From ea171b6c2c01fb413cf1048642d79efd66919f8d Mon Sep 17 00:00:00 2001
From: rabbitali <shusheng.wen@outlook.com>
Date: Tue, 19 Sep 2023 20:14:11 +0800
Subject: [PATCH] update func about  querying applied hotpatch info

(cherry picked from commit 61f1cb4ef9811512bc861f74153e9171414183e9)
---
 ...about-querying-applied-hotpatch-info.patch | 62 +++++++++++++++++++
 aops-ceres.spec                               |  6 +-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 0004-update-func-about-querying-applied-hotpatch-info.patch

diff --git a/0004-update-func-about-querying-applied-hotpatch-info.patch b/0004-update-func-about-querying-applied-hotpatch-info.patch
new file mode 100644
index 0000000..9567cc2
--- /dev/null
+++ b/0004-update-func-about-querying-applied-hotpatch-info.patch
@@ -0,0 +1,62 @@
+From 3e8e26b0b1b4b18ab45048069fc2f6a89b852802 Mon Sep 17 00:00:00 2001
+From: rabbitali <shusheng.wen@outlook.com>
+Date: Tue, 19 Sep 2023 20:02:44 +0800
+Subject: [PATCH 1/1] update func about  querying applied hotpatch info
+
+---
+ ceres/manages/vulnerability_manage.py | 33 +++++++++++++++------------
+ 1 file changed, 18 insertions(+), 15 deletions(-)
+
+diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
+index ab10381..1591d74 100644
+--- a/ceres/manages/vulnerability_manage.py
++++ b/ceres/manages/vulnerability_manage.py
+@@ -806,27 +806,30 @@ class VulnerabilityManage:
+                     "CVE-XXXX-XXX": {"patch 1", "patch 2"}
+                 }
+         """
+-        # Run the dnf command to query the hotpatch list,e.g
+-        # Last metadata expiration check:
+-        # CVE id        base-pkg/hotpatch               status
+-        # CVE-1         A-1.1-1/ACC-1-1/binary_file1    ACTIVED
+-        # CVE-2         A-1.1-1/ACC-1-1/binary_file2    ACTIVED
+-        code, hotpatch_list_output, _ = execute_shell_command(f"dnf hotpatch --list cve")
++        code, stdout, _ = execute_shell_command(f"dnf hot-updateinfo list cves --installed|grep patch")
+         if code != CommandExitCode.SUCCEED:
+             LOGGER.error(f"Failed to hotpatch list cve.")
+             return None
+ 
+-        if not re.search("base-pkg/hotpatch", hotpatch_list_output):
++        all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(\S+|-)\s+(patch\S+)", stdout)
++        if not all_cve_info:
++            LOGGER.error(f"Failed to hotpatch list cve.")
+             return None
++
++        applied_hotpatch_info = {}
++        hotpatch_dic = {}
++        for cve_id, _, _, hotpatch in all_cve_info:
++            applied_hotpatch_info[cve_id] = hotpatch
++            hotpatch_dic_key = hotpatch.rsplit("-", 2)[0]
++            if hotpatch_dic_key.endswith("ACC"):
++                hotpatch_dic[hotpatch_dic_key] = max(hotpatch, hotpatch_dic.get(hotpatch_dic_key, hotpatch))
++
++        for cve_id, cmd_output_hotpatch in applied_hotpatch_info.items():
++            applied_hotpatch_info[cve_id] = hotpatch_dic.get(cmd_output_hotpatch.rsplit("-", 2)[0], cmd_output_hotpatch)
++
+         hotpatch_list = defaultdict(set)
+-        for hotpatch_info in [line for line in hotpatch_list_output.split(os.linesep) if line]:
+-            if not hotpatch_info.startswith("CVE"):
+-                continue
+-            cve_id, base_pkg, status = [info.strip() for info in hotpatch_info.split()]
+-            if status != "ACTIVED" and status != "ACCEPTED":
+-                continue
+-            hotpatch_name = "patch-%s-%s" % tuple(base_pkg.rsplit("/", 2)[:2])
+-            hotpatch_list[cve_id].add(hotpatch_name)
++        for cve_id, hotpatch in applied_hotpatch_info.items():
++            hotpatch_list[cve_id].add(hotpatch)
+ 
+         return hotpatch_list
+ 
+-- 
+2.33.0
+
diff --git a/aops-ceres.spec b/aops-ceres.spec
index 7995e15..6551fac 100644
--- a/aops-ceres.spec
+++ b/aops-ceres.spec
@@ -1,6 +1,6 @@
 Name:		aops-ceres
 Version:	v1.3.1
-Release:	4
+Release:	5
 Summary:	An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
@@ -8,6 +8,7 @@ Source0:	%{name}-%{version}.tar.gz
 Patch0001:	0001-update-func-named-set-hotpatch-status-by-dnf-plugin.patch
 Patch0002:	0002-add-file-sync-func.patch
 Patch0003:	0003-update-method-of-querying-fixed-cves-by-dnf-plugin.patch
+Patch0004:	0004-update-func-about-querying-applied-hotpatch-info.patch
 
 
 BuildRequires:  python3-setuptools
@@ -43,6 +44,9 @@ An agent which needs to be adopted in client, it managers some plugins, such as
 
 
 %changelog
+* Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.1-5
+- update func about querying applied hotpatch info
+
 * Tue Sep 19 2023 wenxin<shusheng.wen@outlook.com> - v1.3.1-4
 - update method of querying fixed cves by dnf plugin