packages/aops-ceres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update func about querying applied hotpatch info

Browse Source 
(cherry picked from commit 61f1cb4ef9811512bc861f74153e9171414183e9)
This commit is contained in:
rabbitali 2023-09-19 20:14:11 +08:00 committed by openeuler-sync-bot
parent fdf2356cf2
commit ea171b6c2c
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
0004-update-func-about-querying-applied-hotpatch-info.patch Normal file
View File

@ -0,0 +1,62 @@
From 3e8e26b0b1b4b18ab45048069fc2f6a89b852802 Mon Sep 17 00:00:00 2001
From: rabbitali <shusheng.wen@outlook.com>
Date: Tue, 19 Sep 2023 20:02:44 +0800
Subject: [PATCH 1/1] update func about querying applied hotpatch info
---
ceres/manages/vulnerability_manage.py | 33 +++++++++++++++------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
index ab10381..1591d74 100644
--- a/ceres/manages/vulnerability_manage.py
+++ b/ceres/manages/vulnerability_manage.py
@@ -806,27 +806,30 @@ class VulnerabilityManage:
"CVE-XXXX-XXX": {"patch 1", "patch 2"}
}
"""
- # Run the dnf command to query the hotpatch list,e.g
- # Last metadata expiration check:
- # CVE id base-pkg/hotpatch status
- # CVE-1 A-1.1-1/ACC-1-1/binary_file1 ACTIVED
- # CVE-2 A-1.1-1/ACC-1-1/binary_file2 ACTIVED
- code, hotpatch_list_output, _ = execute_shell_command(f"dnf hotpatch --list cve")
+ code, stdout, _ = execute_shell_command(f"dnf hot-updateinfo list cves --installed|grep patch")
if code != CommandExitCode.SUCCEED:
LOGGER.error(f"Failed to hotpatch list cve.")
return None
- if not re.search("base-pkg/hotpatch", hotpatch_list_output):
+ all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(\S+|-)\s+(patch\S+)", stdout)
+ if not all_cve_info:
+ LOGGER.error(f"Failed to hotpatch list cve.")
return None
+
+ applied_hotpatch_info = {}
+ hotpatch_dic = {}
+ for cve_id, _, _, hotpatch in all_cve_info:
+ applied_hotpatch_info[cve_id] = hotpatch
+ hotpatch_dic_key = hotpatch.rsplit("-", 2)[0]
+ if hotpatch_dic_key.endswith("ACC"):
+ hotpatch_dic[hotpatch_dic_key] = max(hotpatch, hotpatch_dic.get(hotpatch_dic_key, hotpatch))
+
+ for cve_id, cmd_output_hotpatch in applied_hotpatch_info.items():
+ applied_hotpatch_info[cve_id] = hotpatch_dic.get(cmd_output_hotpatch.rsplit("-", 2)[0], cmd_output_hotpatch)
+
hotpatch_list = defaultdict(set)
- for hotpatch_info in [line for line in hotpatch_list_output.split(os.linesep) if line]:
- if not hotpatch_info.startswith("CVE"):
- continue
- cve_id, base_pkg, status = [info.strip() for info in hotpatch_info.split()]
- if status != "ACTIVED" and status != "ACCEPTED":
- continue
- hotpatch_name = "patch-%s-%s" % tuple(base_pkg.rsplit("/", 2)[:2])
- hotpatch_list[cve_id].add(hotpatch_name)
+ for cve_id, hotpatch in applied_hotpatch_info.items():
+ hotpatch_list[cve_id].add(hotpatch)
return hotpatch_list
--
2.33.0

6
aops-ceres.spec
View File

@ -1,6 +1,6 @@
Name: aops-ceres
Version: v1.3.1
Release: 4
Release: 5
Summary: An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on.
License: MulanPSL2
URL: https://gitee.com/openeuler/%{name}
@ -8,6 +8,7 @@ Source0: %{name}-%{version}.tar.gz
Patch0001: 0001-update-func-named-set-hotpatch-status-by-dnf-plugin.patch
Patch0002: 0002-add-file-sync-func.patch
Patch0003: 0003-update-method-of-querying-fixed-cves-by-dnf-plugin.patch
Patch0004: 0004-update-func-about-querying-applied-hotpatch-info.patch
BuildRequires: python3-setuptools
@ -43,6 +44,9 @@ An agent which needs to be adopted in client, it managers some plugins, such as
%changelog
* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.1-5
- update func about querying applied hotpatch info
* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.1-4
- update method of querying fixed cves by dnf plugin