From d2519c12572638f9e207541aae9326330b4e44ad Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fabrice.fontaine@orange.com>
Date: Wed, 8 Jan 2025 18:26:07 +0100
Subject: [PATCH] fix: update busybox checker (#4679)

Update busybox pattern to catch version 1.00 which has been released in
2004 but is still encountered on some embedded systems ...

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
---
 cve_bin_tool/checkers/busybox.py | 2 +-
 test/test_data/busybox.py        | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/cve_bin_tool/checkers/busybox.py b/cve_bin_tool/checkers/busybox.py
index b4ffca9b7e..be38690d6a 100644
--- a/cve_bin_tool/checkers/busybox.py
+++ b/cve_bin_tool/checkers/busybox.py
@@ -20,5 +20,5 @@ class BusyboxChecker(Checker):
         # r"BusyBox is copyrighted by many authors between 1998-2015.",
     ]
     FILENAME_PATTERNS = [r"busybox"]
-    VERSION_PATTERNS = [r"BusyBox v([0-9]+\.[0-9]+\.[0-9]+)"]
+    VERSION_PATTERNS = [r"BusyBox v([0-9]+\.[0-9]+(\.[0-9]+)?)"]
     VENDOR_PRODUCT = [("busybox", "busybox")]
diff --git a/test/test_data/busybox.py b/test/test_data/busybox.py
index ac9386a975..47d6d5e057 100644
--- a/test/test_data/busybox.py
+++ b/test/test_data/busybox.py
@@ -2,7 +2,8 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 mapping_test_data = [
-    {"product": "busybox", "version": "1.18.3", "version_strings": ["BusyBox v1.18.3"]}
+    {"product": "busybox", "version": "1.18.3", "version_strings": ["BusyBox v1.18.3"]},
+    {"product": "busybox", "version": "1.00", "version_strings": ["BusyBox v1.00"]},
 ]
 package_test_data = [
     {