Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extractor.py #5003

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

extractor.py #5003

wants to merge 1 commit into from

Conversation

rudrajosh
Copy link

Fix: Prioritize 7z for MSI extraction when both unzip and 7z are installed

This pull request addresses a bug in cve-bin-tool related to MSI file extraction.

  • Problem: MSI extraction failed when both unzip and 7z were installed.
  • Cause: The tool's logic in extractor.py incorrectly prioritized unzip for MSI files, which unzip doesn't handle reliably.
  • Solution: Modified the extract_file_zip function in extractor.py.
    • Now, the tool checks for the .msi extension first.
    • If the file is an MSI, it attempts extraction using 7z.
    • If 7z fails or is not present, it falls back to unzip for other ZIP archives.
  • Benefit: Ensures correct MSI extraction in environments with both unzip and 7z.
  • Impact: Improves the robustness of cve-bin-tool when analyzing Windows installer packages.

@rudrajosh
extractor.py
e1488bd 
Fix: Prioritize 7z for MSI extraction when both unzip and 7z are installed

This pull request addresses a bug in `cve-bin-tool` related to MSI file extraction.

* **Problem:** MSI extraction failed when both `unzip` and `7z` were installed.
* **Cause:** The tool's logic in `extractor.py` incorrectly prioritized `unzip` for MSI files, which `unzip` doesn't handle reliably.
* **Solution:** Modified the `extract_file_zip` function in `extractor.py`.
    * Now, the tool checks for the `.msi` extension first.
    * If the file is an MSI, it attempts extraction using `7z`.
    * If `7z` fails or is not present, it falls back to `unzip` for other ZIP archives.
* **Benefit:** Ensures correct MSI extraction in environments with both `unzip` and `7z`.
* **Impact:** Improves the robustness of `cve-bin-tool` when analyzing Windows installer packages.
@rudrajosh
Copy link
Author

Hi maintainers 👋

This PR fixes an issue with MSI extraction by prioritizing 7z over unzip.
Currently, the required GitHub Actions checks (bandit, black, flake8, etc.) are waiting for approval since this PR is from a fork.

Could someone please approve the workflows from the Actions tab so the CI checks can run?

Thanks!

@ffontaine
Copy link
Contributor

Before approving this PR, can you first run dos2unix on extractor.py? The whole file has changed due to Windows line ending.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rudrajosh @ffontaine