix: update database before merging by @b31ngd3v in #1765
- chore(deps): bump actions/checkout from 2 to 3 by @dependabot in #1729
- fix: fix is_file call in test_scanner.py by @ffontaine in #1761
- ci: update year in spdx header automatically (#1753) by @b31ngd3v in #1763
- test(language_scanner): use scan_file() & add tests for python packages by @yashugarg in #1758
- feat: provide multiple output formats for a single scan (#1724) by @b31ngd3v in #1740
- fix: delete unnecessary file by @b31ngd3v in #1767
- fix: add luajit to documentation by @ffontaine in #1768
- refactor: refactor javascript parser (#1721) by @XDRAGON2002 in #1722
- test(scanner): unittest to cover make_condensed_from_download() by @yashugarg in #1770
- test(extractor): use all possible libraries to extract a file by @yashugarg in #1720
- refactor: refactor java parser (#1771) by @XDRAGON2002 in #1772
- chore(deps): bump github/codeql-action from 1 to 2 by @dependabot in #1730
- chore(deps): bump html5lib version for dependabot by @terriko in #1780
- fix(TestExtractFilePkg): avoid downloading files in tests by @b31ngd3v in #1784
- test: fix test_extract_file_cab_no_cabextract for windows by @yashugarg in #1788
- test: add intermediate report in output_html test by @yashugarg in #1778
- ci: add scan.coverity.com workflow by @terriko in #1789
- fix: doc build error by @b31ngd3v in #1796
- test(csv2cve): 5 new cves in haxx.curl by @terriko in #1791
- ci: set coverity build command to --no-command by @terriko in #1800
- refactor(test): remove ALLOWED_PACKAGES constant by @BreadGenie in #1782
- ci: raise timeout and change first cli call by @terriko in #1799
- ci: use coverity filesystem search by @terriko in #1805
- fix: fixed systemd checker version pattern by @yashugarg in #1801
- feat: add rust support (#1723) by @XDRAGON2002 in #1743
- refactor: refactor python parser (#1773) by @XDRAGON2002 in #1775
- ci: run cve check on main only by @terriko in #1804
- fix: avoid downloading files in tests (#1785) by @b31ngd3v in #1794
- fix: add MSB executables for is_executable by @ffontaine in #1776
- ci: reduce timeouts back to normal by @terriko in #1813
- chore: fix formatting by @XDRAGON2002 in #1814
- chore: fix black issues by @terriko in #1812
- fix(ci): use json method to get data from NVD by @b31ngd3v in #1816
- fix(ci): set LONG_TESTS=1 before running long tests by @b31ngd3v in #1809
- ci: fix longtests hanging problem by @b31ngd3v in #1819
- fix: doc build error by @b31ngd3v in #1825
- ci: update cached database by @b31ngd3v in #1823
- fix: add contribution from @h3athen fixing redundant conditions by @terriko in #1827
- fix: test/test_requirements.py::test_txt_csv_sync by @b31ngd3v in #1828
- ci: run cve check on all PRs by @b31ngd3v in #1829
- refactor: remove jQuery from HTML reports by @BreadGenie in #1824
- chore: Updated requirements.txt by @gaurav879 in #1665
- chore(deps): bump check-spelling/check-spelling from 0.0.19 to 0.0.20 by @dependabot in #1820
- fix: replace
data-*
attributes withdata-bs-*
attributes by @BreadGenie in #1837 - chore(deps): move pytest and py to dev-requirements.txt by @BreadGenie in #1835
- feat(data_source): OSV by @rhythmrx9 in #1750
- fix: update requirements by @b31ngd3v in #1841
- ci: added windows long tests by @yashugarg in #1822
- fix: OSV ClientConnectorError by @rhythmrx9 in #1844
- chore(deps): remove jQuery file by @BreadGenie in #1847
- refactor(html-test): remove plotly and bootstrap scripts and CSS by @BreadGenie in #1849
- feat: create parse api (#1810) by @XDRAGON2002 in #1826
- bug: Support for Application component type in CycloneDX SBOM (Fixes #1852) by @anthonyharrison in #1858
- feat: add r parser (#1853) by @XDRAGON2002 in #1854
- docs: Add Python Community Code of Conduct info by @terriko in #1843
- test: add tests for OSV data_source by @rhythmrx9 in #1846
- feat: highlight new/unexplored CVES on main page (HTML report) by @b31ngd3v in #1833
- feat: add time and date information with CVE by @rhythmrx9 in #1860
