修复热补丁修复的CVE重复展示的问题

(cherry picked from commit a1de54e4dd3e82ab747d62148453ccd65cf2f867)
2023-08-29 21:51:21 +08:00 · 2023-08-29 21:51:21 +08:00 · 5d4abb1679
commit 5d4abb1679
parent 4fead932bb
2 changed files with 55 additions and 3 deletions
--- a/0001-fix-bug-repeated-display-of-vulnerabilities.patch
+++ b/0001-fix-bug-repeated-display-of-vulnerabilities.patch
@ -0,0 +1,49 @@
+From 83752eec95b4aff92786d09b6291700ed0c405a1 Mon Sep 17 00:00:00 2001
+From: rabbitali <shusheng.wen@outlook.com>
+Date: Tue, 29 Aug 2023 21:35:08 +0800
+Subject: [PATCH] the problem of repeated display of vulnerabilities fixed by hot patches
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ ceres/manages/vulnerability_manage.py | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
+index 3f85d3d..747df61 100644
+--- a/ceres/manages/vulnerability_manage.py
+++ b/ceres/manages/vulnerability_manage.py
+@@ -435,6 +435,7 @@ class VulnerabilityManage:
+         if not applied_hotpatch_info_list:
+             return result
+ 
+        record_key_set = {}
+         for cve_id, patch_name, hotpatch_status in applied_hotpatch_info_list:
+             rpm = patch_name.split("-", 1)[0]
+             # Refer to this example, the CVE can be marked as fixed only if all hotpatch are applied.
+@@ -442,7 +443,12 @@ class VulnerabilityManage:
+             # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-benchmark                             ACTIVED
+             # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-cli                                   ACTIVED
+             # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-server                                NOT-APPLIED
+-            if f"{cve_id}-{rpm}" not in self.available_hotpatch_key_set and hotpatch_status in ("ACTIVED", "ACCEPTED"):
+            record_key = f"{cve_id}-{rpm}"
+            if (
+                (record_key not in self.available_hotpatch_key_set)
+                and (hotpatch_status in ("ACTIVED", "ACCEPTED"))
+                and record_key not in record_key_set
+            ):
+                 result.append(
+                     {
+                         "cve_id": cve_id,
+@@ -451,6 +457,7 @@ class VulnerabilityManage:
+                         "hp_status": hotpatch_status,
+                     }
+                 )
+                record_key_set.add(record_key)
+         return result
+ 
+     def cve_fix(self, unfixed_cve_info: dict) -> Tuple[str, dict]:
+-- 
+2.33.0
+
--- a/aops-ceres.spec
+++ b/aops-ceres.spec
@ -1,11 +1,11 @@
 Name:		aops-ceres
 Version:	v1.3.0
-Release:	1
+Release:	2
 Summary:	An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
-
+Patch0001:	0001-fix-bug-repeated-display-of-vulnerabilities.patch

 BuildRequires:  python3-setuptools
 Requires:   python3-requests  python3-jsonschema python3-libconf
@ -19,7 +19,7 @@ An agent which needs to be adopted in client, it managers some plugins, such as


 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -n %{name}-%{version} -p1


 # build for aops-ceres
@ -40,6 +40,9 @@ An agent which needs to be adopted in client, it managers some plugins, such as


 %changelog
+* Tue Aug 29 2023 wenxin<shusheng.wen@outlook.com> - v1.3.0-2
+- fix bug: repeated display of vulnerabilities fixed by hotpatch
+
 * Tue Aug 29 2023 wenxin<shusheng.wen@outlook.com> - v1.3.0-1
 - update vulnerability scanning method and vulnerability fix method