From 5d4abb1679c00344ef155b30e57213cc94ee2cbb Mon Sep 17 00:00:00 2001 From: rabbitali Date: Tue, 29 Aug 2023 21:51:21 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=83=AD=E8=A1=A5=E4=B8=81?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=9A=84CVE=E9=87=8D=E5=A4=8D=E5=B1=95?= =?UTF-8?q?=E7=A4=BA=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit a1de54e4dd3e82ab747d62148453ccd65cf2f867) --- ...-repeated-display-of-vulnerabilities.patch | 49 +++++++++++++++++++ aops-ceres.spec | 9 ++-- 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 0001-fix-bug-repeated-display-of-vulnerabilities.patch diff --git a/0001-fix-bug-repeated-display-of-vulnerabilities.patch b/0001-fix-bug-repeated-display-of-vulnerabilities.patch new file mode 100644 index 0000000..6cf2916 --- /dev/null +++ b/0001-fix-bug-repeated-display-of-vulnerabilities.patch @@ -0,0 +1,49 @@ +From 83752eec95b4aff92786d09b6291700ed0c405a1 Mon Sep 17 00:00:00 2001 +From: rabbitali +Date: Tue, 29 Aug 2023 21:35:08 +0800 +Subject: [PATCH] the problem of repeated display of vulnerabilities fixed by hot patches +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + ceres/manages/vulnerability_manage.py | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py +index 3f85d3d..747df61 100644 +--- a/ceres/manages/vulnerability_manage.py ++++ b/ceres/manages/vulnerability_manage.py +@@ -435,6 +435,7 @@ class VulnerabilityManage: + if not applied_hotpatch_info_list: + return result + ++ record_key_set = {} + for cve_id, patch_name, hotpatch_status in applied_hotpatch_info_list: + rpm = patch_name.split("-", 1)[0] + # Refer to this example, the CVE can be marked as fixed only if all hotpatch are applied. +@@ -442,7 +443,12 @@ class VulnerabilityManage: + # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED + # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED + # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED +- if f"{cve_id}-{rpm}" not in self.available_hotpatch_key_set and hotpatch_status in ("ACTIVED", "ACCEPTED"): ++ record_key = f"{cve_id}-{rpm}" ++ if ( ++ (record_key not in self.available_hotpatch_key_set) ++ and (hotpatch_status in ("ACTIVED", "ACCEPTED")) ++ and record_key not in record_key_set ++ ): + result.append( + { + "cve_id": cve_id, +@@ -451,6 +457,7 @@ class VulnerabilityManage: + "hp_status": hotpatch_status, + } + ) ++ record_key_set.add(record_key) + return result + + def cve_fix(self, unfixed_cve_info: dict) -> Tuple[str, dict]: +-- +2.33.0 + diff --git a/aops-ceres.spec b/aops-ceres.spec index a9fbcfb..4dc4fa4 100644 --- a/aops-ceres.spec +++ b/aops-ceres.spec @@ -1,11 +1,11 @@ Name: aops-ceres Version: v1.3.0 -Release: 1 +Release: 2 Summary: An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz - +Patch0001: 0001-fix-bug-repeated-display-of-vulnerabilities.patch BuildRequires: python3-setuptools Requires: python3-requests python3-jsonschema python3-libconf @@ -19,7 +19,7 @@ An agent which needs to be adopted in client, it managers some plugins, such as %prep -%autosetup -n %{name}-%{version} +%autosetup -n %{name}-%{version} -p1 # build for aops-ceres @@ -40,6 +40,9 @@ An agent which needs to be adopted in client, it managers some plugins, such as %changelog +* Tue Aug 29 2023 wenxin - v1.3.0-2 +- fix bug: repeated display of vulnerabilities fixed by hotpatch + * Tue Aug 29 2023 wenxin - v1.3.0-1 - update vulnerability scanning method and vulnerability fix method