- feat: improve CVE overview (HTML report) by @b31ngd3v in #1831
- fix: OSV tests failing by @rhythmrx9 in #1867
- fix: quality issues reported by LGTM by @rhythmrx9 in #1868
- chore: change unable to fetch osv warning to error by @rhythmrx9 in #1869
- feat: filters for component view (HTML report) by @b31ngd3v in #1840
- fix: OSV test failing due to update in CVE by @rhythmrx9 in #1877
- test: Disable tests causing random py3.7 failures by @terriko in #1880
- feat: experimental tuple fuzzing setup by @yashugarg in #1873
- feat: fuzzing json inputs for report merging by @yashugarg in #1888
- refactor: improve language parsers (#1883) by @XDRAGON2002 in #1884
- docs: Add atheris protobuf setup to readme by @terriko in #1896
- ci(longtest): fix test_update_flags - SystemExit: 25 by @b31ngd3v in #1889
- feat: fixed MergeReports fuzzer. by @yashugarg in #1898
- Fix: Disable failing tests in Python 3.7 by @metabiswadeep in #1900
- ci(spelling): Pull in permissions from check-spelling/spell-check-this by @jsoref in #1901
- refactor: restructure fuzzer by @yashugarg in #1906
- fix: Date of last database update is incorrect (Fixes #1887) by @anthonyharrison in #1904
- fix: improve behaviour when -u never and -n json are both specified by @b31ngd3v in #1907
- feat: improve behaviour for -i when specified file is binary by @b31ngd3v in #1885
- fix: database schema not checked if no update flag set by @rhythmrx9 in #1875
- fix: Schemas not found (Fixes #1886) by @anthonyharrison in #1905
- feat(checker): add apache http support by @gotlougit in #1589
- chore: update checkers table by @github-actions in #1913
- fix: Decode error during file scan in version_scanner.py (#1742) by @M-Faheem-Khan in #1897
- chore: fix spelling file end of line by @terriko in #1916
- fix: fix filename and root display by @ffontaine in #1910
- chore(deps): bump Bootstrap CSS to v5.2.0 by @BreadGenie in #1893
- fix: Removed server from list of allowed words list by @metabiswadeep in #1919
- fix: fix timestamp crashes in merge report fuzzer by @yashugarg in #1921
- feat: added CycloneDX protobuf schema for fuzzing by @yashugarg in #1924
- feat: fuzz testing package list parser by @yashugarg in #1923
- fix: fix ipk extraction by @ffontaine in #1920
- fix: slow incremental updates for OSV by @rhythmrx9 in #1933
- feat: add go parser (#1881) by @XDRAGON2002 in #1882
- feat(data_source): gitlab advisory database by @rhythmrx9 in #1903
- fix(format_checkers.py): add newline at the end of file by @b31ngd3v in #1918
- feat(checker): add libupnp checker by @ffontaine in #1935
- fix(strings): Handle Unicode decoding errors instead of crashing by @netromdk in #1922
- docs: add documentation for parsers (#1937) by @XDRAGON2002 in #1938
- fix: OSV skipping due to BadZipFile error by @rhythmrx9 in #1931
- chore: update checkers table by @github-actions in #1941
- fix: typo in gad_source.py by @rhythmrx9 in #1944
- chore: update pre-commit config by @github-actions in #1851
- fix: fix zlib CPE ID by @ffontaine in #1946
- fix: fix cups CPE ID by @ffontaine in #1947
- feat(helper_script): take an executable file as an input by @ffontaine in #1943
- fix: windows long tests failing by @rhythmrx9 in #1951
- feat(checker): add dhcpcd checker by @ffontaine in #1954
- chore: update checkers table by @github-actions in #1955
- ci: autoupdate JS libraries by @Molkree in #1410
- feat(checker): add miniupnpd checker by @ffontaine in #1953
- chore: update checkers table by @github-actions in #1959
- feat: improve support for python (#1645) by @XDRAGON2002 in #1928
- feat(format_checkers.py): exclude dictionary words from allow.txt by @b31ngd3v in #1960
- fix: javascript keyerror by @Ashish13s in #1958
- feat: add ruby language parser (#1939) by @XDRAGON2002 in #1940
- ci: ubuntu long tests aren't running when tried manually by @b31ngd3v in #1936
- refactor: Add more type annotations by @JakeRoggenbuck in #1704
- ci: disable failing update test on windows by @terriko in #1963
