Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GSoC 2024: Start Here #3550

Closed
terriko opened this issue Nov 30, 2023 · 11 comments
Closed

GSoC 2024: Start Here #3550

terriko opened this issue Nov 30, 2023 · 11 comments
Labels
gsoc Tasks related to our participation in Google Summer of Code

Comments

@terriko
Copy link
Contributor

terriko commented Nov 30, 2023
edited
Loading

CVE Binary Tool is hoping to participate in GSoC 2024 under the Python Software Foundation umbrella. We won't know if we've been accepted until Feburary 2024. You can view the GSoC 2024 dates and deadlines on Google's page This issue will be updated with more info as we know it.

About CVE Binary Tool

The CVE Binary Tool is a free, open source tool to help you find known vulnerabilities in software, using data from the National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs).

The tool has two main modes of operation:

  1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are over 330 checkers which focus on common, vulnerable open source components such as openssl, libpng, libxml2 and expat.
  2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, and several Software Bill of Materials (SBOM) formats.

It is intended to be used as part of your continuous integration system to enable regular vulnerability scanning and give you early warning of known issues in your supply chain. We expect the SBOM use case to become a lot more popular as people who work with the US government start needing to provide SBOMs as a matter of course, starting in 2023.

Dates:

  • Organizations apply usually circa February. We won't know for sure if we're in until after applications close. We'll be listed as part of "Python Software Foundation"

Project ideas:

Note that we're trying to give projects of a size that we think can be completed within the gsoc program, but if you're pretty skilled you may be able to finish these and have extra time: make sure to include some "stretch goals" of things you'd like to work on if you finish early.

Related:

Not all ideas will be viable because of the constraints of the program and the software, but all ideas are welcome for discussion on the brainstorming thread even if we can't make them into gsoc projects.

We currently expect to have only enough mentors for 1-2 GSoC contributors in 2024. If you're interested in mentoring please contact @terriko

Getting started:

It can be really overwhelming figuring out how to start in a new project, so here's some steps we recommend:

Getting Started:

  1. Follow the README and make sure you can run the tool. Try running it against random things on your hard drive and see if it finds anything. On a Linux system, your /bin directory usually yields some interesting results.
  2. Run the tests. The CVE Binary tool has a number of unit tests. Make sure you know how to run them, and if you've never used pytest before, you might want to read up on it (we also have some tests still using python's unittest, but we're tending towrads pytest for new tests). Figure out how to run a single test!
  3. Read the documentation. That should help you figure out what the tool is for and how people use it in more detail.
  4. Read the new contributor guide

Some potential first contributions:

  1. File issues. You might encounter a bug or something confusing in the documentation. Let us know if you do!
  2. Update documentation. We especially appreciate documentation feedback from new users, since your "beginner mind" means you see things differently than experienced users, and will catch places where the documentation could be more detailed or improved.
  3. Write a new test. Instructions for writing tests are here. This can be your first contribution!
  4. Try fixing a bug. We have a few flagged as "good first issue". A number of those are new checkers, which although they might sound challenging are often pretty easy to write. Instructions on how to add a new checker are here.

We expect prospective GSoC students to have made at least one code contribution if they want their application to be considered, so now's a good time to get that going! You can ask for as much help as you need.

Got stuck?

  1. Ask in the GSoC tagged issues! This "start here" issue is a good place for discussions.
  2. We have a chat server on gitter. That allows for "live" chat but no one's actually sitting there 24/7 so you should expect to post your question and get an answer hours later when someone sees it.
  3. Do not send private emails or direct messages with questions unless you're sharing a proposal draft that contains personal information

You should ask GSoC questions on public issues and in public channels. Why? First, we need contributors who are comfortable working in the open, and if you can't do that now there's a good chance you will not get accepted to GSoC. Second, a lot of the questions people have are the same, sometimes because we haven't done a great job of explaining things -- asking in public makes sure everyone has access to the answer even if they didn't know to ask it yet.

After your first contribution:

If you want to keep practicing once you've got a first commit under your belt, here's some other stuff you could try:

  1. Try working on any other issue that we have filed.
  2. Help triage issues: try to reproduce any bugs and put in a comment saying when and how you reproduced it or suggesting the bug be closed if it looks like it was already fixed.
  3. Help review pull requests: if you see someone new who's struggling with fixing linter errors or failed tests, you can help out!
  4. Help answer questions on issues. There's a lot of people asking "how do I get started on this?" right now -- if no one's answered, maybe see if you can?

