From 0fb31ce613087346b781ada8df5d0ff7c7160220 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 24 Oct 2024 10:39:31 +0200 Subject: [PATCH 1/5] Fix: Fixed the problem with escaped colons in fs CPEs. There was a problem, when a formatted string CPE contained an escaped colon (e. g.) in the version. This problem is fixed now. --- util/cpeutils.c | 9 +++++++-- util/cpeutils_tests.c | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/util/cpeutils.c b/util/cpeutils.c index a70ff783..bd032e20 100644 --- a/util/cpeutils.c +++ b/util/cpeutils.c @@ -812,8 +812,13 @@ get_fs_component (const char *fs_cpe, int index) component_end = component_start; else { - for (c = component_start; *c != '\0' && *c != ':'; c++) - ; + for (c = component_start; *c != '\0'; c++) + { + if (*c == ':' && c == component_start) + break; + else if (c > component_start && *c == ':' && *(c - 1) != '\\') + break; + } } component_end = c; diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c index cd97e39d..6fec468c 100644 --- a/util/cpeutils_tests.c +++ b/util/cpeutils_tests.c @@ -212,6 +212,24 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe) "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win2003~x64~")); g_free (uri_cpe); + fs_cpe = + "cpe:2.3:a:hp:insight_diagnostics:7\\:4.0.1570:-:*:*:online:win2003:x64:*"; + uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); + assert_that ( + uri_cpe, + is_equal_to_string ( + "cpe:/a:hp:insight_diagnostics:7%3A4.0.1570:-:~~online~win2003~x64~")); + g_free (uri_cpe); + + fs_cpe = + "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win\\:2003:x64:*"; + uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); + assert_that ( + uri_cpe, + is_equal_to_string ( + "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A2003~x64~")); + g_free (uri_cpe); + fs_cpe = "This is a ~:SIGNAL:~ test."; uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); g_free (uri_cpe); From dc00cfc9a69e5d768bc41b7d5bc47f417afdef67 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Mon, 28 Oct 2024 15:12:07 +0100 Subject: [PATCH 2/5] Improved the handling of the escaping of colons. --- util/cpeutils.c | 17 +++++++++++++---- util/cpeutils_tests.c | 9 +++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/util/cpeutils.c b/util/cpeutils.c index bd032e20..2ef636ec 100644 --- a/util/cpeutils.c +++ b/util/cpeutils.c @@ -783,6 +783,7 @@ get_fs_component (const char *fs_cpe, int index) char *component = NULL; char *c; char *component_start, *component_end; + gboolean escaped; if (!fs_cpe) return NULL; @@ -793,6 +794,7 @@ get_fs_component (const char *fs_cpe, int index) c = (char *) fs_cpe; /* find start of component */ + escaped = FALSE; if (index == 0) component_start = c; else @@ -801,23 +803,30 @@ get_fs_component (const char *fs_cpe, int index) { if (*c == ':' && c == fs_cpe) i++; - else if (c > fs_cpe && *c == ':' && *(c - 1) != '\\') + else if (*c == ':' && !escaped) i++; + else if (*c == '\\' && !escaped) + escaped = TRUE; + else + escaped = FALSE; } component_start = c; } /* find end of component */ + escaped = FALSE; if (*component_start == '\0') component_end = component_start; else { for (c = component_start; *c != '\0'; c++) { - if (*c == ':' && c == component_start) - break; - else if (c > component_start && *c == ':' && *(c - 1) != '\\') + if (*c == ':' && !escaped) break; + if (*c == '\\' && !escaped) + escaped = TRUE; + else + escaped = FALSE; } } diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c index 6fec468c..8b9092f3 100644 --- a/util/cpeutils_tests.c +++ b/util/cpeutils_tests.c @@ -230,6 +230,15 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe) "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A2003~x64~")); g_free (uri_cpe); + fs_cpe = + "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win2003\\\\:x64:*"; + uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); + assert_that ( + uri_cpe, + is_equal_to_string ( + "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win2003%5C~x64~")); + g_free (uri_cpe); + fs_cpe = "This is a ~:SIGNAL:~ test."; uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); g_free (uri_cpe); From 9a8ef38be8c680a089c634c3d156ae9861dba59f Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Mon, 28 Oct 2024 15:18:52 +0100 Subject: [PATCH 3/5] Amended some formatting. --- util/cpeutils_tests.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c index 8b9092f3..4f42e55c 100644 --- a/util/cpeutils_tests.c +++ b/util/cpeutils_tests.c @@ -230,8 +230,8 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe) "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A2003~x64~")); g_free (uri_cpe); - fs_cpe = - "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win2003\\\\:x64:*"; + fs_cpe = "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:" + "win2003\\\\:x64:*"; uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); assert_that ( uri_cpe, From afc15157c5fb1b99c450bd99071fef2703d08b30 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 1 Nov 2024 12:08:25 +0100 Subject: [PATCH 4/5] Small amendment and one more test. --- util/cpeutils.c | 4 +--- util/cpeutils_tests.c | 9 +++++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/util/cpeutils.c b/util/cpeutils.c index 2ef636ec..24d53634 100644 --- a/util/cpeutils.c +++ b/util/cpeutils.c @@ -801,9 +801,7 @@ get_fs_component (const char *fs_cpe, int index) { for (int i = 0; *c != '\0' && i < index; c++) { - if (*c == ':' && c == fs_cpe) - i++; - else if (*c == ':' && !escaped) + if (*c == ':' && !escaped) i++; else if (*c == '\\' && !escaped) escaped = TRUE; diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c index 4f42e55c..648c384b 100644 --- a/util/cpeutils_tests.c +++ b/util/cpeutils_tests.c @@ -230,6 +230,15 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe) "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A2003~x64~")); g_free (uri_cpe); + fs_cpe = + "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win\\:\\:2003:x64:*"; + uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); + assert_that ( + uri_cpe, + is_equal_to_string ( + "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A%3A2003~x64~")); + g_free (uri_cpe); + fs_cpe = "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:" "win2003\\\\:x64:*"; uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); From 5a4474b4d3366898a1c3229ea96f32544d158c9e Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 1 Nov 2024 13:41:52 +0100 Subject: [PATCH 5/5] Amended some formatting. --- util/cpeutils_tests.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c index 648c384b..6e4d2cb9 100644 --- a/util/cpeutils_tests.c +++ b/util/cpeutils_tests.c @@ -230,13 +230,14 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe) "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A2003~x64~")); g_free (uri_cpe); - fs_cpe = - "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win\\:\\:2003:x64:*"; + fs_cpe = "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:win\\:\\:" + "2003:x64:*"; uri_cpe = fs_cpe_to_uri_cpe (fs_cpe); assert_that ( uri_cpe, is_equal_to_string ( - "cpe:/a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A%3A2003~x64~")); + "cpe:/" + "a:hp:insight_diagnostics:7.4.0.1570:-:~~online~win%3A%3A2003~x64~")); g_free (uri_cpe); fs_cpe = "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:-:*:*:online:"