可列出已被修复、安装的cve，及原受其影响的软件包

Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-10-15 15:32:44 +08:00 · 2024-10-15 15:32:44 +08:00 · 79b8a38503
commit 79b8a38503
parent ae2953eeb5
1 changed files with 38 additions and 4 deletions
--- a/src/analyzer/mod.rs
+++ b/src/analyzer/mod.rs
@ -184,6 +184,7 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {

    let reporter = _reporter()?;
    let avaliable = reporter.get_avaliable();
+    let fixed = reporter.get_fixed();
    let severity = Severity::from_str(&cli.severity)?;
    let mut _cves = HashSet::new();
    cli.sources.iter().for_each(|id| {
@ -192,7 +193,32 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {

    let mut cves = HashSet::new();
    let mut effected_rpms: HashMap<String, Vec<String>> = HashMap::new();
-    let mut msg = String::from("有可用的安全更新...");
+    let mut fixed_rpms: HashMap<String, Vec<String>> = HashMap::new();
+    let mut msg = String::new();
+
+    // 已修复的 CVE
+    // 列出修复的软件包
+    for (cusa, rpms) in fixed {
+        // 过滤
+        if cusa.severity() < &severity {
+            continue;
+        }
+
+        cusa.cves().iter().for_each(|cve| {
+            if let Some(_) = _cves.get(&cve.id) {
+                let _ = cves.insert(cve.clone());
+                if let Some(fixed) = fixed_rpms.get_mut(&cve.id) {
+                    for rpm in rpms {
+                        fixed.push(rpm.name().into());
+                    }
+                } else {
+                    let fixed: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect();
+                    fixed_rpms.insert(cve.id.clone(), fixed);
+                }
+                //_cves.remove(&cve.id);
+            }
+        });
+    }

    // 仅针对可用更新
    for (cusa, rpms) in avaliable {
@ -209,8 +235,8 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {
                        effected.push(rpm.name().into());
                    }
                } else {
-                    let pkgs: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect();
-                    effected_rpms.insert(cve.id.clone(), pkgs);
+                    let effected: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect();
+                    effected_rpms.insert(cve.id.clone(), effected);
                }
                //_cves.remove(&cve.id);
            }
@ -219,10 +245,18 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {

    for cve in &cves {
        if cli.info {
-            msg = format!("{msg}\n\n{cve:#?}\n受影响的软件包： {:?}\n", effected_rpms.get(&cve.id).unwrap());
+            msg = format!("{msg}\n\n{cve:#?}\n");
+            if let Some(_fixed) = fixed_rpms.get(&cve.id) {
+                msg = format!("{msg}已修复的软件： {:?}\n", _fixed);
+            }
+            if let Some(_effected) = effected_rpms.get(&cve.id) {
+                msg = format!("{msg}可用的更新： {:?}\n", _effected);
+            }
        } else {
            msg = format!("{msg}\n{}", cve.id);
        }
+        // 重置此 cve
+        _cves.remove(&cve.id);
    }

    if !_cves.is_empty() {