Skip to content

Commit b141f3d

Browse files
BreadGenieBreadGenie
authored
fix(available-fix): Use affected_release for fixed status (#1445)
* fix(available-fix): Use `affected_release` for fixed status * fix(available-fix): redundant no CVE found message * refactor(available-fix): `get_package_name` -> `parse_package_data` * Fixes #1444
1 parent 97a61bd commit b141f3d

File tree

2 files changed

+75
-17
lines changed

2 files changed

+75
-17
lines changed

cve_bin_tool/available_fix/redhat_cve_tracker.py

Lines changed: 62 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
# SPDX-License-Identifier: GPL-3.0-or-later
33

44
from json import loads
5+
from re import search, split
56
from typing import Dict
67
from urllib import error, request
78

@@ -30,23 +31,41 @@ def cve_info(
3031
try:
3132
if not json_data:
3233
raise KeyError
34+
3335
package_state = json_data["package_state"]
34-
output = f'{cve["product"]}: No known fix for {cve["cve_number"]}.'
36+
affected_releases = json_data["affected_release"]
37+
38+
no_fix = True
39+
40+
for package in affected_releases:
41+
if (
42+
package["product_name"]
43+
== f"Red Hat Enterprise Linux {self.distro_codename}"
44+
):
45+
package_data = self.parse_package_data(package["package"])
46+
LOGGER.info(
47+
f'{cve["product"]}: {cve["cve_number"]} - Status: Fixed - Fixed package: {package_data}'
48+
)
49+
no_fix = False
50+
3551
for package in package_state:
3652
if (
3753
package["product_name"]
3854
== f"Red Hat Enterprise Linux {self.distro_codename}"
3955
):
40-
output = f'{cve["product"]}: {cve["cve_number"]} - Status: {package["fix_state"]}'
41-
if (
42-
package["fix_state"] == "Affected"
43-
and "upstream_fix" in json_data
44-
):
45-
output += (
46-
f' - Fixed releases: {json_data["upstream_fix"]}'
47-
)
48-
break
49-
LOGGER.info(output)
56+
package_data = self.parse_package_data(
57+
package["package_name"]
58+
)
59+
LOGGER.info(
60+
f'{cve["product"]}: {cve["cve_number"]} - Status: {package["fix_state"]} - Related package: {package_data}'
61+
)
62+
no_fix = False
63+
64+
if no_fix:
65+
LOGGER.info(
66+
f'{cve["product"]}: No known fix for {cve["cve_number"]}.'
67+
)
68+
5069
except (KeyError, TypeError):
5170
if cve["cve_number"] != "UNKNOWN":
5271
LOGGER.info(
@@ -58,5 +77,35 @@ def get_data(self, cve_number: str, product: str):
5877
full_query = f"{RH_CVE_API}/{cve_number}.json"
5978
response = request.urlopen(full_query).read().decode("utf-8")
6079
return loads(response)
61-
except error.HTTPError:
62-
LOGGER.info(f"{product}: No known fix for {cve_number}.")
80+
except error.HTTPError as e:
81+
LOGGER.debug(e)
82+
83+
def parse_package_data(self, package_data: str) -> str:
84+
"""
85+
Parses package name and version data from the package data provided by Red Hat.
86+
87+
Sample input:
88+
nodejs:12-8040020210817133458.522a0ee4
89+
edk2-0:20210527gite1999b264f1f-3.el8
90+
dnsmasq-0:2.79-13.el8_3.1
91+
92+
Sample output:
93+
nodejs v12
94+
edk v2
95+
dnsmasq v2.79
96+
97+
"""
98+
parsed_package_data = ""
99+
package_name = split(r"-\d", package_data, 1)[0]
100+
if ":" in package_name:
101+
package_name, package_version = split(":", package_name)
102+
package_version = search(r"\d+", package_version).group(0)
103+
parsed_package_data = f"{package_name} v{package_version}"
104+
else:
105+
parsed_package_data = package_name
106+
match = search(r"\d+\.\d+", package_data)
107+
if match:
108+
package_version = match.group(0)
109+
parsed_package_data += f" v{package_version}"
110+
111+
return parsed_package_data

test/test_available_fix.py

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,19 @@ def test_redhat_available_fix_output(self, caplog: pytest.LogCaptureFixture):
119119
fixes = AvailableFixReport(self.MOCK_NODEJS_CVE_DATA, "rhel-8", False)
120120
fixes.check_available_fix()
121121
expected_output = [
122-
"node.js: CVE-2021-22918 - Status: Affected - Fixed releases: node 16.4.1, node 14.17.2, node 12.22.2, libuv 1.41.1",
123-
"node.js: CVE-2021-22931 - Status: Not affected",
124-
"node.js: CVE-2021-22939 - Status: Affected - Fixed releases: nodejs 12.22.5, nodejs 14.17.5, nodejs 16.6.2",
125-
"node.js: CVE-2021-22940 - Status: Affected - Fixed releases: nodejs 12.22.5, nodejs 14.17.5, nodejs 16.6.2",
122+
"node.js: CVE-2021-22918 - Status: Fixed - Fixed package: nodejs v12",
123+
"node.js: CVE-2021-22918 - Status: Fixed - Fixed package: nodejs v14",
124+
"node.js: CVE-2021-22918 - Status: Fixed - Fixed package: libuv v1.41",
125+
"node.js: CVE-2021-22918 - Status: Not affected - Related package: nodejs v16",
126+
"node.js: CVE-2021-22931 - Status: Fixed - Fixed package: nodejs v12",
127+
"node.js: CVE-2021-22931 - Status: Fixed - Fixed package: nodejs v14",
128+
"node.js: CVE-2021-22931 - Status: Not affected - Related package: nodejs v16",
129+
"node.js: CVE-2021-22939 - Status: Fixed - Fixed package: nodejs v12",
130+
"node.js: CVE-2021-22939 - Status: Fixed - Fixed package: nodejs v14",
131+
"node.js: CVE-2021-22939 - Status: Not affected - Related package: nodejs v16",
132+
"node.js: CVE-2021-22940 - Status: Fixed - Fixed package: nodejs v12",
133+
"node.js: CVE-2021-22940 - Status: Fixed - Fixed package: nodejs v14",
134+
"node.js: CVE-2021-22940 - Status: Not affected - Related package: nodejs v16",
126135
]
127136

128137
assert expected_output == [rec.message for rec in caplog.records]

0 commit comments

Comments
 (0)