fix(cve): robust parsing of [remote|local] and [severity] flags
All checks were successful
Build and Release .deb / build-deb (push) Successful in 22s
All checks were successful
Build and Release .deb / build-deb (push) Successful in 22s
- Use re.findall to extract all bracketed flags instead of positional regex - Fixes issue where optional groups were not captured correctly
This commit is contained in:
parent
13d826ecd2
commit
9107009370
1 changed files with 12 additions and 3 deletions
|
|
@ -227,13 +227,22 @@ def scan_cve(target: Target) -> tuple[bool, list[dict[str, str]], str]:
|
|||
cves = []
|
||||
for line in stdout.splitlines():
|
||||
# Format: CVE-XXXX-XXXX package [remote|local] [severity] - description
|
||||
m = re.match(r"(CVE-\d{4}-\d+)\s+(\S+)(?:\s+\[(remote|local)\])?(?:\s+\[(unimportant|low|medium|high|critical)\])?", line)
|
||||
m = re.match(r"(CVE-\d{4}-\d+)\s+(\S+)", line)
|
||||
if m:
|
||||
# Extraire tous les flags entre crochets
|
||||
flags = re.findall(r"\[(\w+)\]", line)
|
||||
vector = "?"
|
||||
severity = "?"
|
||||
for f in flags:
|
||||
if f in ("remote", "local"):
|
||||
vector = f
|
||||
elif f in ("unimportant", "low", "medium", "high", "critical"):
|
||||
severity = f
|
||||
cves.append({
|
||||
"id": m.group(1),
|
||||
"package": m.group(2),
|
||||
"vector": m.group(3) or "?",
|
||||
"severity": m.group(4) or "?",
|
||||
"vector": vector,
|
||||
"severity": severity,
|
||||
"url": f"https://security-tracker.debian.org/tracker/{m.group(1)}"
|
||||
})
|
||||
return True, cves, ""
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue