packages/aops-ceres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aops-ceres/0002-modify-re-of-kernel-filter.patch
rabbitali 1d1fe77261 update version to v1.3.4
2023-11-21 14:58:04 +08:00

82 lines
4.2 KiB
Diff
Raw Blame History

From 831aca01a20fcd67b1d6ff604a0334aaa419efd5 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Sat, 11 Nov 2023 17:47:25 +0800
Subject: Modify the regular expression of kernel filter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
ceres/manages/vulnerability_manage.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
index c41a7fa..39f475d 100644
--- a/ceres/manages/vulnerability_manage.py
+++ b/ceres/manages/vulnerability_manage.py
@@ -166,7 +166,7 @@ class VulnerabilityManage:
return rpm_info
for line in stdout.splitlines():
- rpm_name, new_rpm_info = line.split(":",1)
+ rpm_name, new_rpm_info = line.split(":", 1)
old_rpm_info = rpm_info.get(rpm_name, "")
rpm_info[rpm_name] = new_rpm_info if new_rpm_info > old_rpm_info else old_rpm_info
LOGGER.debug("query installed rpm package info succeed!")
@@ -200,7 +200,7 @@ class VulnerabilityManage:
# ("kernel", "x86_64.", "5.10.0-60.105.0.132.oe2203"),
# ("kernel-debuginfo", "x86_64", "5.10.0-60.105.0.132.oe2203")
# ]
- rpm_info = re.findall("^(kernel\S*)\.([a-z468_]+)\s+(\S+)", stdout, re.MULTILINE)
+ rpm_info = re.findall("^(kernel)\.([a-z468_]+)\s+(\S+)", stdout, re.MULTILINE)
if not rpm_info:
return result
@@ -243,7 +243,7 @@ class VulnerabilityManage:
# ("CVE-2021-43976", "Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64"),
# ("CVE-2021-0941", "Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64")
# ]
- all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+)", stdout)
+ all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+)", stdout)
if not all_cve_info:
return unfixed_cves
@@ -306,7 +306,7 @@ class VulnerabilityManage:
# ("CVE-2023-1513", "Important/Sec.", "kernel-4.19.90-2304.1.0.0196.oe1.x86_64", "patch-kernel-4.19.90-2112.."),
# ("CVE-2021-xxxx", "Important/Sec.", "-", "patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64")
# ]
- all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+|-)\s+(patch-kernel\S+|-)", stdout)
+ all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+|-)\s+(patch-kernel-\d\S+|-)", stdout)
if not all_cve_info:
return cve_info_list
@@ -368,7 +368,7 @@ class VulnerabilityManage:
# ("CVE-2021-43976","Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64"),
# ("CVE-2021-0941","Important/Sec.", "kernel-4.19.90-2201.1.0.0132.oe1.x86_64")
# ]
- fixed_cves_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+)", stdout)
+ fixed_cves_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+)", stdout)
if not fixed_cves_info:
return fixed_cves
@@ -407,7 +407,7 @@ class VulnerabilityManage:
# ("CVE-2021-xxxx", "Important/Sec.", "-", "patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64")
# ]
hotpatch_status = self._query_applied_hotpatch_status()
- all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel\S+|-)\s+(patch-kernel\S+|-)", stdout)
+ all_cve_info = re.findall(r"(CVE-\d{4}-\d+)\s+([\w+/.]+)\s+(kernel-\d\S+|-)\s+(patch-kernel-\d\S+|-)", stdout)
cve_info_fixed_by_coldpatch, cve_info_fixed_by_hotpatch, hotpatch_dic = [], [], defaultdict(str)
for cve_id, _, coldpatch, hotpatch in all_cve_info:
@@ -472,7 +472,7 @@ class VulnerabilityManage:
# ("CVE-2023-1112", "redis-6.2.5-1/SGL_CVE_2023_1111_CVE_2023_1112-1-1/redis-server", "NOT-APPLIED"),
# ("CVE-2023-1111", "redis-6.2.5-1/ACC-1-1/redis-benchmark", "ACTIVED")
# ]
- applied_hotpatch_info_list = re.findall(r"(CVE-\d{4}-\d+)\s+(kernel[\w\-/.]+)\s+([A-W]+)", stdout)
+ applied_hotpatch_info_list = re.findall(r"(CVE-\d{4}-\d+)\s+(kernel-\d[\w\-/.]+)\s+([A-W]+)", stdout)
if not applied_hotpatch_info_list:
return result
--
Gitee
Reference in New Issue View Git Blame Copy Permalink