adjusted openssl fetcher to handle new page format

neuvector · Dec 10, 2024 · fa147a9 · fa147a9
1 parent 08259f5
commit fa147a9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 28 deletions.
diff --git a/updater/fetchers/apps/apps_test.go b/updater/fetchers/apps/apps_test.go
@@ -32,21 +32,16 @@ func TestRubyAffectedVersion(t *testing.T) {
 
 func TestOpensslVulVersion(t *testing.T) {
 	lines := []string{
-		"<ul><li>Fixed in OpenSSL 3.2.2 <a href=\"https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08\">(git commit)</a> (Affected since 3.2.0)</li><li>Fixed in OpenSSL 3.1.6 <a href=\"https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce\">(git commit)</a> (Affected since 3.1.0)</li><li>Fixed in OpenSSL 3.0.14 <a href=\"https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d\">(git commit)</a> (Affected since 3.0.0)</li><li>Fixed in OpenSSL 1.1.1y <a href=\"/support/contracts.html?giturl=https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640\">(premium support)</a> (Affected since 1.1.1)</li></ul>",
-		"<ul><li>Fixed in OpenSSL 0.9.8h (Affected since 0.9.8f)</li></ul>",
-		"<ul><li>Fixed in OpenSSL fips-1.1.2 (Affected since fips-1.1.1)</li></ul>",
-		"<ul><li>Fixed in OpenSSL 0.9.8j (Affected since 0.9.8)</li></ul>",
+		"		<li>from 1.0.1 before 1.0.1u </li>",
+		"<li>from 1.0.2 before 1.0.2i </li>\n<li>from 1.0.4 before 1.0.5d </li>",
 	}
 	affected := [][]common.AppModuleVersion{
 		[]common.AppModuleVersion{
-			{"lt", "3.2.2"}, {"gteq", "3.2.0"}, {"orlt", "3.1.6"}, {"gteq", "3.1.0"},
-			{"orlt", "3.0.14"}, {"gteq", "3.0.0"}, {"orlt", "1.1.1y"}, {"gteq", "1.1.1"}},
+			{"gteq", "1.0.1"}, {"lt", "1.0.1u"},
+		},
 		[]common.AppModuleVersion{
-			{"lt", "0.9.8h"}, {"gteq", "0.9.8f"}},
-		[]common.AppModuleVersion{
-			{"lt", "fips-1.1.2"}, {"gteq", "fips-1.1.1"}},
-		[]common.AppModuleVersion{
-			{"lt", "0.9.8j"}, {"gteq", "0.9.8"}},
+			{"gteq", "1.0.2"}, {"lt", "1.0.2i"}, {"gteq", "1.0.4"}, {"orlt", "1.0.5d"},
+		},
 	}
 
 	for i, line := range lines {

diff --git a/updater/fetchers/apps/openssl.go b/updater/fetchers/apps/openssl.go
@@ -20,8 +20,9 @@ const (
 var cveNameRegexp = regexp.MustCompile(`="(.*)">CVE-([0-9\-]+)`)
 var fixedVerRegexp = regexp.MustCompile(`Fixed in OpenSSL\s*\n*([0-9a-z\.\-\s]+)`)
 var affectedVerRegexp = regexp.MustCompile(`\(Affected\s+([0-9a-z\.\-,\s]+)\s*\)`)
-var verRegexp = regexp.MustCompile(`Fixed in OpenSSL\s*\n*([0-9a-z\.\-\s]+).*?\(Affected\s+([0-9a-z\.\-,\s]+)\s*\)`) // ungreedy
-var severityRegexp = regexp.MustCompile(`[[a-zA-Z]+ severity]`)
+var verRegexp = regexp.MustCompile(`<li>from\s*\n*([0-9a-z\.\-\s]+) before\s*\n*([0-9a-z\.\-\s]+)<\/li>`) // ungreedy
+var severityRegexp = regexp.MustCompile(`<dt>Severity<\/dt>[\S+\n\r\s]+<dd>([a-zA-Z]+)<\/dd>`)
+var descriptionRegexp = regexp.MustCompile(`<p>([a-zA-Z[\S+\n\r\s]+)<\/p>`)
 
 // FetchUpdate gets vulnerability updates from the openssl.
 func opensslUpdate() error {
@@ -70,21 +71,14 @@ func opensslUpdate() error {
 
 		match = severityRegexp.FindAllStringSubmatch(line, -1)
 		if len(match) > 0 {
-			s := match[0]
-			severityStr := strings.Split(s[0], " ")[0]
-			severityStr = strings.Replace(severityStr, "[", "", 1)
-			severity = severityStr
+			severity = match[0][1]
 		} else {
 			continue
 		}
 
-		a0 := strings.Index(line, "<p>")
-		a1 := strings.Index(line, "<ul>")
-		if a0 > 0 && a1 > a0 {
-			description = line[a0+3 : a1]
-			description = strings.ReplaceAll(description, "<p>", "")
-			description = strings.ReplaceAll(description, "</p>", "")
-			description = strings.ReplaceAll(description, "\n", "")
+		match = descriptionRegexp.FindAllStringSubmatch(line, -1)
+		if len(match) > 0 {
+			description = match[0][1]
 		} else {
 			log.Error("No description:", line)
 			continue
@@ -132,17 +126,18 @@ func getOpensslVulVersion(cve, line string) ([]common.AppModuleVersion, []common
 
 		for i, m := range match {
 			if len(m) >= 2 {
-				fv := strings.TrimSpace(m[1])
+				fv := strings.TrimSpace(m[2])
 				fver = append(fver, common.AppModuleVersion{Version: fv})
 
 				var av string
-				if strings.HasPrefix(m[2], "since ") {
-					av = strings.TrimSpace(strings.TrimSpace(m[2][6:]))
+				if strings.HasPrefix(m[1], "since ") {
+					av = strings.TrimSpace(strings.TrimSpace(m[1][6:]))
 				} else {
-					av = strings.TrimSpace(strings.TrimSpace(m[2]))
+					av = strings.TrimSpace(strings.TrimSpace(m[1]))
 				}
 
 				if i == 0 {
+					fv := strings.TrimSpace(m[2])
 					aver = append(aver, common.AppModuleVersion{OpCode: "lt", Version: fv})
 				} else {
 					aver = append(aver, common.AppModuleVersion{OpCode: "orlt", Version: fv})