refactor: Fixes #4578

.pre-commit-config.yaml

@@ -26,7 +26,7 @@ repos:
     hooks:
       - id: pyupgrade
         exclude: ^fuzz/generated/
-        args: ["--py38-plus"]
+        args: ["--py312-plus"]
 
   - repo: https://github.com/pycqa/flake8
     rev: 7.1.2

cve_bin_tool/cli.py

@@ -96,7 +96,7 @@ def main(argv=None):
     """Scan a binary file for certain open source libraries that may have CVEs"""
     if sys.version_info < (3, 8):
         raise OSError(
-            "Python no longer provides security updates for version 3.7 as of June 2023. Please upgrade to python 3.8+ to use CVE Binary Tool."
+            "Python no longer provides security updates for version 3.8 as of October 2024. Please upgrade to Python 3.9+ to use CVE Binary Tool."
         )
     argv = argv or sys.argv
 

cve_bin_tool/csv2cve.py

@@ -18,7 +18,7 @@ def main(argv: list[str] | None = None):
     """Used to scan a .csv file that lists the dependencies."""
     if sys.version_info < (3, 8):
         raise OSError(
-            "Python no longer provides security updates for version 3.7 as of June 2023. Please upgrade to python 3.8+ to use CVE Binary Tool."
+            "Python no longer provides security updates for version 3.8 as of October 2024. Please upgrade to Python 3.9+ to use CVE Binary Tool."
         )
     logger: logging.Logger = LOGGER.getChild("CSV2CVE")
     argv = argv or sys.argv

cve_bin_tool/cve_scanner.py

@@ -7,7 +7,6 @@
 from logging import Logger
 from pathlib import Path
 from string import ascii_lowercase
-from typing import DefaultDict, Dict, List
 
 from rich.console import Console
 
@@ -19,6 +18,8 @@
 from cve_bin_tool.util import CVE, CVEData, ProductInfo, Remarks, VersionInfo
 from cve_bin_tool.version_compare import Version
 
+# from typing import Dict, List
+
 
 class CVEScanner:
     """
@@ -27,13 +28,13 @@ class CVEScanner:
 
     products_with_cve: int
     products_without_cve: int
-    all_cve_data: DefaultDict[ProductInfo, CVEData]
-    all_cve_version_info: Dict[str, VersionInfo]
+    all_cve_data: defaultdict[ProductInfo, CVEData]
+    all_cve_version_info: dict[str, VersionInfo]
 
     RANGE_UNSET: str = ""
     dbname: str = str(Path(DISK_LOCATION_DEFAULT) / DBNAME)
     CONSOLE: Console = Console(file=sys.stderr, theme=cve_theme)
-    ALPHA_TO_NUM: Dict[str, int] = dict(zip(ascii_lowercase, range(26)))
+    ALPHA_TO_NUM: dict[str, int] = dict(zip(ascii_lowercase, range(26)))
 
     def __init__(
         self,
@@ -44,8 +45,8 @@ def __init__(
         logger: Logger = None,
         error_mode: ErrorMode = ErrorMode.TruncTrace,
         check_exploits: bool = False,
-        exploits_list: List[str] = [],
-        disabled_sources: List[str] = [],
+        exploits_list: list[str] = [],
+        disabled_sources: list[str] = [],
     ):
         self.logger = logger or LOGGER.getChild(self.__class__.__name__)
         self.error_mode = error_mode
@@ -211,10 +212,10 @@ def get_cves(self, product_info: ProductInfo, triage_data: TriageData):
                 )
 
         product_info_data: CVEData | None = self.all_cve_data.get(product_info)
-        prev_cves: List[CVE] = (
+        prev_cves: list[CVE] = (
             product_info_data.get("cves", []) if product_info_data is not None else []  # type: ignore
         )
-        cves: List[CVE] = []
+        cves: list[CVE] = []
 
         # Go through and get all the severities
         if cve_list:
@@ -385,7 +386,7 @@ def filter_triage_data(self):
         Filter out triage data that is not relevant to the CVEs found,
         specifically those marked as NotAffected or FalsePositives.
         """
-        to_delete: List[ProductInfo] = []
+        to_delete: list[ProductInfo] = []
 
         for product_info, cve_data in self.all_cve_data.items():
             original_cves = cve_data["cves"]

cve_bin_tool/util.py

@@ -9,9 +9,12 @@
 import os
 import re
 import sys
+from collections import defaultdict
+from collections.abc import Iterator
 from enum import Enum
 from pathlib import Path
-from typing import DefaultDict, Iterator, List, NamedTuple, Pattern, Set, Union
+from re import Pattern
+from typing import NamedTuple, Union
 
 import requests
 from packageurl import PackageURL
@@ -248,7 +251,7 @@ class VersionInfo(NamedTuple):
     end_excluding: str
 
 
-class CVEData(DefaultDict[str, Union[List[CVE], Set[str]]]):
+class CVEData(defaultdict[str, Union[list[CVE], set[str]]]):
     """
     A Class representing a dictionary of CVEs and paths
     """

dev-requirements.txt

@@ -1,29 +1,22 @@
-bandit; python_version <= "3.8"
-bandit==1.8.3; python_version > "3.8"
 black==24.10.0; python_version > "3.8"
-black; python_version <= "3.8"
-build
-isort; python_version < "3.8"
-isort==6.0.1; python_version >= "3.8"
-pre-commit; python_version <= "3.8"
+isort==5.13.2; python_version >= "3.8"
 pre-commit==4.1.0; python_version > "3.8"
 codespell==v2.4.1
-flake8; python_version < "3.8"
-flake8==7.1.2; python_version >= "3.8"
+flake8==7.1.1; python_version >= "3.8"
+bandit==1.8.0; python_version > "3.8"
 gitlint==v0.19.1
 interrogate
-jsonschema
-mypy==v1.15.0
-playwright
+mypy==v1.14.1
 pytest>=7.2.0
-pytest-asyncio
+pytest-xdist
 pytest-cov
+pytest-asyncio
 pytest-mock
 pytest-playwright
-pytest-xdist
+playwright
 types-beautifulsoup4
 types-jsonschema
 types-PyYAML
 types-requests
 types-setuptools
-types-toml
+types-toml

doc/MANUAL.md

@@ -368,7 +368,7 @@ On Windows, it requires
 - `Expand`
 
 Windows has `ar` and `Expand` installed in default, but `7z` in particular might need to be installed.
-If you wan to run our test-suite or scan a zstd compressed file, We recommend installing this [7-zip-zstd](https://github.com/mcmilk/7-Zip-zstd)
+If you want to run our test-suite or scan a zstd compressed file, We recommend installing this [7-zip-zstd](https://github.com/mcmilk/7-Zip-zstd)
 fork of 7zip. We are currently using `7z` for extracting `jar`, `apk`, `msi`, `exe` and `rpm` files.
 > **Note**: The CVE Binary Tool cannot scan password-protected ZIP files. If you attempt to scan such a file, an error message will be logged regarding the failure in extraction..
 
@@ -536,7 +536,7 @@ This data source provides the CVEs for the CURL product.
 ## Limitations
 
 The last release of this tool to support python 2.7 is 0.3.1. Please use
-python 3.8+ for development and future versions. Linux and Windows are
+python 3.10+ for development and future versions. Linux and Windows are
 supported, as is usage within cygwin on windows.
 
 This tool does not scan for all possible known public vulnerabilities, it only
@@ -1164,7 +1164,7 @@ haxx,curl,7.34.0,CVE-2014-0139,MEDIUM,Unexplored,
     haxx  , curl   , 7.34.0 , CVE-2014-0015, MEDIUM
     "
     style="width:100%;white-space:pre;">
-  <figcaption>formated console output</figcaption>
+  <figcaption>formatted console output</figcaption>
 </figure>
 
 4. `--format html` - creates a report in html format according to the specified HTML theme.
@@ -1196,7 +1196,7 @@ haxx,curl,7.34.0,CVE-2014-0139,MEDIUM,Unexplored,
     libjpeg-turbo, 2.0.1, 2
     ssh-ssh2, 2.0, 1"
     style="width:100%;white-space:pre;">
-  <figcaption>formated HTML report</figcaption>
+  <figcaption>formatted HTML report</figcaption>
 </figure>
 
 The unexplored and new CVEs will be highlighted, it will look something like this:
@@ -1213,7 +1213,7 @@ The unexplored and new CVEs will be highlighted, it will look something like thi
     sun, sunos, 5.4, 127,
     ssh, ssh2, 2.0, 4"
     style="width:100%;white-space:pre;">
-  <figcaption>formated HTML report</figcaption>
+  <figcaption>formatted HTML report</figcaption>
 </figure>
 
 You can also filter scanned products by remark:
@@ -1229,7 +1229,7 @@ You can also filter scanned products by remark:
     mit, kerberos, 1.15.1, 3,
     "
     style="width:100%;white-space:pre;">
-  <figcaption>formated HTML report</figcaption>
+  <figcaption>formatted HTML report</figcaption>
 </figure>
 
 5. `--format pdf` - creates a report in PDF format.

setup.py

@@ -35,7 +35,7 @@
     url="https://github.com/intel/cve-bin-tool",
     license="GPL-3.0-or-later",
     keywords=["security", "tools", "CVE"],
-    python_requires=">=3.8",
+    python_requires=">=3.10",
     classifiers=[
         "Development Status :: 5 - Production/Stable",
         "Intended Audience :: Developers",

test/README.md

@@ -74,14 +74,14 @@ The recommended way to do this yourself is to use python's `virtualenv`
 You can set up virtualenv for all these environments:
 
 ```console
-virtualenv -p python3.8 venv3.8
-virtualenv -p python3.9 venv3.9
+virtualenv -p python3.11 venv3.11
+virtualenv -p python3.12 venv3.12
 ```
 
-To activate one of these (the example uses 3.8), run the tests, and deactivate:
+To activate one of these (the example uses 3.11), run the tests, and deactivate:
 
 ```console
-source venv3.8/bin/activate
+source venv3.11/bin/activate
 pytest
 deactivate