feat(checker): add libyaml checker

Signed-off-by: Fabrice Fontaine <[email protected]>

Author: ffontaine

cve_bin_tool/checkers/__init__.py

@@ -208,6 +208,7 @@
     "libvorbis",
     "libvpx",
     "libxslt",
+    "libyaml",
     "lighttpd",
     "linux_kernel",
     "lldpd",

cve_bin_tool/checkers/libyaml.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for libyaml
+
+https://www.cvedetails.com/product/27063/Pyyaml-Libyaml.html?vendor_id=13115
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class LibyamlChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [r"([0-9]+\.[0-9]+\.[0-9]+)[a-z_=&!>|()/ \.\-\r\n]*tag:yaml"]
+    VENDOR_PRODUCT = [("pyyaml", "libyaml")]

test/condensed-downloads/libyaml-0-2_0.2.1-1_amd64.deb.tar.gz

@@ -0,0 +1,26 @@
+# Copyright (C) 2024 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {"product": "libyaml", "version": "0.2.1", "version_strings": ["0.2.1\ntag:yaml"]}
+]
+package_test_data = [
+    {
+        "url": "http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/l/",
+        "package_name": "libyaml-0.2.5-15.fc41.aarch64.rpm",
+        "product": "libyaml",
+        "version": "0.2.5",
+    },
+    {
+        "url": "http://ftp.fr.debian.org/debian/pool/main/liby/libyaml/",
+        "package_name": "libyaml-0-2_0.2.1-1_amd64.deb",
+        "product": "libyaml",
+        "version": "0.2.1",
+    },
+    {
+        "url": "https://downloads.openwrt.org/releases/packages-19.07/x86_64/packages/",
+        "package_name": "libyaml_0.2.2-1_x86_64.ipk",
+        "product": "libyaml",
+        "version": "0.2.2",
+    },
+]