fix false negatives for zlib strings

[vee1e]

Fixes #768

Key changes:

• The database storing relevant zlib strings did not catch several that were in the sample. I ran a simple script to update it with the relevant entries.

• Script used to apply the change:

import gzip
import json

entries = []
with gzip.open('flare-floss/floss/qs/db/data/oss/zlib.jsonl.gz', 'rt') as f:
    for line in f:
        if line.strip():
            entries.append(json.loads(line))

missing_strings = [
    'incorrect length check',
    'incorrect data check',
    'invalid distances set',
    'invalid literal/lengths set',
    'invalid bit length repeat',
    'too many length or distance symbols',
    'invalid code lengths set',
    'invalid stored block lengths',
    'header crc mismatch',
    'unknown header flags set',
    'incorrect header check',
    'invalid window size',
    'unknown compression method',
    'incompatible version',
    'buffer error',
    'insufficient memory',
    'data error',
    'stream error',
    'file error',
    'stream end',
]

for s in missing_strings:
    entries.append({
        'string': s,
        'library_name': 'zlib',
        'library_version': '1.2.13',
        'file_path': 'CMakeFiles/zlib.dir/zutil.obj',
        'function_name': 'zError',
        'line_number': None
    })

with gzip.open('flare-floss/floss/qs/db/data/oss/zlib.jsonl.gz', 'wt') as f:
    for entry in entries:
        f.write(json.dumps(entry) + '\n')
print(f'Added {len(missing_strings)} missing strings')
print(f'Total entries: {len(entries)}')

@williballenthin these were examples taken from the specific sample only. There are a few other zlib oracle strings that can be found in source files like gzwrite.c like stalled write on gzprintf. If we could create a test executable, or even better find an actual sample using these it would ensure completeness.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[mr-tz]

Hi, great, thanks. An approach to make this reproducible for new versions or other binaries would indeed be helpful and support the larger database efforts.

[vee1e]

Sure then, would you like to merge the PR or have the work for this be done here only?

[williballenthin]

i think we should merge here, but lets spawn a discussion in another issue about how we can do this repeatably and consistently.

[vee1e]

Sure!