accept old_safe versions with higher minor version
Hanno Böck

Hanno Böck commited on 2022-07-15 12:39:50
Zeige 1 geänderte Dateien mit 19 Einfügungen und 2 Löschungen.

... ...
@@ -41,6 +41,23 @@ def versioncompare(safe_version, find_version):
41 41
     return find_version_tup < safe_version_tup
42 42
 
43 43
 
44
+def checkoldsafe(old_safe, find_version):
45
+    find_version_tup = [int(x) for x in find_version.split(".")]
46
+    for oldver in old_safe.split(","):
47
+        oldver_tup = [int(x) for x in oldver.split(".")]
48
+
49
+        if find_version_tup == oldver_tup:
50
+            return True
51
+        # handle special case where minor version is larger
52
+        if (
53
+            len(find_version_tup) >= 2
54
+            and find_version_tup[:-1] == oldver_tup[:-1]
55
+            and find_version_tup[-1] > oldver_tup[-1]
56
+        ):
57
+            return True
58
+    return False
59
+
60
+
44 61
 def vulnprint(appname, version, safeversion, vuln, vfilename, subdir,
45 62
               xml):
46 63
     appdir = '/'.join(os.path.abspath(vfilename).split('/')[:-1 - subdir])
... ...
@@ -148,8 +165,8 @@ for fdir in opts.dirs:
148 165
 
149 166
                         if (not versioncompare(item['safe'], findversion)
150 167
                                 or ('old_safe' in item
151
-                                    and findversion in
152
-                                    item['old_safe'].split(','))):
168
+                                    and checkoldsafe(item['old_safe'],
169
+                                                     findversion))):
153 170
                             if opts.all:
154 171
                                 vulnprint(item['name'], findversion, "ok", "",
155 172
                                           mfile, det['subdir'], opts.xml)
156 173