- ci: disable py3.7 tests causing sporadic failures by @terriko in #1962
- Only run update-cache if you are the main repository by @warthog9 in #1964
- ci: disable intermittently failing windows tests by @terriko in #1969
- feat(checker): add collectd checker by @ffontaine in #1972
- feat(checker): add libssh checker by @ffontaine in #1973
- chore: update checkers table by @github-actions in #1976
- feat(checker): add apcupsd checker by @ffontaine in #1975
- refactor: extract
parse_strings
method tostrings.py
by @miles170 in #1970 - chore: update checkers table by @github-actions in #1987
- feat(checker): add libsamplerate checker by @ffontaine in #1974
- refactor: cleanup go parser constructor by @miles170 in #1971
- chore: update checkers table by @github-actions in #1998
- feat(checker): add fastd checker by @ffontaine in #2003
- feat(checker): add haserl checker by @ffontaine in #2004
- refactor(print_mode.py): use pathlib.Path instead of os.path by @b31ngd3v in #2005
- refactor(html.py): use pathlib.Path instead of os.path by @b31ngd3v in #2006
- chore: update checkers table by @github-actions in #2030
- feat(checker): add keepalived checker by @ffontaine in #2007
- refactor(input_engine.py): use pathlib.Path instead of os.path by @b31ngd3v in #2008
- chore: update checkers table by @github-actions in #2031
- refactor(helper_script.py): use pathlib.Path instead of os.path by @b31ngd3v in #2009
- refactor(cve_scanner.py): use pathlib.Path instead of os.path by @b31ngd3v in #2010
- feat(checker): add iucode-tool checker by @ffontaine in #2012
- refactor(config.py): use pathlib.Path instead of os.path by @b31ngd3v in #2011
- feat: add swift language parser (#1999) by @XDRAGON2002 in #2018
- chore: add attribution for data sources (#1952) by @XDRAGON2002 in #2014
- refactor: replace os.path to pathlib (#1981) by @XDRAGON2002 in #2016
- refactor: use pathlib in output_engine/init.py by @miles170 in #2021
- chore: update checkers table by @github-actions in #2036
- feat(checker): add i2pd checker by @ffontaine in #2025
- refactor: use pathlib in cli.py by @miles170 in #2023
- refactor: use pathlib in version_scanner.py (fixes #1982) by @metabiswadeep in #2026
- refactor: use pathlib in util.py by @miles170 in #2024
- feat(checker): add libvorbis checker by @ffontaine in #2027
- feat(checker): add lldpd checker by @ffontaine in #2028
- feat(checker): add minicom checker by @ffontaine in #2032
- feat(checker): add motion checker by @ffontaine in #2033
- refactor: add pathlib support to merge.py & available_fix by @Architrixs in #2015
- chore: update checkers table by @github-actions in #2040
- refactor: use pathlib in version_scanner.py by @miles170 in #2022
- fix: Add word "tool" to exclude list in format_checkers.py by @JoaoDanielRufino in #2039
- feat(checker): add tinyproxy checker by @ffontaine in #2034
- chore: update checkers table by @github-actions in #2041
- feat(checker): add privoxy checker by @ffontaine in #2043
- fix: fix dnsmasq checker by @ffontaine in #2042
- feat(checker): Add patch checker by @ffontaine in #2044
- ci: disable test_version_in_package_make_download temporarily by @terriko in #2055
- chore: update checkers table by @github-actions in #2057
- ci: temporarily disable tests failing on windows by @terriko in #2064
- ci: temp disable libsrtp and p7zip tests on windows by @terriko in #2065
- feat(checker): add mutt checker by @ffontaine in #2045
- refactor: update to pathlib in package_list_parser.py by @donheshanthaka in #2020
- refactor: Use pathlib instead of os.path in output_engine/print_mode.py by @pogzyb in #2017
- chore: update checkers table by @github-actions in #2070
- feat(checker): add acpid checker by @ffontaine in #2046
- feat(checker): add davfs2 checker by @ffontaine in #2047
- feat(checker): add gpsd checker by @ffontaine in #2049
- feat(checker): add lftp checker by @ffontaine in #2050
- feat(checker): add squid checker by @ffontaine in #2051
- feat(checker): add assimp checker by @ffontaine in #2052
- feat(checker): add asterisk checker by @ffontaine in #2053
- refactor: use pathlib in sbom_manager/init.py by @gulyapulya in #2013
- chore: update checkers table by @github-actions in #2071
- chore: update checkers table by @github-actions in #2072
- feat(checker): add file checker by @ffontaine in #2048
- chore: update checkers table by @github-actions in #2103
- feat(checker): add bird checker by @ffontaine in #2073
- feat(checker): add clamav checker by @ffontaine in #2075
- feat(checker): add atftp checker by @ffontaine in #2077
- feat(checker): add exiv2 checker by @ffontaine in #2079
- feat(checker): add exim checker by @ffontaine in #2082
- feat(checker): add chess checker by @ffontaine in #2083
- feat(checker): add gvfs checker by @ffontaine in #2084
- feat(checker): improve rsyslog checker pattern by @BreadGenie in #2095
- docs: add documentation for parsers by @XDRAGON2002 in #2092
- feat(checker): add seahorse checker by @BreadGenie in #2091
- feat(checker): add wget checker by @BreadGenie in #2086
- docs: Add instructions on finding binaries to checker docs by @terriko in #2104
- feat(checker): add ppp checker by @ffontaine in #2085
- chore: update checkers table by @github-actions in #2105
- feat(checker): add darkhttpd checker by @ffontaine in #2076
- feat(checker): add connman checker by @ffontaine in #2078
- feat(checker): add domoticz checker by @ffontaine in #2081
- feat(checker): add mosquitto checker by @ffontaine in #2087
- feat(checker): add libtomcrypt checker by @ffontaine in #2088
- feat(checker): add stunnel checker by @ffontaine in #2089
- feat(checker): add suricata checker by @ffontaine in #2090
- feat: improve openssl checker pattern by @BreadGenie in #2107
- feat(checker): add libinput checker by @ffontaine in #2096
- feat(checker): add timescaledb checker by @ffontaine in #2097
- feat(checker): add pure-ftpd checker by @ffontaine in #2098
- fix: improve mariadb checker patterns by @ffontaine in #2100
- feat(checker): add unbound checker by @ffontaine in #2101
- fix: improve ffmpeg checker patterns by @ffontaine in #2102
- fix: improve haproxy checker patterns by @ffontaine in #2106
- fix: improve openldap checker patterns by @ffontaine in #2108
- chore: update checkers table by @github-actions in #2110
- fix: fixed pyright issues on format_checkers.py and helper_script.py by @Shacklebolt13 in #2074
- chore: update checkers table by @github-actions in #2112
- refactor: fixed pyright errors in version_signature.py by @Shacklebolt13 in #2080
- refactor: fixed pyright errors on package_list_parser.py by @Shacklebolt13 in #2094
- feat(data_source): RedHat Security Database by @rhythmrx9 in #1949
- feat(checker): add sylpheed checker by @ffontaine in #2099
- fix: improve tcpdump checker patterns by @ffontaine in #2111
- chore: update checkers table by @github-actions in #2114
- chore: update checkers table by @github-actions in #2121
- fix: add "pure" to exclude list in format_checkers.py and remove from allow.txt by @techsnap in #2119
- feat(checker): add nbd checker by @ffontaine in #2093
- feat(checker): add profftpd checker by @ffontaine in #2125
- refactor mypy type issues in init.py by @batunpc in #2122
- chore: update checkers table by @github-actions in #2126
- fix: improve syslog-ng checker patterns by @ffontaine in #2136
- fix: improve ppp checker patterns by @ffontaine in #2137
- feat: add mypy.ini file to deal with missing imports by @terriko in #2128
- fix: fix strings call by @ffontaine in #2135
- feat(checker): add chrony checker by @ffontaine in #2138
- chore: update checkers table by @github-actions in #2141
- fix: ensure all pacman packages are accounted for by @Foxboron in #2164
- refactor: resolve mypy errors in test_version.py by @saminarp in #2123
- refactor: resolve mypy errors in test_extractor.py by @saminarp in #2124
- feat(checker): add c-ares checker by @ffontaine in #2142
- fix: change python strings to return only strings of length 3+ by @zhaobenny in #2144
- fix: improve curl checker patterns by @ffontaine in #2145
- feat(checker): add glib checker by @ffontaine in #2147
- fix: improve bind checker patterns by @ffontaine in #2148
- chore: update checkers table by @github-actions in #2170
- refactor: resolve mypy type errors in util.py by @Malay-dev in #2134
- feat(checker): add libpcap checker by @ffontaine in #2151
- fix: improve avahi checker patterns by @ffontaine in #2152
- feat(checker): add libgit2 checker by @ffontaine in #2153
- feat(checker): add json-c checker by @ffontaine in #2149
- feat(checker): add vsftpd checker by @ffontaine in #2154
- feat(checker): add thttpd checker by @ffontaine in #2155
- feat(checker): add upx checker by @ffontaine in #2156
- feat(checker): add xscreensaver checker by @ffontaine in #2157
- feat(checker): add unixodbc checker by @ffontaine in #2158
- feat(checker): add bison checker by @ffontaine in #2160
- refactor: test_language_scanner by @Rexbeast2 in #2159
- feat(checker): add iptables checker by @ffontaine in #2143
- feat(checker): add graphicsmagick checker by @ffontaine in #2161
- feat(checker): add librsync checker by @ffontaine in #2163
- feat(checker): add rsync checker by @ffontaine in #2165
- feat(checker): add tor checker by @ffontaine in #2166
- feat(checker): add netatalk checker by @ffontaine in #2167
- feat(docs): added that the tool only matches strings of length 3+ by @Logan-kwan in #2182
- refactor: Remove redundant pattern in checkers/openssl.py by @am-3 in #2169
- refactor: extractor is now inherited in test_extractor.py by @devils2ndself in #2171
- fix: fix dirname/filename typo in util.py by @terriko in #2189
- feat(checker): add lynx checker by @ffontaine in #2172
- feat(checker): add spice checker by @ffontaine in #2173
- feat(checker): add thrift checker by @ffontaine in #2174
- feat(checker): add mpv checker by @ffontaine in #2175
- feat(checker): add grub2 checker by @ffontaine in #2176
- feat(checker): add mailx checker by @ffontaine in #2177
- feat(checker): add quagga checker by @ffontaine in #2178
- feat(checker): add asn1c checker by @ffontaine in #2179
- feat(checker): add sofia-sip checker by @ffontaine in #2184
- feat(checker): add util-linux checker by @ffontaine in #2185
- feat(checker): add janus checker by @ffontaine in #2186
- feat(checker): add pango checker by @ffontaine in #2187
- refactor: add type-hints for test/test_scanner.py by @felixbd in #2132
- feat(checker): add cvs checker by @ffontaine in #2180
- chore: update checkers table by @github-actions in #2181
- feat(checker): add nettle checker by @ffontaine in #2150
- refactor: fix mypy errors in cve_bin_tool/extractor.py by @submicron13 in #2192
- feat(checker): add putty checker by @ffontaine in #2193
- feat: Extra component type support in CycloneDX SBOM (Fixes #2216) by @anthonyharrison in #2217
- feat(checker): add shadowsocks-libev checker by @ffontaine in #2194
- feat(checker): add ntpsec checker by @ffontaine in #2195
- feat(checker): add nghttp2 checker by @ffontaine in #2196
- feat(checker): add znc checker by @ffontaine in #2197
- feat(checker): add jhead checker by @ffontaine in #2198
- feat(checker): add rdesktop checker by @ffontaine in #2199
- feat(checker): add elfutils checker by @ffontaine in #2200
- feat(checker): add rtl_433 checker by @ffontaine in #2202
- feat(checker): add squashfs checker by @ffontaine in #2203
- feat(checker): add transmission checker by @ffontaine in #2205
- docs: warn users that nvd may block them if they are not using an api_key by @ayushthe1 in #2226
- feat: Add support for Java product versions defined in properties (Fixes #1707) by @anthonyharrison in #2215
- feat(checker): add nmap checker by @ffontaine in #2206
- feat(checker): add procps-ng checker by @ffontaine in #2208
- chore: update checkers table by @github-actions in #2233
- docs(manual): various fixes by @Molkree in #2252
- feat(checker): add minidlna checker by @ffontaine in #2207
- feat(checker): add jack2 checker by @ffontaine in #2209
- Avoid 'ValueError: list.remove(x): x not in list' while reading OSV by @raboof in #2221
- feat: SBOM management (Fixes #1646) by @anthonyharrison in #1912
- feat(checker): add opencv checker by @ffontaine in #2210
- feat(checker): add libconfuse checker by @ffontaine in #2211
- feat(checker): add neon checker by @ffontaine in #2212
- fix: improve json-c checker patterns by @ffontaine in #2213
- feat(checker): add perl checker by @ffontaine in #2219
- fix: improve bzip2 checker patterns by @ffontaine in #2220
- fix: improve gnutls checker patterns by @ffontaine in #2223
- feat(checker): add iperf3 checker by @ffontaine in #2224
- fix: improve dbus checker patterns by @ffontaine in #2225
- fix: add more libraries to mypy types missing list by @terriko in #2232
- chore: update checkers table by @github-actions in #2253
- fix: Incremental database update is not default (Fixes #2229) by @anthonyharrison in #2247
- feat(checker): add gdb checker by @ffontaine in #2250
- fix: improve ppp checker patterns by @ffontaine in #2251
- feat(checker): add wolfssl checker by @ffontaine in #2257
- feat(checker): add snort checker by @ffontaine in #2258
- feat(checker): add zeek checker by @ffontaine in #2259
- feat(checker): add bro checker by @ffontaine in #2260
- feat(checker): add tpm2-tss checker by @ffontaine in #2263
- feat(checker): add boinc checker by @ffontaine in #2264
- chore: fix mypy errors in checkers/jhead.py by @kishan3 in #2265
- fix: Minor issues with code base (Fixes #2276) by @anthonyharrison in #2277
- chore: update checkers table by @github-actions in #2274
- fix: NVD access fails if no NVD API key specified or found (Fixes #1857) by @anthonyharrison in #2262
- feat(checker): add e2fsprogs checker by @ffontaine in #2248
- fix: improve sqlite checker patterns by @ffontaine in #2218
- fix: improve ntp checker patterns by @ffontaine in #2204
- fix: improve glib checker patterns by @ffontaine in #2214
- chore: fix mypy errors in package_list_parser.py by @pratul20 in #2243
- chore: fix mypy errors in async_utils.py by @pratul20 in #2246
- refactor: fix mypy errors in version_signature.py by @PhilippFr in #2249
- chore: fix mypy errors in data_sources/* by @kishan3 in #2256
- chore: update checkers table by @github-actions in #2278
- fix: better handling of 3rd party libs for
mypy
by @Molkree in #2279 - feat: output list of language parsers (Fixes #1891) by @anthonyharrison in #2228
- chore: fix mypy errors in cvedb.py by @pratul20 in #2242
- feat(checker): add libjpeg checker by @ffontaine in #2245
- refactor: fix mypy errors in checkers q-t by @Molkree in #2285
- refactor: fix mypy errors in checkers m-p by @Molkree in #2286
- refactor: fix mypy errors in checkers i-l by @Molkree in #2287
- refactor: fix mypy issues in format_checkers.py by @aadityasinha-dotcom in #2289
- chore: fix mypy errors in checkers/a*.py by @kishan3 in #2291
- chore: fix mypy errors in checkers/b*.py by @kishan3 in #2292
- chore: fix mypy errors in checkers/c*.py by @kishan3 in #2293
- chore: fix mypy errors in checkers/d*.py by @kishan3 in #2294
- chore: fix mypy errors in checkers/f*.py by @kishan3 in #2295
- chore: fix mypy errors in checkers/g*.py by @kishan3 in #2296
- feat: Add remarks to PDF reports (Fixes #1617) by @anthonyharrison in #2299
- test(html): add playwright html test by @BreadGenie in #1925
- feat(checker): add fribidi checker by @ffontaine in #2298
- docs: add table of contents to test/README.md by @adityaacse in #2305
- refactor: fix mypy errors in checkers/e*.py by @mastdev in #2302
- refactor: NTP checker patterns #2288 by @jazzysoggy in #2311
- feat(checker): add miniupnpc checker by @ffontaine in #2301
- refactor: fix mypy errors in checkers/[uz]*.py by @mastdev in #2303
- chore: fixed mypy issues in checkers/h*.py by @himanshiparnami in #2306
- refactor: fix mypy issues in egg_updater.py by @Mou887 in #2307
- refactor: type hints helper script by @codamuse in #2308
- feat(checker): add git checker by @ffontaine in #2297
- chore: update checkers table by @github-actions in #2310
