MySQL parser does not correctly extract subcomponent names containing brackets
thoger opened this issue · comments
For some flaws, subcomponent indicated in Oracle CPU has format as "Server: Packaging (OpenSSL)" or "InnoDB (zlib)". The regex to extract this value searches for string "subcomponent: " followed by arbitrary number of any characters other than closing bracket ')':
https://github.com/mprpic/advisory-parser/blob/v1.7/advisory_parser/parsers/mysql.py#L150
So the above component names are extracted as "Server: Packaging (OpenSSL" or "InnoDB (zlib", missing the closing bracket.
Alternative to fixing the regex is to skip components with '(' in name, as the "(foo)" syntax only seems to be when flaw is in a third-party library bundled with MySQL.
Fixed by including an optional parenthesis in the regex.