From 83752eec95b4aff92786d09b6291700ed0c405a1 Mon Sep 17 00:00:00 2001 From: rabbitali Date: Tue, 29 Aug 2023 21:35:08 +0800 Subject: [PATCH] the problem of repeated display of vulnerabilities fixed by hot patches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ceres/manages/vulnerability_manage.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py index 3f85d3d..747df61 100644 --- a/ceres/manages/vulnerability_manage.py +++ b/ceres/manages/vulnerability_manage.py @@ -435,6 +435,7 @@ class VulnerabilityManage: if not applied_hotpatch_info_list: return result + record_key_set = {} for cve_id, patch_name, hotpatch_status in applied_hotpatch_info_list: rpm = patch_name.split("-", 1)[0] # Refer to this example, the CVE can be marked as fixed only if all hotpatch are applied. @@ -442,7 +443,12 @@ class VulnerabilityManage: # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED # CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED - if f"{cve_id}-{rpm}" not in self.available_hotpatch_key_set and hotpatch_status in ("ACTIVED", "ACCEPTED"): + record_key = f"{cve_id}-{rpm}" + if ( + (record_key not in self.available_hotpatch_key_set) + and (hotpatch_status in ("ACTIVED", "ACCEPTED")) + and record_key not in record_key_set + ): result.append( { "cve_id": cve_id, @@ -451,6 +457,7 @@ class VulnerabilityManage: "hp_status": hotpatch_status, } ) + record_key_set.add(record_key) return result def cve_fix(self, unfixed_cve_info: dict) -> Tuple[str, dict]: -- 2.33.0