- fix: Updated number of checkers mentioned in docs by @metabiswadeep in #2318
- fix: TestLanguageScanner failed if no database (Fixes #2290) by @anthonyharrison in #2319
- feat: Added function to update number of checkers in docs by @metabiswadeep in #2322
- fix: escape rich console markup close tags [/] by @codamuse in #2327
- feat: explicit option to load triage file by @raboof in #2321
- feat: Improve output report with multiple data sources (Fixes #2231) by @anthonyharrison in #2324
- fix: improve openssl checkers by @ffontaine in #2328
- feat: Support NVD 2.0 API (Fixes #1872) by @anthonyharrison in #2330
- chore: update pre-commit config by @github-actions in #2019
- fix: pyupgrade fix for output_engine/console.py by @terriko in #2340
- fix: strings -n 3 args passing by @netromdk in #2343
- [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by @terriko in #2346
- docs: improve triage documentation by @raboof in #2335
- fix: improve libjpeg checker patterns by @ffontaine in #2338
- fix: improve curl checker patterns by @ffontaine in #2341
- feat(checker): Added Firefox checker by @metabiswadeep in #2325
- feat: Improve handling of reports with 0 CVES (Fixes #1870) by @anthonyharrison in #2342
- feat(checker): add ipsec-tools checker by @ffontaine in #2348
- refactor(html-test): rename
setup
&teardown
by @BreadGenie in #2347 - ci: use
$GITHUB_OUTPUT
instead ofset-output
by @BreadGenie in #2349 - feat: Data source improvements (Fixes #2332) by @anthonyharrison in #2333
- chore: update checkers table by @github-actions in #2352
- feat(checker): add freerdp checker by @ffontaine in #2350
- fix: NVD API issues (Fixes #2351) by @anthonyharrison in #2355
- feat(checker): add radvd checker by @ffontaine in #2345
- fix: treat rating in VEX triage files as optional by @raboof in #2336
- chore: update checkers table by @github-actions in #2357
- docs: link options in README.md to extended descriptions in MANUAL.md by @b31ngd3v in #2358
- feat(checker): add lz4 checker by @ffontaine in #2361
- ci: skip analyzing things we can't fix in coverity by @terriko in #2359
- chore: update checkers table by @github-actions in #2362
- fix: address potential None in db cursor by @terriko in #2339
- fix: improve libjpeg checker patterns by @ffontaine in #2365
- fix: improve console notes by @ffontaine in #2366
- feat(checker): add gmp checker by @ffontaine in #2370
- feat(checker): add sysstat checker by @ffontaine in #2371
- feat(checker): add libksba checker by @ffontaine in #2372
- chore: update checkers table by @github-actions in #2383
- fix: Set vendor to UNKNOWN if all else fails by @terriko in #2369
- fix: Improve output for Mitigated and Ignored CVEs (Fixes #1752) by @anthonyharrison in #2373
- fix: improve ppp checker patterns (#2214) by @ffontaine in #2385
- refactor: update types syntax in checkers/ by @metabiswadeep in #2388
- refactor: update types in cve_bin_tool/sbom_manager by @metabiswadeep in #2389
- ci: disable quiet_mode test in long tests by @terriko in #2391
- refactor: Update types syntax in available_fix/* by @mjhuff in #2386
- refactor: update types in data_sources by @metabiswadeep in #2387
- feat: Keep a copy of the NVD database (Fixes #1099) by @anthonyharrison in #2222
- fix: remove use of tarfile by @terriko in #2363
- ci: group tests which rely on external connectivity into a separate CI by @b31ngd3v in #2398
- chore(deps): bump check-spelling/check-spelling from 0.0.20 to 0.0.21 by @dependabot in #2405
- fix: Add components to failing language package tests by @terriko in #2407
- fix: improve samba checker patterns by @ffontaine in #2399
- chore: bump version, python_requires by @terriko in #2409
- refactor: Updates typehint to newer sintax by @paimvictor in #2397
- feat: Fail gracefully when someone tries to use python 3.6 by @metabiswadeep in #2410
- chore: align vex output with CycloneDX schema by @raboof in #2337
- ci: requirements do not need to be tested during windows longtests by @terriko in #2412
- feat: Add Red Hat data source (Fixes #2331, #2367) by @anthonyharrison in #2368
