fix(cve): robust parsing of [remote|local] and [severity] flags
All checks were successful
Build and Release .deb / build-deb (push) Successful in 22s
All checks were successful
Build and Release .deb / build-deb (push) Successful in 22s
- Use re.findall to extract all bracketed flags instead of positional regex - Fixes issue where optional groups were not captured correctly
This commit is contained in:
parent
13d826ecd2
commit
9107009370
1 changed files with 12 additions and 3 deletions
|
|
@ -227,13 +227,22 @@ def scan_cve(target: Target) -> tuple[bool, list[dict[str, str]], str]:
|
||||||
cves = []
|
cves = []
|
||||||
for line in stdout.splitlines():
|
for line in stdout.splitlines():
|
||||||
# Format: CVE-XXXX-XXXX package [remote|local] [severity] - description
|
# Format: CVE-XXXX-XXXX package [remote|local] [severity] - description
|
||||||
m = re.match(r"(CVE-\d{4}-\d+)\s+(\S+)(?:\s+\[(remote|local)\])?(?:\s+\[(unimportant|low|medium|high|critical)\])?", line)
|
m = re.match(r"(CVE-\d{4}-\d+)\s+(\S+)", line)
|
||||||
if m:
|
if m:
|
||||||
|
# Extraire tous les flags entre crochets
|
||||||
|
flags = re.findall(r"\[(\w+)\]", line)
|
||||||
|
vector = "?"
|
||||||
|
severity = "?"
|
||||||
|
for f in flags:
|
||||||
|
if f in ("remote", "local"):
|
||||||
|
vector = f
|
||||||
|
elif f in ("unimportant", "low", "medium", "high", "critical"):
|
||||||
|
severity = f
|
||||||
cves.append({
|
cves.append({
|
||||||
"id": m.group(1),
|
"id": m.group(1),
|
||||||
"package": m.group(2),
|
"package": m.group(2),
|
||||||
"vector": m.group(3) or "?",
|
"vector": vector,
|
||||||
"severity": m.group(4) or "?",
|
"severity": severity,
|
||||||
"url": f"https://security-tracker.debian.org/tracker/{m.group(1)}"
|
"url": f"https://security-tracker.debian.org/tracker/{m.group(1)}"
|
||||||
})
|
})
|
||||||
return True, cves, ""
|
return True, cves, ""
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue