jiachao2130/cuvat-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

可列出已被修复、安装的cve,及原受其影响的软件包

Browse Source 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
This commit is contained in:
Jia Chao 2024-10-15 15:32:44 +08:00
parent ae2953eeb5
commit 79b8a38503
1 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/analyzer/mod.rs
View File

@ -184,6 +184,7 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {
let reporter = _reporter()?; let reporter = _reporter()?;
let avaliable = reporter.get_avaliable(); let avaliable = reporter.get_avaliable();
let fixed = reporter.get_fixed();
let severity = Severity::from_str(&cli.severity)?; let severity = Severity::from_str(&cli.severity)?;
let mut _cves = HashSet::new(); let mut _cves = HashSet::new();
cli.sources.iter().for_each(|id| { cli.sources.iter().for_each(|id| {
@ -192,7 +193,32 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {
let mut cves = HashSet::new(); let mut cves = HashSet::new();
let mut effected_rpms: HashMap<String, Vec<String>> = HashMap::new(); let mut effected_rpms: HashMap<String, Vec<String>> = HashMap::new();
let mut msg = String::from("有可用的安全更新..."); let mut fixed_rpms: HashMap<String, Vec<String>> = HashMap::new();
let mut msg = String::new();
// 已修复的 CVE
// 列出修复的软件包
for (cusa, rpms) in fixed {
// 过滤
if cusa.severity() < &severity {
continue;
}
cusa.cves().iter().for_each(|cve| {
if let Some(_) = _cves.get(&cve.id) {
let _ = cves.insert(cve.clone());
if let Some(fixed) = fixed_rpms.get_mut(&cve.id) {
for rpm in rpms {
fixed.push(rpm.name().into());
}
} else {
let fixed: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect();
fixed_rpms.insert(cve.id.clone(), fixed);
}
//_cves.remove(&cve.id);
}
});
}
// 仅针对可用更新 // 仅针对可用更新
for (cusa, rpms) in avaliable { for (cusa, rpms) in avaliable {
@ -209,8 +235,8 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {
effected.push(rpm.name().into()); effected.push(rpm.name().into());
} }
} else { } else {
let pkgs: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect(); let effected: Vec<String> = rpms.into_iter().map(|rpm| rpm.name().into()).collect();
effected_rpms.insert(cve.id.clone(), pkgs); effected_rpms.insert(cve.id.clone(), effected);
} }
//_cves.remove(&cve.id); //_cves.remove(&cve.id);
} }
@ -219,10 +245,18 @@ fn list_cves(cli: &Cli) -> crate::Result<()> {
for cve in &cves { for cve in &cves {
if cli.info { if cli.info {
msg = format!("{msg}\n\n{cve:#?}\n受影响的软件包: {:?}\n", effected_rpms.get(&cve.id).unwrap()); msg = format!("{msg}\n\n{cve:#?}\n");
if let Some(_fixed) = fixed_rpms.get(&cve.id) {
msg = format!("{msg}已修复的软件: {:?}\n", _fixed);
}
if let Some(_effected) = effected_rpms.get(&cve.id) {
msg = format!("{msg}可用的更新: {:?}\n", _effected);
}
} else { } else {
msg = format!("{msg}\n{}", cve.id); msg = format!("{msg}\n{}", cve.id);
} }
// 重置此 cve
_cves.remove(&cve.id);
} }
if !_cves.is_empty() { if !_cves.is_empty() {