Skip to content

Commit

Permalink
adjusted openssl fetcher to handle new page format
Browse files Browse the repository at this point in the history
  • Loading branch information
Acmarr authored and jayhuang-suse committed Dec 11, 2024
1 parent ce4864a commit 9af69bc
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 28 deletions.
17 changes: 6 additions & 11 deletions updater/fetchers/apps/apps_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,21 +32,16 @@ func TestRubyAffectedVersion(t *testing.T) {

func TestOpensslVulVersion(t *testing.T) {
lines := []string{
"<ul><li>Fixed in OpenSSL 3.2.2 <a href=\"https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08\">(git commit)</a> (Affected since 3.2.0)</li><li>Fixed in OpenSSL 3.1.6 <a href=\"https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce\">(git commit)</a> (Affected since 3.1.0)</li><li>Fixed in OpenSSL 3.0.14 <a href=\"https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d\">(git commit)</a> (Affected since 3.0.0)</li><li>Fixed in OpenSSL 1.1.1y <a href=\"/support/contracts.html?giturl=https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640\">(premium support)</a> (Affected since 1.1.1)</li></ul>",
"<ul><li>Fixed in OpenSSL 0.9.8h (Affected since 0.9.8f)</li></ul>",
"<ul><li>Fixed in OpenSSL fips-1.1.2 (Affected since fips-1.1.1)</li></ul>",
"<ul><li>Fixed in OpenSSL 0.9.8j (Affected since 0.9.8)</li></ul>",
" <li>from 1.0.1 before 1.0.1u </li>",
"<li>from 1.0.2 before 1.0.2i </li>\n<li>from 1.0.4 before 1.0.5d </li>",
}
affected := [][]common.AppModuleVersion{
[]common.AppModuleVersion{
{"lt", "3.2.2"}, {"gteq", "3.2.0"}, {"orlt", "3.1.6"}, {"gteq", "3.1.0"},
{"orlt", "3.0.14"}, {"gteq", "3.0.0"}, {"orlt", "1.1.1y"}, {"gteq", "1.1.1"}},
{"lt", "1.0.1u"}, {"gteq", "1.0.1"},
},
[]common.AppModuleVersion{
{"lt", "0.9.8h"}, {"gteq", "0.9.8f"}},
[]common.AppModuleVersion{
{"lt", "fips-1.1.2"}, {"gteq", "fips-1.1.1"}},
[]common.AppModuleVersion{
{"lt", "0.9.8j"}, {"gteq", "0.9.8"}},
{"lt", "1.0.2i"}, {"gteq", "1.0.2"}, {"orlt", "1.0.5d"}, {"gteq", "1.0.4"},
},
}

for i, line := range lines {
Expand Down
29 changes: 12 additions & 17 deletions updater/fetchers/apps/openssl.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@ const (
var cveNameRegexp = regexp.MustCompile(`="(.*)">CVE-([0-9\-]+)`)
var fixedVerRegexp = regexp.MustCompile(`Fixed in OpenSSL\s*\n*([0-9a-z\.\-\s]+)`)
var affectedVerRegexp = regexp.MustCompile(`\(Affected\s+([0-9a-z\.\-,\s]+)\s*\)`)
var verRegexp = regexp.MustCompile(`Fixed in OpenSSL\s*\n*([0-9a-z\.\-\s]+).*?\(Affected\s+([0-9a-z\.\-,\s]+)\s*\)`) // ungreedy
var severityRegexp = regexp.MustCompile(`[[a-zA-Z]+ severity]`)
var verRegexp = regexp.MustCompile(`<li>from\s*\n*([0-9a-z\.\-\s]+) before\s*\n*([0-9a-z\.\-\s]+)<\/li>`) // ungreedy
var severityRegexp = regexp.MustCompile(`<dt>Severity<\/dt>[\S+\n\r\s]+<dd>([a-zA-Z]+)<\/dd>`)
var descriptionRegexp = regexp.MustCompile(`<p>([a-zA-Z[\S+\n\r\s]+)<\/p>`)

// FetchUpdate gets vulnerability updates from the openssl.
func opensslUpdate() error {
Expand Down Expand Up @@ -70,21 +71,14 @@ func opensslUpdate() error {

match = severityRegexp.FindAllStringSubmatch(line, -1)
if len(match) > 0 {
s := match[0]
severityStr := strings.Split(s[0], " ")[0]
severityStr = strings.Replace(severityStr, "[", "", 1)
severity = severityStr
severity = match[0][1]
} else {
continue
}

a0 := strings.Index(line, "<p>")
a1 := strings.Index(line, "<ul>")
if a0 > 0 && a1 > a0 {
description = line[a0+3 : a1]
description = strings.ReplaceAll(description, "<p>", "")
description = strings.ReplaceAll(description, "</p>", "")
description = strings.ReplaceAll(description, "\n", "")
match = descriptionRegexp.FindAllStringSubmatch(line, -1)
if len(match) > 0 {
description = match[0][1]
} else {
log.Error("No description:", line)
continue
Expand Down Expand Up @@ -132,17 +126,18 @@ func getOpensslVulVersion(cve, line string) ([]common.AppModuleVersion, []common

for i, m := range match {
if len(m) >= 2 {
fv := strings.TrimSpace(m[1])
fv := strings.TrimSpace(m[2])
fver = append(fver, common.AppModuleVersion{Version: fv})

var av string
if strings.HasPrefix(m[2], "since ") {
av = strings.TrimSpace(strings.TrimSpace(m[2][6:]))
if strings.HasPrefix(m[1], "since ") {
av = strings.TrimSpace(strings.TrimSpace(m[1][6:]))
} else {
av = strings.TrimSpace(strings.TrimSpace(m[2]))
av = strings.TrimSpace(strings.TrimSpace(m[1]))
}

if i == 0 {
fv := strings.TrimSpace(m[2])
aver = append(aver, common.AppModuleVersion{OpCode: "lt", Version: fv})
} else {
aver = append(aver, common.AppModuleVersion{OpCode: "orlt", Version: fv})
Expand Down

0 comments on commit 9af69bc

Please sign in to comment.