Conversation
anthonyharrison
left a comment
anthonyharrison
left a comment
There was a problem hiding this comment.
Is the database built each time cve-bin-tool is run? If not, where is the database stored? Should rgere be an option to rebulid the database?
Need extra tests to support the new CLI option
alex-ter
left a comment
alex-ter
left a comment
There was a problem hiding this comment.
A few minor docs-related comments with suggested fixes.
doc/MANUAL.md
Outdated
|
|
||
| ### --pyperscan | ||
|
|
||
| The pyperscan flag enables pyperscan support in the CVE Bin Tool. [pyperscan](https://github.com/vlaci/pyperscan) is an opinionated Python binding for [Hyperscan](https://www.hyperscan.io) focusing on easy of use and safety. |
There was a problem hiding this comment.
I've checked a bit more, and looks like pyperscan uses Vectorscan fork by default, not Hyperscan (see vlaci/pyperscan#35 and e.g., the build container configs). You might want to change that, too.
There was a problem hiding this comment.
Good catch, I added a note in the README file to add this information.
Yes, the hyperscan database is built every time cve-bin-tool is run and is not stored anywhere. As it is not saved anywhere, it doesn't make sense to add an option to rebuild it.
I added a simple test, tell me if more is needed. |
ffontaine
force-pushed
the
add-hyperscan
branch
2 times, most recently
from
8daf170 to
cced951
Compare
hyperscan will run simultaneously all version checkers on a file which reduce processing time. pyperscan package is used instead of the most well-known hyperscan package as pyperscan allows to add a tag for each pattern. This feature will allow to retrieve easily the checker associated to the matched pattern. On my local machine, running a scan on an embedded firmware takes 220 seconds with pyperscan instead of 326 seconds. However, pyperscan is slower on a single file and unsupported on Windows, so add a --pyperscan option (disabled by default) Fix ossf#2485 Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
ffontaine
force-pushed
the
add-hyperscan
branch
from
cced951 to
9812b2e
Compare
3 participants
hyperscan will run simultaneously all version checkers on a file which reduce processing time.
pyperscan package is used instead of the most well-known hyperscan package as pyperscan allows to add a tag for each pattern. This feature will allow to retrieve easily the checker associated to the matched pattern.
On my local machine, running a scan on an embedded firmware takes 220 seconds with pyperscan instead of 326 seconds.
However, pyperscan is slower on a single file and unsupported on Windows, so add a --pyperscan option (disabled by default)
Fix #2485