Not so secret tips

We don't usually conduct interviews with our GSoC candidates, but we do take our interactions with you before GSoC into account when looking at your full application. Here's some things the mentors usually discuss after applications are in:

  1. How well did this person handle code review or changes requested on their pull requests? Were they able to fix things? Did they generally remember for future pull requests?
  2. How well does this person work in the open? Did they feel comfortable commenting on public issues or having discussions in gitter?
  3. How well did this person work with others? Did they help anyone out with code review or explanations?
  4. How well did this person work once they got past their first commit? Were they able to take on more challenging issues? How much help did they need in breaking down problems before they could try them?
  5. Do we think they'll be able to work independently with only a few hours of direct mentor feedback per week later in the coding period?
  6. Are they going to be able to complete the project they proposed? How much help will they need to be successful?
@terriko terriko added the gsoc Tasks related to our participation in Google Summer of Code label Nov 30, 2023
@terriko terriko mentioned this issue Nov 30, 2023
Closed
This was referenced Jan 31, 2024
Closed
Closed
@HamzaMateen
Copy link
Contributor

HamzaMateen commented Feb 7, 2024
edited by terriko
Loading

Hi, @terriko, I would like to work on this project, I have locally setup the tool and ran it against my /bin and /usr/local/bin directories, was surprised!!. Btw, I am running into issues running the tests. I have installed the non-dev as well as dev requirements in my virtual environment but still, when I run pytest in my root cve-binary-tool directory, I get several test failures relating to ModuleNotFound error.

This is a little strange to me, could you please shed some light on this?

here are my logs:

really long log ```bash ============================= test session starts ============================== platform linux -- Python 3.11.6, pytest-7.4.0, pluggy-1.2.0 rootdir: /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool configfile: setup.cfg collected 88 items / 27 errors