- fix: Change extraction exceptions to logged warnings by @terriko in #2408
- fix: remove extraneous exit() calls by @metabiswadeep in #2420
- fix: improve language test output, fix failing tests by @terriko in #2422
- refactor: cosmetic fixes to dev reqs updater by @Molkree in #2415
- feat: change EXTERNAL_SYSTEM() to give a boolean by @b31ngd3v in #2417
- refactor: update types syntax in test by @metabiswadeep in #2394
- refactor: fix "Any" type and mypy errors in data_sources/ by @mjhuff in #2395
- feat: Change LONG_TESTS() to give a boolean by @metabiswadeep in #2411
- fix: CVEs from multiple sources missing (Fixes #2418) by @anthonyharrison in #2421
- fix: remove LegacyVersion by @terriko in #2432
- fix: downgrade packaging temporarily by @terriko in #2436
- fix: only one cve found by test_triage by @terriko in #2439
- fix: Using vex as triage file loses vendor field (Fixes #2320) by @anthonyharrison in #2329
- ci: fix windows date variable for caching by @terriko in #2444
- ci: increase cache timeout on windows by @terriko in #2445
- fix: Correct logging output for python parser by @anthonyharrison in #2449
- feat: Improved duplicate CVE handling (Fixes #2446) by @anthonyharrison in #2450
- ci: remove temporary bootstrap triage by @b31ngd3v in #2443
- fix: Add warning for slow schema updates, bump version to 3.2 by @terriko in #2447
New Contributors
- @wyattearp made their first contribution in #1643
- @gaurav879 made their first contribution in #1636
- @b31ngd3v made their first contribution in #1648
- @onyxcherry made their first contribution in #1641
- @snosratiershad made their first contribution in #1674
- @M-Faheem-Khan made their first contribution in #1692
- @dependabot made their first contribution in #1726
- @ffontaine made their first contribution in #1705
- @iamnandhu made their first contribution in #1762
- @metabiswadeep made their first contribution in #1900
- @jsoref made their first contribution in #1901
- @gotlougit made their first contribution in #1589
- @netromdk made their first contribution in #1922
- @Ashish13s made their first contribution in #1958
- @JakeRoggenbuck made their first contribution in #1704
- @warthog9 made their first contribution in #1964
- @miles170 made their first contribution in #1970
- @Architrixs made their first contribution in #2015
- @JoaoDanielRufino made their first contribution in #2039
- @donheshanthaka made their first contribution in #2020
- @pogzyb made their first contribution in #2017
- @gulyapulya made their first contribution in #2013
- @Shacklebolt13 made their first contribution in #2074
- @techsnap made their first contribution in #2119
- @batunpc made their first contribution in #2122
- @Foxboron made their first contribution in #2164
- @saminarp made their first contribution in #2123
- @zhaobenny made their first contribution in #2144
- @Malay-dev made their first contribution in #2134
- @Rexbeast2 made their first contribution in #2159
- @Logan-kwan made their first contribution in #2182
- @am-3 made their first contribution in #2169
- @devils2ndself made their first contribution in #2171
- @felixbd made their first contribution in #2132
- @submicron13 made their first contribution in #2192
- @ayushthe1 made their first contribution in #2226
- @raboof made their first contribution in #2221
- @kishan3 made their first contribution in #2265
- @pratul20 made their first contribution in #2243
- @PhilippFr made their first contribution in #2249
- @aadityasinha-dotcom made their first contribution in #2289
- @adityaacse made their first contribution in #2305
- @mastdev made their first contribution in #2302
- @jazzysoggy made their first contribution in #2311
- @himanshiparnami made their first contribution in #2306
- @Mou887 made their first contribution in #2307
- @codamuse made their first contribution in #2308
- @mjhuff made their first contribution in #2386
- @paimvictor made their first contribution in #2397
Full Changelog: v3.1.1...v3.2