From 831aca01a20fcd67b1d6ff604a0334aaa419efd5 Mon Sep 17 00:00:00 2001 From: gongzt Date: Sat, 11 Nov 2023 17:47:25 +0800 Subject: Modify the regular expression of kernel filter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ceres/manages/vulnerability_manage.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py index c41a7fa..39f475d 100644 --- a/ceres/manages/vulnerability_manage.py +++ b/ceres/manages/vulnerability_manage.py @@ -166,7 +166,7 @@ class VulnerabilityManage: return rpm_info for line in stdout.splitlines(): - rpm_name, new_rpm_info = line.split(":",1) + rpm_name, new_rpm_info = line.split(":", 1) old_rpm_info = rpm_info.get(rpm_name, "") rpm_info[rpm_name] = new_rpm_info if new_rpm_info > old_rpm_info else old_rpm_info LOGGER.debug("query installed rpm package info succeed!") @@ -200,7 +200,7 @@ class VulnerabilityManage: # ("kernel", "x86_64.", "5.10.0-60.105.0.132.oe2203"), # ("kernel-debuginfo", "x86_64", "5.10.0-60.105.0.132.oe2203") # ] - rpm_info = re.findall("^(kernel\S*)\.([a-z468_]+)\s+(\S+)", stdout, re.MULTILINE) + rpm_info = re.findall("^(kernel)\.([a-z468_]+)\s+(\S+)", stdout, re.MULTILINE) if not rpm_info: return result @@ -243,7 +243,7 @@ class VulnerabilityManage: # ("CVE-2021-43976", "Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64"), # ("CVE-2021-0941", "Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64") # ] - all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+)", stdout) + all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+)", stdout) if not all_cve_info: return unfixed_cves @@ -306,7 +306,7 @@ class VulnerabilityManage: # ("CVE-2023-1513", "Important/Sec.", "kernel-4.19.90-2304.1.0.0196.oe1.x86_64", "patch-kernel-4.19.90-2112.."), # ("CVE-2021-xxxx", "Important/Sec.", "-", "patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64") # ] - all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+|-)\s+(patch-kernel\S+|-)", stdout) + all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+|-)\s+(patch-kernel-\d\S+|-)", stdout) if not all_cve_info: return cve_info_list @@ -368,7 +368,7 @@ class VulnerabilityManage: # ("CVE-2021-43976","Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64"), # ("CVE-2021-0941","Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64") # ] - fixed_cves_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+)", stdout) + fixed_cves_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+)", stdout) if not fixed_cves_info: return fixed_cves @@ -407,7 +407,7 @@ class VulnerabilityManage: # ("CVE-2021-xxxx", "Important/Sec.", "-", "patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64") # ] hotpatch_status = self._query_applied_hotpatch_status() - all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+|-)\s+(patch-kernel\S+|-)", stdout) + all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+|-)\s+(patch-kernel-\d\S+|-)", stdout) cve_info_fixed_by_coldpatch, cve_info_fixed_by_hotpatch, hotpatch_dic = [], [], defaultdict(str) for cve_id, _, coldpatch, hotpatch in all_cve_info: @@ -472,7 +472,7 @@ class VulnerabilityManage: # ("CVE-2023-1112", "redis-6.2.5-1/SGL_CVE_2023_1111_CVE_2023_1112-1-1/redis-server", "NOT-APPLIED"), # ("CVE-2023-1111", "redis-6.2.5-1/ACC-1-1/redis-benchmark", "ACTIVED") # ] - applied_hotpatch_info_list = re.findall(r"(CVE-\d{4}-\d+)\s+(kernel[\w\-/.]+)\s+([A-W]+)", stdout) + applied_hotpatch_info_list = re.findall(r"(CVE-\d{4}-\d+)\s+(kernel-\d[\w\-/.]+)\s+([A-W]+)", stdout) if not applied_hotpatch_info_list: return result -- Gitee