==================================== ERRORS ====================================
_________________ ERROR collecting test/test_available_fix.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_available_fix.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_available_fix.py:7: in
from pytest_mock import MockerFixture
E ModuleNotFoundError: No module named 'pytest_mock'
______________________ ERROR collecting test/test_cli.py _______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_cli.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_cli.py:24: in
from cve_bin_tool.cli import main
cve_bin_tool/cli.py:36: in
from cve_bin_tool.available_fix import (
cve_bin_tool/available_fix/init.py:8: in
from cve_bin_tool.cve_scanner import CVEData
cve_bin_tool/cve_scanner.py:14: in
from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
____________________ ERROR collecting test/test_csv2cve.py _____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_csv2cve.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_csv2cve.py:9: in
import cve_bin_tool.csv2cve as csv2cve
cve_bin_tool/csv2cve.py:10: in
from cve_bin_tool import cli
cve_bin_tool/cli.py:36: in
from cve_bin_tool.available_fix import (
cve_bin_tool/available_fix/init.py:8: in
from cve_bin_tool.cve_scanner import CVEData
cve_bin_tool/cve_scanner.py:14: in
from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
_____________________ ERROR collecting test/test_cvedb.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_cvedb.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_cvedb.py:11: in
from cve_bin_tool import cvedb
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
____________________ ERROR collecting test/test_exploits.py ____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_exploits.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_exploits.py:6: in
from cve_bin_tool.cve_scanner import CVEScanner
cve_bin_tool/cve_scanner.py:14: in
from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
___________________ ERROR collecting test/test_extractor.py ____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_extractor.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_extractor.py:30: in
from pytest_mock import MockerFixture
E ModuleNotFoundError: No module named 'pytest_mock'
_________________ ERROR collecting test/test_fetch_json_db.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_fetch_json_db.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_fetch_json_db.py:16: in
from cve_bin_tool.fetch_json_db import Fetch_JSON_DB
cve_bin_tool/fetch_json_db.py:10: in
import aiohttp
E ModuleNotFoundError: No module named 'aiohttp'
_________________ ERROR collecting test/test_format_checker.py _________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_format_checker.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_format_checker.py:13: in
from pytest_mock import MockerFixture
E ModuleNotFoundError: No module named 'pytest_mock'
_________________ ERROR collecting test/test_helper_script.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_helper_script.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_helper_script.py:9: in
from cve_bin_tool.helper_script import HelperScript, scan_files
cve_bin_tool/helper_script.py:18: in
from cve_bin_tool.cvedb import CVEDB, DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
______________________ ERROR collecting test/test_html.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_html.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_html.py:7: in
from playwright.sync_api import Locator, Page, expect
E ModuleNotFoundError: No module named 'playwright'
__________________ ERROR collecting test/test_input_engine.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_input_engine.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_input_engine.py:12: in
from cve_bin_tool.input_engine import (
cve_bin_tool/input_engine.py:12: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
______________________ ERROR collecting test/test_json.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_json.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_json.py:20: in
from cve_bin_tool.cvedb import DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
________________ ERROR collecting test/test_language_scanner.py ________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_language_scanner.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_language_scanner.py:10: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
_____________________ ERROR collecting test/test_merge.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_merge.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_merge.py:10: in
from cve_bin_tool.cve_scanner import CVEScanner
cve_bin_tool/cve_scanner.py:14: in
from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
____________________ ERROR collecting test/test_nvd_api.py _____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_nvd_api.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_nvd_api.py:12: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
_________________ ERROR collecting test/test_output_engine.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_output_engine.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_output_engine.py:20: in
from cve_bin_tool.output_engine import OutputEngine, output_csv, output_json, output_pdf
cve_bin_tool/output_engine/init.py:16: in
from lib4sbom.data.package import SBOMPackage
E ModuleNotFoundError: No module named 'lib4sbom'
______________ ERROR collecting test/test_package_list_parser.py _______________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_package_list_parser.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_package_list_parser.py:11: in
from cve_bin_tool.package_list_parser import (
cve_bin_tool/package_list_parser.py:14: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
______________________ ERROR collecting test/test_sbom.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_sbom.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_sbom.py:9: in
from cve_bin_tool.input_engine import TriageData
cve_bin_tool/input_engine.py:12: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
____________________ ERROR collecting test/test_scanner.py _____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_scanner.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_scanner.py:24: in
from pytest_mock import MockerFixture
E ModuleNotFoundError: No module named 'pytest_mock'
__________________ ERROR collecting test/test_source_epss.py ___________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_source_epss.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_source_epss.py:3: in
from cve_bin_tool.cvedb import CVEDB
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
___________________ ERROR collecting test/test_source_gad.py ___________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_source_gad.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_source_gad.py:11: in
import aiohttp
E ModuleNotFoundError: No module named 'aiohttp'
___________________ ERROR collecting test/test_source_nvd.py ___________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_source_nvd.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_source_nvd.py:8: in
import aiohttp
E ModuleNotFoundError: No module named 'aiohttp'
___________________ ERROR collecting test/test_source_osv.py ___________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_source_osv.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_source_osv.py:12: in
import aiohttp
E ModuleNotFoundError: No module named 'aiohttp'
_________________ ERROR collecting test/test_source_redhat.py __________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_source_redhat.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_source_redhat.py:9: in
from cve_bin_tool.data_sources import redhat_source
cve_bin_tool/data_sources/redhat_source.py:8: in
import aiohttp
E ModuleNotFoundError: No module named 'aiohttp'
_____________________ ERROR collecting test/test_sqlite.py _____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_sqlite.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_sqlite.py:7: in
from cve_bin_tool.checkers.sqlite import get_version_map
cve_bin_tool/checkers/sqlite.py:20: in
from cve_bin_tool.version_signature import VersionSignatureDb
cve_bin_tool/version_signature.py:11: in
from cve_bin_tool.cvedb import DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
______________________ ERROR collecting test/test_util.py ______________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_util.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_util.py:10: in
from cve_bin_tool.cve_scanner import CVEScanner
cve_bin_tool/cve_scanner.py:14: in
from cve_bin_tool.cvedb import DBNAME, DISK_LOCATION_DEFAULT
cve_bin_tool/cvedb.py:21: in
import gnupg
E ModuleNotFoundError: No module named 'gnupg'
____________________ ERROR collecting test/test_version.py _____________________
ImportError while importing test module '/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_version.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.11/importlib/init.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
test/test_version.py:9: in
from pytest_mock import MockerFixture
E ModuleNotFoundError: No module named 'pytest_mock'
=============================== warnings summary ===============================
../../../../../../../usr/lib/python3/dist-packages/_pytest/config/init.py:1373
/usr/lib/python3/dist-packages/_pytest/config/init.py:1373: PytestConfigWarning: Unknown config option: asyncio_mode

self._warn_or_fail_if_strict(f"Unknown config option: {key}\n")

test/test_async_utils.py:34
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_async_utils.py:34: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_async_utils.py:40
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_async_utils.py:40: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_file.py:20
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_file.py:20: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_file.py:36
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_file.py:36: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_file.py:41
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_file.py:41: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_file.py:46
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_file.py:46: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_file.py:51
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_file.py:51: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_strings.py:25
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_strings.py:25: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_strings.py:37
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_strings.py:37: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

test/test_strings.py:42
/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/test_strings.py:42: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
@pytest.mark.asyncio

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
ERROR test/test_available_fix.py
ERROR test/test_cli.py
ERROR test/test_csv2cve.py
ERROR test/test_cvedb.py
ERROR test/test_exploits.py
ERROR test/test_extractor.py
ERROR test/test_fetch_json_db.py
ERROR test/test_format_checker.py
ERROR test/test_helper_script.py
ERROR test/test_html.py
ERROR test/test_input_engine.py
ERROR test/test_json.py
ERROR test/test_language_scanner.py
ERROR test/test_merge.py
ERROR test/test_nvd_api.py
ERROR test/test_output_engine.py
ERROR test/test_package_list_parser.py
ERROR test/test_sbom.py
ERROR test/test_scanner.py
ERROR test/test_source_epss.py
ERROR test/test_source_gad.py
ERROR test/test_source_nvd.py
ERROR test/test_source_osv.py
ERROR test/test_source_redhat.py
ERROR test/test_sqlite.py
ERROR test/test_util.py
ERROR test/test_version.py
!!!!!!!!!!!!!!!!!!! Interrupted: 27 errors during collection !!!!!!!!!!!!!!!!!!!
======================= 11 warnings, 27 errors in 0.93s ========================

</details>

Edit: Terri has edited this comment so that the log collapses.

@terriko
Copy link
Contributor Author

terriko commented Feb 7, 2024

@HamzaMateen

Can you try running pytest as python -m pytest and see if that works for you?

Usually those messages mean "you forgot to install these dependencies" but I've seen this occasionally on systems such as ubuntu where pytest may have been installed as part of a system package (e.g. apt-get install python-pytest) and it's then looking in the wrong directory for the dependencies you just installed. If you run it as python -m pytest then you should get the version that goes with whatever python you're using and it should go more smoothly.

If that solves the problem, you might want to alias pytest="python -m pytest" and for your local user and just move on with life, or you might be able to the magic with the update-alternatives command.

@HamzaMateen
Copy link
Contributor

HamzaMateen commented Feb 13, 2024
edited by terriko
Loading

@terriko That resolved the problem. Thanks!

now, I have a newfound problem. It is trivial that many of the tests are not passing. Here's the last output line which I got when I ran the tests:

=========== 1170 failed, 803 passed, 64 skipped in 554.15s (0:09:14) ===========

I can't paste the logs because they're huge, btw, the results are failing after having run 3% of the total tests. The following is just a glimpse of the logs which I got:

Edit: Terri has edited this comment so that the log collapses.

test log 
============================= test session starts ==============================
platform linux -- Python 3.11.6, pytest-7.4.4, pluggy-1.4.0
rootdir: /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool
configfile: setup.cfg
plugins: cov-4.1.0, mock-3.12.0, xdist-3.5.0, playwright-0.4.4, base-url-2.1.0, asyncio-0.23.4
asyncio: mode=Mode.STRICT

----------------------------- live log collection ------------------------------
INFO     gnupg:_logger.py:98 Log opened: Tue Feb 13 11:41:33 2024 UTC
INFO     cve_bin_tool:test_json.py:34 Schema loaded successfully
collected 2037 items

test/test_async_utils.py::test_aio_run_command_success PASSED            [  0%]
test/test_async_utils.py::test_aio_run_command_returncode_non_zero PASSED [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_long_debian_backport_fix_output SKIPPED [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_debian_backport_fix_output 
-------------------------------- live log setup --------------------------------
INFO     cve_bin_tool:debian_cve_tracker.py:100 Updating Debian CVE JSON file for checking available fixes.
INFO     cve_bin_tool:debian_cve_tracker.py:105 Debian CVE JSON file for checking available fixes is updated.
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:debian_cve_tracker.py:58 pspp: CVE-2018-20230 has backported fix in v1.2.0-3 release.
INFO     cve_bin_tool:debian_cve_tracker.py:58 pspp: CVE-2019-9211 has backported fix in v1.2.0-4 release.
PASSED                                                                   [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_long_debian_available_fix_output SKIPPED [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_debian_available_fix_output 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:debian_cve_tracker.py:66 avahi: CVE-2010-2244 has available fix in v0.6.26-1 release.
INFO     cve_bin_tool:debian_cve_tracker.py:66 avahi: CVE-2011-1002 has available fix in v0.6.28-4 release.
INFO     cve_bin_tool:debian_cve_tracker.py:66 avahi: CVE-2017-6519 has available fix in v0.7-5 release.
INFO     cve_bin_tool:debian_cve_tracker.py:66 avahi: CVE-2021-26720 has available fix in v0.8-4 release.
PASSED                                                                   [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_long_redhat_available_fix_output SKIPPED [  0%]
test/test_available_fix.py::TestAvailableFixReport::test_redhat_available_fix_output 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22918 - Status: Fixed - Fixed package: nodejs v12
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22918 - Status: Fixed - Fixed package: nodejs v14
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22918 - Status: Fixed - Fixed package: libuv v1.41
INFO     cve_bin_tool:redhat_cve_tracker.py:60 node.js: CVE-2021-22918 - Status: Not affected - Related package: nodejs v16
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22931 - Status: Fixed - Fixed package: nodejs v12
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22931 - Status: Fixed - Fixed package: nodejs v14
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22931 - Status: Fixed - Fixed package: libuv v1.41
INFO     cve_bin_tool:redhat_cve_tracker.py:60 node.js: CVE-2021-22931 - Status: Not affected - Related package: nodejs v16
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22939 - Status: Fixed - Fixed package: nodejs v12
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22939 - Status: Fixed - Fixed package: nodejs v14
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22939 - Status: Fixed - Fixed package: libuv v1.41
INFO     cve_bin_tool:redhat_cve_tracker.py:60 node.js: CVE-2021-22939 - Status: Not affected - Related package: nodejs v16
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22940 - Status: Fixed - Fixed package: nodejs v12
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22940 - Status: Fixed - Fixed package: nodejs v14
INFO     cve_bin_tool:redhat_cve_tracker.py:47 node.js: CVE-2021-22940 - Status: Fixed - Fixed package: libuv v1.41
INFO     cve_bin_tool:redhat_cve_tracker.py:60 node.js: CVE-2021-22940 - Status: Not affected - Related package: nodejs v16
PASSED                                                                   [  0%]
test/test_checkers.py::TestCheckerClass::test_valid_checker PASSED       [  0%]
test/test_checkers.py::TestCheckerClass::test_no_vpkg PASSED             [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[apache-httpd-expected_results0] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[binutils-dlltool-expected_results1] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bzip2-bzip2.so-expected_results2] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[cups-cupsd.so-expected_results3] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[curl-libcurl.so.4-expected_results4] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[emacs-emacs-expected_results5] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[emacs-emacs-nox-expected_results6] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[emacs-emacs-gtk-expected_results7] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[ffmpeg-libffmpeg.so-expected_results8] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[gnutls_cli-libgnutls.so-expected_results9] PASSED [  0%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[gnutls_serv-gnutls-serv-expected_results10] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[gstreamer-libgstreamer.so-expected_results11] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[hostapd-hostapd.so-expected_results12] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[icu-international_components_for_unicode.o-expected_results13] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[kerberos-kerberos-expected_results14] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libcurl-libcurl.so.2.0-expected_results15] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libdb-libdb-2.0.so-expected_results16] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libexpat-libexpat.so-expected_results17] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libgcrypt-libgcrypt.so.1.0-expected_results18] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libjpeg-libjpg.so.2.0-expected_results19] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libnss-libnss.so.1.0-expected_results20] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[libtiff-libtiff.so.1.0-expected_results21] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[lighttpd-lighttpd-expected_results22] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[ncurses-libform-expected_results23] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[nessus-libnessus-expected_results24] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[nginx-nginx-expected_results25] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[node-bin/node-expected_results26] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-scp-expected_results27] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-sftp-expected_results28] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-expected_results29] PASSED [  1%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-add-expected_results30] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-agent-expected_results31] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-argv0-expected_results32] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-copy-id-expected_results33] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-keygen-expected_results34] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-ssh-keyscan-expected_results35] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_client-slogin-expected_results36] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssh_server-sshd-expected_results37] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openssl-libcrypto.so-expected_results38] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[openswan-ranbits.so-expected_results39] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[png-libpng.so.1.0-expected_results40] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[postgresql-psql-expected_results41] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python-expected_results42] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python2.7-expected_results43] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python3.8-expected_results44] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[python-python3.9-expected_results45] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[rsyslog-rsyslogd.so-expected_results46] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[sqlite-sqlite3-expected_results47] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[strongswan-libcharon.so-expected_results48] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[syslogng-syslog-ng.so-expected_results49] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[systemd-libsystemd.so.0-expected_results50] PASSED [  2%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[varnish-varnish-expected_results51] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[vim-vim-expected_results52] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[vim-vim-enhanced-expected_results53] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[wireshark-rawshark-expected_results54] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[xerces-libxerces-c.so-expected_results55] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[xml2-libxml2.so.0-expected_results56] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[zlib-libz.so.0-expected_results57] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libbind9-9.16.37-Debian.so-expected_results58] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libdns-9.16.37-Debian.so-expected_results59] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libirs-9.16.37-Debian.so-expected_results60] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libisc-9.16.37-Debian.so-expected_results61] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libisccc-9.16.37-Debian.so-expected_results62] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libisccfg-9.16.37-Debian.so-expected_results63] PASSED [  3%]
test/test_checkers.py::TestCheckerVersionParser::test_filename_is[bind-libns-9.16.37-Debian.so-expected_results64] PASSED [  3%]
test/test_cli.py::TestCLI::test_extract_curl_7_20_0 SKIPPED (No file...) [  3%]
test/test_cli.py::TestCLI::test_binary_curl_7_20_0 SKIPPED (No file ...) [  3%]
test/test_cli.py::TestCLI::test_no_extraction SKIPPED (No file downl...) [  3%]
test/test_cli.py::TestCLI::test_extract_bad_zip_messages 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool:version.py:27 [bold red]You are running version 3.3rc2 of cve-bin-tool but the latest PyPI Version is 3.2.1.[/]
INFO     cve_bin_tool:nvd_source.py:323 Getting NVD CVE data...
INFO     cve_bin_tool:gad_source.py:86 Getting GitLab Advisory Database CVEs...
INFO     cve_bin_tool:redhat_source.py:69 Getting RedHat CVEs...
INFO     cve_bin_tool:redhat_source.py:136 Adding 25 RedHat CVE entries
INFO     cve_bin_tool:osv_source.py:156 Getting Open Source Vulnerability Database CVEs...
ERROR    cve_bin_tool:osv_source.py:367 Unable to fetch OSV CVEs, skipping OSV.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
WARNING  cve_bin_tool.VersionScanner:extractor.py:351 Failure extracting /tmp/tmpoebxt6kx/empty-file.zip
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
PASSED                                                                   [  3%]
test/test_cli.py::TestCLI::test_exclude SKIPPED (No file downloads i...) [  3%]
test/test_cli.py::TestCLI::test_usage 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
ERROR    cve_bin_tool:error_handler.py:202 InsufficientArgs: Please specify a directory to scan or an input file required
PASSED                                                                   [  3%]
test/test_cli.py::TestCLI::test_version PASSED                           [  4%]
test/test_cli.py::TestCLI::test_invalid_file_or_directory 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
ERROR    cve_bin_tool:error_handler.py:202 FileNotFoundError: Directory/File doesn't exist
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_null_byte_in_filename 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
ERROR    cve_bin_tool:error_handler.py:202 FileNotFoundError: Directory/File doesn't exist
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
ERROR    cve_bin_tool:error_handler.py:202 FileNotFoundError: Directory/File doesn't exist
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_invalid_parameter PASSED                 [  4%]
test/test_cli.py::TestCLI::test_update_flags SKIPPED (Update flag te...) [  4%]
test/test_cli.py::TestCLI::test_skips 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 350
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 350
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_runs 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 4
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: libexpat, libgcrypt, openssl, sqlite
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 4
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: kerberos, systemd, xerces, xml2
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_update SKIPPED (Update flag tests ar...) [  4%]
test/test_cli.py::TestCLI::test_unknown_warning 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_quiet_mode SKIPPED (Causing problems...) [  4%]
test/test_cli.py::TestCLI::test_config_file[/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/config/cve_bin_tool_config.toml] SKIPPED [  4%]
test/test_cli.py::TestCLI::test_config_file[/home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/test/config/cve_bin_tool_config.yaml] SKIPPED [  4%]
test/test_cli.py::TestCLI::test_severity 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool.CVEScanner:cve_scanner.py:285 39 CVE(s) in haxx.curl version 7.20.0
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 1 products with known CVEs detected
INFO     cve_bin_tool:cli.py:1032 Known CVEs in ('haxx.curl', '7.20.0'):
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/sevtest.csv
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_CVSS_score 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool.CVEScanner:cve_scanner.py:285 79 CVE(s) in haxx.curl version 7.20.0
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 1 products with known CVEs detected
INFO     cve_bin_tool:cli.py:1032 Known CVEs in ('haxx.curl', '7.20.0'):
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/sevtest.csv
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 0 products with known CVEs detected
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/sevtest.csv
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool.CVEScanner:cve_scanner.py:285 79 CVE(s) in haxx.curl version 7.20.0
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 1 products with known CVEs detected
INFO     cve_bin_tool:cli.py:1032 Known CVEs in ('haxx.curl', '7.20.0'):
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/sevtest.csv
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool.CVEScanner:cve_scanner.py:285 39 CVE(s) in haxx.curl version 7.20.0
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 1 products with known CVEs detected
INFO     cve_bin_tool:cli.py:1032 Known CVEs in ('haxx.curl', '7.20.0'):
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/sevtest.csv
PASSED                                                                   [  4%]
test/test_cli.py::TestCLI::test_EPSS_probability 
-------------------------------- live log call ---------------------------------
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 238142 CVE entries from NVD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 18884 CVE entries from GAD in the database
INFO     cve_bin_tool.CVEDB:cvedb.py:295 There are 17229 CVE entries from REDHAT in the database
INFO     cve_bin_tool:cli.py:800 CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat
INFO     cve_bin_tool:cli.py:803 CVE database last updated on 13 February 2024 at 16:43:29
INFO     cve_bin_tool:cli.py:980 Number of checkers: 354
INFO     cve_bin_tool.VersionScanner:version_scanner.py:113 Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird, bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio, cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, domoticz, dosfstools, dovecot, doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp, fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip, haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind, janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml, libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus, libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached, micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm, nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv, openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler, postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync, rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh, stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird, timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools, vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard
INFO     cve_bin_tool:cli.py:985 Number of language checkers: 10
INFO     cve_bin_tool.VersionScanner:version_scanner.py:138 Language Checkers: Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift
INFO     cve_bin_tool.CVEScanner:cve_scanner.py:285 79 CVE(s) in haxx.curl version 7.20.0
INFO     cve_bin_tool:cli.py:1020 Overall CVE summary: 
INFO     cve_bin_tool:cli.py:1021 There are 1 products with known CVEs detected
INFO     cve_bin_tool:cli.py:1032 Known CVEs in ('haxx.curl', '7.20.0'):
INFO     cve_bin_tool.OutputEngine:__init__.py:1014 CSV report stored at /home/ycombinator/opensource/gsoc24/orgs/intel/cve-bin-tool/epss_probability.csv
INFO     cve_bin_tool:cli.py:543 CVE Binary Tool v3.3rc2
INFO     cve_bin_tool:cli.py:544 This product uses the NVD API but is not endorsed or certified by the NVD.
INFO     cve_bin_tool.CVEDB:cvedb.py:222 Using cached CVE data (<24h old). Use -u now to update immediately.
INFO     cve_bin_tool.CVEDB:cvedb.py:293 There are 274255 CVE entries in the database
I

