Comments (6)
Do you have coccinelle installed? If you will add --verbose flag it will output additionally the failed coccinelle run.
from cvehound.
The tool uses coccinelle internally (which spatch
) to check sources for known patterns. From your screen it seems like there is no spatch binary in the system. To install it: sudo apt install coccinelle
. I will add a check in the next release to warn users if cocci is not installed in the system.
from cvehound.
With --verbose it produces:
Checking: CVE-2018-8043
Failed to check CVE-2018-8043
spatch is there:
solt@Holodeck:~$ which spatch
/usr/bin/spatch
coccinelle was installed with:
860 sudo add-apt-repository ppa:npalix/coccinelle
861 apt-get install coccinelle
from cvehound.
Sorry, -vv
instead of a single -v
from cvehound.
Aha! We're getting somewhere. It now says things like:
Failed to run: spatch --no-includes --include-headers -D detect --no-show-diff -j 12 --cocci-file /home/solt/.local/lib/python3.8/site-packages/cvehound/cve/CVE-2019-18808.cocci /home/solt/workspace/linux-source-5.4.0/drivers/crypto/ccp/ccp-ops.c
When I ran that spatch command it said:
solt@Holodeck:~$ spatch --no-includes --include-headers -D detect --no-show-diff -j 12 --cocci-file /home/solt/.local/lib/python3.8/site-packages/cvehound/cve/CVE-2019-18808.cocci /home/solt/workspace/linux-source-5.4.0/drivers/crypto/ccp/ccp-ops.c
init_defs_builtins: /usr/bin/../lib/coccinelle/standard.h
warning: line 14: should sha be a metavariable?
warning: line 14: should sha be a metavariable?
warning: line 16: should sha be a metavariable?
warning: line 18: should ret be a metavariable?
warning: line 19: should e_ctx be a metavariable?
Py.find_library: unable to find the Python library [libpython2.7m.so returned Library not found] [/usr/bin/../lib/libpython2.7m.so returned Library not found] [libpython2.7.so returned Library not found] [/usr/bin/../lib/libpython2.7.so returned Library not found]
So I sudo apt install libpython2.7
and it seems to work now:
Checking: CVE-2020-27825
Checking: CVE-2020-27830
Found: CVE-2020-27830
MSG: speakup: Reject setting the speakup line discipline outside of speakup
DATE: 2020-12-14
/home/solt/workspace/linux-source-5.4.0/drivers/staging/speakup/spk_ttyio.c:62:9-10: ERROR: CVE-2020-27830
/home/solt/workspace/linux-source-5.4.0/drivers/staging/speakup/spk_ttyio.c:148:12-13: ERROR: CVE-2020-27830
Thanks!!
from cvehound.
Aha, cocci still depends on python2.7 internally. I will add this to README. Thanks
from cvehound.
Related Issues (20)
- CVE-2020-27825
- 9 CVE bugs in Linux-next. HOT 7
- CVE-2016-9793 fails on latest coccinelle HOT 3
- Test multiple coccinelle versions HOT 8
- CI: add opam caching HOT 1
- Fix CVE-2015-4700 with --all-files
- fix CVE-2021-0342 HOT 1
- Add rules for CVEs with exploits
- Add CVEs described in commit messages
- Which license is this project using? HOT 10
- CVE-2017-1000407: doesn't detect ffb128c89b77b44da18ccf51844a8e750e2c427a commit
- Update CVE-2014-8480
- CVE-2021-28971 crash and wrong architecture HOT 4
- --exploit shows KeyError: 'CVE-2022-0185' HOT 1
- CVE-2021-3411 accesses /proc/self/cmdline HOT 2
- lscpu: failed to determine number of CPUs: /sys/devices/system/cpu/possible: No such file or directory HOT 1
- Earliest version of Linux kernel that is supported? HOT 1
- making data directory for storing kernel_cves.json.gz configurable HOT 4
- suggestion: split spatch output for easier postprocessing of results HOT 2
- CVE-2014-0101 fails CI tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvehound.