From 4225065c74beb5e66c4d66a4bd3dfca5bcac91bd Mon Sep 17 00:00:00 2001
From: wang-guangge <wangguangge@huawei.com>
Date: Wed, 28 Jun 2023 16:53:10 +0800
Subject: [PATCH] do not return the related hotpatches when the cve is fixed

---
 hotpatch/hotpatch_updateinfo.py | 15 ++++++++++++---
 hotpatch/hotupgrade.py          |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hotpatch/hotpatch_updateinfo.py b/hotpatch/hotpatch_updateinfo.py
index 4b39969..7dc92ce 100644
--- a/hotpatch/hotpatch_updateinfo.py
+++ b/hotpatch/hotpatch_updateinfo.py
@@ -291,7 +291,7 @@ class HotpatchUpdateInfo(object):
         Get hotpatches from specified cve. If there are several hotpatches for the same source package for a cve, only return the
         hotpatch with the highest version.
 
-        Args: 
+        Args:
             cves: [cve_id_1, cve_id_2]
 
         Returns:
@@ -307,14 +307,23 @@ class HotpatchUpdateInfo(object):
                 continue
             # find the hotpatch with the highest version for the same source package
             mapping_src_pkg_to_hotpatches = dict()
+            # check whether the cve is fixed
+            is_cve_fixed = False
             for hotpatch in self.hotpatch_cves[cve_id].hotpatches:
+                if hotpatch.state == self.INSTALLED:
+                    is_cve_fixed = True
                 if hotpatch.state == self.INSTALLABLE:
-                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append([hotpatch.hotpatch_name, hotpatch])
+                    mapping_src_pkg_to_hotpatches.setdefault(hotpatch.src_pkg, []).append(
+                        [hotpatch.hotpatch_name, hotpatch]
+                    )
+            # do not return the releated hotpatches if the cve is fixed
+            if is_cve_fixed:
+                continue
             for src_pkg, hotpatches in mapping_src_pkg_to_hotpatches.items():
                 # extract the number in HPxxx and sort hotpatches in descending order according to the number
                 hotpatches = sorted(hotpatches, key=lambda x: int(re.findall("\d+", x[0])[0]), reverse=True)
                 mapping_cve_hotpatches[cve_id].append(hotpatches[0][1].nevra)
-                
+
         return mapping_cve_hotpatches
 
     def get_hotpatches_from_advisories(self, advisories: list[str]) -> dict():
diff --git a/hotpatch/hotupgrade.py b/hotpatch/hotupgrade.py
index 2a36312..3bff9a1 100644
--- a/hotpatch/hotupgrade.py
+++ b/hotpatch/hotupgrade.py
@@ -251,7 +251,7 @@ class HotupgradeCommand(dnf.cli.Command):
         cve_hp_dict = updateinfo.get_hotpatches_from_cve(cves)
         for cve, hp in cve_hp_dict.items():
             if not hp:
-                logger.info(_("The cve's hot patch doesn't exist: %s"), cve)
+                logger.info(_("The cve doesn't exist or cannot be fixed by hotpatch: %s"), cve)
                 continue
             hp_list += hp
         return list(set(hp_list))
-- 
2.33.0