I ran the following command to get the response back on stdout as well as redirect it to my log file.

pytest tests/ --log-cli-level=INFO | tee pytest.log

Is this output safe enough so that I can get going with my development phase? Thanks!

ps. Here are the detailed logs:
https://drive.google.com/file/d/15Z5lPe8A_F6prvzswIRXb199FV3KiPMu/view?usp=sharing

@terriko terriko mentioned this issue Feb 13, 2024
Closed
@HamzaMateen
Copy link
Contributor

Hey @terriko, I have locally setup the system, ran the tests, read a whole case study of incorporating EPSS to cve-bin-tool from the previous gsoc'23 along with creating a small documentation PR which is here #3852.

Can I please get some guidance on how should I get started with writing my project proposal? Thanks!

@terriko
Copy link
Contributor Author

terriko commented Feb 26, 2024

Tips on applying and (if you scroll down a bit) on what we need in the proposal: https://python-gsoc.org/#apply

  • Make sure you fill in at least the 5 things we ask for on that page. Applicants who don't appear to have read any of Python's instructions generally get stuck in a rejection bin. (And that's typically 50% of applicants. Don't be one of them!)

After that, what you want to do with your project proposal is...

  1. Show us you understood the problem and related problems.
    • You can start by cutting and pasting whatever we said, but writing some of it on your own often helps applicants show that they understand the material.
    • Resist the urge to use tools like ChatGPT for this -- I'm hearing from others that it's often making applicants look significantly worse than they would otherwise, and you learn more from doing it yourself.
  2. Show us that you have the skills to solve the problem. There's a few ways to do this:
    • have a good breakdown of the project into smaller pieces and a timeline that you think represents how long they'll take. It's ok to be wrong (professional software people are notoriously bad at time estimation, so much so that books have been written about it) but it's still useful for us to know what you think will be fast and what will take more time.
    • ask questions directly on the project issue to clarify your understanding and help everyone see how to refine the problem
    • Do a few extra issues, especially ones related to your chosen project. We try not to require hours of unpaid work from applicants but sometimes trying 1-2 hard issues after your required easy one helps us get a chance to see if we'll work together well.
    • Spend some time thinking about and describing the tests you'll need to write and how you'd set them up.
  3. Spend time reading and curating related materials.
    • In the case of both of our projects this year, understanding why people need triage and SBOMs and what they're going to want out of our tool is going to be important. Find some blog posts, presentations, etc. about triage and vulnerability scanning and put these related links in your presentation showing that you curated a reasonable list of inspiration.
    • Stuff like the US Cybersecurity Order is actually worth a read even though it's dense and kind of annoying language. Many of our users are trying to figure out how best to comply with that or similar directives from their corporations or countries.
    • Groups like OWASP or the OpenSSF probably also have useful resources.
    • Note that a lot of people are complaining that Google Search is returning really bad results lately, so you may need to switch to an alternative search engine.

@terriko
Copy link
Contributor Author

terriko commented Feb 26, 2024

@HamzaMateen I made it so people didn't have to scroll through your lengthy logs using Github's collapsed sections. Please use this if you need to post any really long logs to this thread in the future!

Did you manage to get the 1170 tests passing? Those are fairly important: that's probably every single checker test failing, and the most common reason for that to happen is if your extracting code isn't working, which would absolutely mean your environment is not ready for working on a GSoC project.

@terriko
Copy link
Contributor Author

terriko commented Apr 1, 2024

Quick reminders:

  1. Make sure to put cve-bin-tool in the title of your proposal as shown in the google system (as in, not just in the pdf you submit). The PSF can have hundreds of applications and we don't want yours getting lost in the pile because it doesn't come up in an easy search!
  2. If you haven't already got something uploaded in https://summerofcode.withgoogle.com/ do it now! Don't wait until the last second -- every year we have people miss the deadline because their clock was wrong or their internet went out. don't let that be you!
  3. Don't worry if you haven't actually had a PR accepted yet -- we can finish up PRs during the proposal review phase. Just having something submitted is good enough for your application.

@terriko
Copy link
Contributor Author

terriko commented May 30, 2024

GSoC 2024 coding is now underway!

Since applications are long over and our candidates have been selected, I'm going to go ahead and close this now.

@terriko terriko closed this as completed May 30, 2024
@rahulharpal1603
Copy link

Hi @terriko, Can you please tell whether this project will be participating in GSoC'25?

@terriko
Copy link
Contributor Author

terriko commented Jan 23, 2025

@rahulharpal1603 We're intending to apply! We won't know if we get in until Google makes their decisions, as usual.

Applications don't even open until next week I think so we're not quite set up yet.

@terriko
Copy link
Contributor Author

terriko commented Jan 23, 2025

I've set up this year's "start here" post here:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
gsoc Tasks related to our participation in Google Summer of Code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@terriko @HamzaMateen @rahulharpal1603