Comments (6)
evdenis
commented on June 9, 2024
Do you have coccinelle installed? If you will add --verbose flag it will output additionally the failed coccinelle run.
from cvehound.
evdenis
commented on June 9, 2024
The tool uses coccinelle internally (which spatch) to check sources for known patterns. From your screen it seems like there is no spatch binary in the system. To install it: sudo apt install coccinelle. I will add a check in the next release to warn users if cocci is not installed in the system.
from cvehound.
pysiak
commented on June 9, 2024
With --verbose it produces:
Checking: CVE-2018-8043
Failed to check CVE-2018-8043
spatch is there:
solt@Holodeck:~$ which spatch
/usr/bin/spatch
coccinelle was installed with:
860 sudo add-apt-repository ppa:npalix/coccinelle
861 apt-get install coccinelle
from cvehound.
evdenis
commented on June 9, 2024
Sorry, -vv instead of a single -v
from cvehound.
pysiak
commented on June 9, 2024
Aha! We're getting somewhere. It now says things like:
Failed to run: spatch --no-includes --include-headers -D detect --no-show-diff -j 12 --cocci-file /home/solt/.local/lib/python3.8/site-packages/cvehound/cve/CVE-2019-18808.cocci /home/solt/workspace/linux-source-5.4.0/drivers/crypto/ccp/ccp-ops.c
When I ran that spatch command it said:
solt@Holodeck:~$ spatch --no-includes --include-headers -D detect --no-show-diff -j 12 --cocci-file /home/solt/.local/lib/python3.8/site-packages/cvehound/cve/CVE-2019-18808.cocci /home/solt/workspace/linux-source-5.4.0/drivers/crypto/ccp/ccp-ops.c
init_defs_builtins: /usr/bin/../lib/coccinelle/standard.h
warning: line 14: should sha be a metavariable?
warning: line 14: should sha be a metavariable?
warning: line 16: should sha be a metavariable?
warning: line 18: should ret be a metavariable?
warning: line 19: should e_ctx be a metavariable?
Py.find_library: unable to find the Python library [libpython2.7m.so returned Library not found] [/usr/bin/../lib/libpython2.7m.so returned Library not found] [libpython2.7.so returned Library not found] [/usr/bin/../lib/libpython2.7.so returned Library not found]
So I sudo apt install libpython2.7 and it seems to work now:
Checking: CVE-2020-27825
Checking: CVE-2020-27830
Found: CVE-2020-27830
MSG: speakup: Reject setting the speakup line discipline outside of speakup
DATE: 2020-12-14
/home/solt/workspace/linux-source-5.4.0/drivers/staging/speakup/spk_ttyio.c:62:9-10: ERROR: CVE-2020-27830
/home/solt/workspace/linux-source-5.4.0/drivers/staging/speakup/spk_ttyio.c:148:12-13: ERROR: CVE-2020-27830
Thanks!!
from cvehound.
evdenis
commented on June 9, 2024
Aha, cocci still depends on python2.7 internally. I will add this to README. Thanks
from cvehound.
Related Issues (20)
- CVE-2020-27825
- 9 CVE bugs in Linux-next. HOT 7
- CVE-2016-9793 fails on latest coccinelle HOT 3
- Test multiple coccinelle versions HOT 8
- CI: add opam caching HOT 1
- Fix CVE-2015-4700 with --all-files
- fix CVE-2021-0342 HOT 1
- Add rules for CVEs with exploits
- Add CVEs described in commit messages
- Which license is this project using? HOT 10
- CVE-2017-1000407: doesn't detect ffb128c89b77b44da18ccf51844a8e750e2c427a commit
- Update CVE-2014-8480
- CVE-2021-28971 crash and wrong architecture HOT 4
- --exploit shows KeyError: 'CVE-2022-0185' HOT 1
- CVE-2021-3411 accesses /proc/self/cmdline HOT 2
- lscpu: failed to determine number of CPUs: /sys/devices/system/cpu/possible: No such file or directory HOT 1
- Earliest version of Linux kernel that is supported? HOT 1
- making data directory for storing kernel_cves.json.gz configurable HOT 4
- suggestion: split spatch output for easier postprocessing of results HOT 2
- CVE-2014-0101 fails CI tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvehound.