feat(checker): add musl

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>

Author: ffontaine

cve_bin_tool/checkers/__init__.py

@@ -271,6 +271,7 @@
     "msmtp",
     "mtr",
     "mupdf",
+    "musl",
     "mutt",
     "mysql",
     "nano",

cve_bin_tool/checkers/musl.py

@@ -0,0 +1,23 @@
+# Copyright (C) 2025 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+"""
+CVE checker for musl
+
+https://www.cvedetails.com/product/39652/Musl-libc-Musl.html?vendor_id=16859
+
+"""
+from __future__ import annotations
+
+from cve_bin_tool.checkers import Checker
+
+
+class MuslChecker(Checker):
+    CONTAINS_PATTERNS: list[str] = []
+    FILENAME_PATTERNS: list[str] = []
+    VERSION_PATTERNS = [
+        r"([0-9]+\.[0-9]+\.[0-9]+)[ -~\t\r\n]*MUSL_LOCPATH",
+        r"musl libc[ -~\t\r\n]*\r?\n([0-9]+\.[0-9]+\.[0-9]+)",
+    ]
+    VENDOR_PRODUCT = [("musl-libc", "musl")]

test/condensed-downloads/musl-1.1.24-r3.apk.tar.gz

@@ -0,0 +1,31 @@
+# Copyright (C) 2025 Orange
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+mapping_test_data = [
+    {
+        "product": "musl",
+        "version": "1.1.21",
+        "version_strings": ["1.1.21\nMUSL_LOCPATH"],
+    }
+]
+package_test_data = [
+    {
+        "url": "http://rpmfind.net/linux/openmandriva/cooker/repository/aarch64/main/release/",
+        "package_name": "musl-1.2.5-2-omv2590.aarch64.rpm",
+        "product": "musl",
+        "version": "1.2.5",
+    },
+    {
+        "url": "http://ftp.debian.org/debian/pool/main/m/musl/",
+        "package_name": "musl_1.1.21-2_amd64.deb",
+        "product": "musl",
+        "version": "1.1.21",
+    },
+    {
+        "url": "https://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/",
+        "package_name": "musl-1.1.24-r3.apk",
+        "product": "musl",
+        "version": "1.1.24",
+        "other_products": ["gcc"],
+    },
+]