50 lines
2.1 KiB
Diff
50 lines
2.1 KiB
Diff
From 83752eec95b4aff92786d09b6291700ed0c405a1 Mon Sep 17 00:00:00 2001
|
|
From: rabbitali <shusheng.wen@outlook.com>
|
|
Date: Tue, 29 Aug 2023 21:35:08 +0800
|
|
Subject: [PATCH] the problem of repeated display of vulnerabilities fixed by hot patches
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
---
|
|
ceres/manages/vulnerability_manage.py | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/ceres/manages/vulnerability_manage.py b/ceres/manages/vulnerability_manage.py
|
|
index 3f85d3d..747df61 100644
|
|
--- a/ceres/manages/vulnerability_manage.py
|
|
+++ b/ceres/manages/vulnerability_manage.py
|
|
@@ -435,6 +435,7 @@ class VulnerabilityManage:
|
|
if not applied_hotpatch_info_list:
|
|
return result
|
|
|
|
+ record_key_set = {}
|
|
for cve_id, patch_name, hotpatch_status in applied_hotpatch_info_list:
|
|
rpm = patch_name.split("-", 1)[0]
|
|
# Refer to this example, the CVE can be marked as fixed only if all hotpatch are applied.
|
|
@@ -442,7 +443,12 @@ class VulnerabilityManage:
|
|
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED
|
|
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED
|
|
# CVE-2023-1111 redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED
|
|
- if f"{cve_id}-{rpm}" not in self.available_hotpatch_key_set and hotpatch_status in ("ACTIVED", "ACCEPTED"):
|
|
+ record_key = f"{cve_id}-{rpm}"
|
|
+ if (
|
|
+ (record_key not in self.available_hotpatch_key_set)
|
|
+ and (hotpatch_status in ("ACTIVED", "ACCEPTED"))
|
|
+ and record_key not in record_key_set
|
|
+ ):
|
|
result.append(
|
|
{
|
|
"cve_id": cve_id,
|
|
@@ -451,6 +457,7 @@ class VulnerabilityManage:
|
|
"hp_status": hotpatch_status,
|
|
}
|
|
)
|
|
+ record_key_set.add(record_key)
|
|
return result
|
|
|
|
def cve_fix(self, unfixed_cve_info: dict) -> Tuple[str, dict]:
|
|
--
|
|
2.33.0
|
|
|