Skip to content

Commit

Permalink
skip modules but keep their rpms (#305)
Browse files Browse the repository at this point in the history
Sometimes RPMs are packed in a module. It's a little harder to detect
the actual modules themselves on a running system, but we can still
check their RPMs. This change allows skipping modules, but keeps their
RPM children.

Signed-off-by: Jason Shepherd <jason@jasonshepherd.net>
  • Loading branch information
jasinner authored Oct 22, 2024
1 parent c90f10d commit 719ac38
Show file tree
Hide file tree
Showing 4 changed files with 11,442 additions and 20 deletions.
40 changes: 22 additions & 18 deletions tools/redhat/redhat_osv/convert_redhat_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,29 @@
class TestRedHatConverter(unittest.TestCase):
"""Test end-to-end convertion from RedHAt CSAF to OSV format"""

test_advisories = ["2024_4546", "2024_6220"]

def test_convert_redhat(self):
""" Test a single demo CSAF file """
modified_time = datetime.strptime("2024-09-02T14:30:00",
"%Y-%m-%dT%H:%M:%S")
csaf_file = "testdata/rhsa-2024_4546.json"
expected_file = "testdata/RHSA-2024_4546.json"

with open(csaf_file, "r", encoding="utf-8") as fp:
csaf_data = fp.read()
converter = RedHatConverter()
osv_data = converter.convert(csaf_data,
modified_time.strftime(DATE_FORMAT))

assert osv_data[0] == "RHSA-2024:4546"
result_data = json.loads(osv_data[1])

with open(expected_file, "r", encoding="utf-8") as fp:
expected_data = json.load(fp)
assert expected_data == result_data
for test_advisory in self.test_advisories:
""" Test a single demo CSAF file """
modified_time = datetime.strptime("2024-09-02T14:30:00",
"%Y-%m-%dT%H:%M:%S")
csaf_file = f"testdata/rhsa-{test_advisory}.json"
expected_file = f"testdata/RHSA-{test_advisory}.json"

with open(csaf_file, "r", encoding="utf-8") as fp:
csaf_data = fp.read()
converter = RedHatConverter()
osv_data = converter.convert(csaf_data,
modified_time.strftime(DATE_FORMAT))

advisory_id = test_advisory.replace("_", ":")
assert osv_data[0] == f"RHSA-{advisory_id}"
result_data = json.loads(osv_data[1])

with open(expected_file, "r", encoding="utf-8") as fp:
expected_data = json.load(fp)
assert expected_data == result_data


if __name__ == '__main__':
Expand Down
11 changes: 9 additions & 2 deletions tools/redhat/redhat_osv/csaf.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
from dataclasses import dataclass, InitVar, field
from typing import Any, Iterable

class RemediationParseError(ValueError):
pass

@dataclass
class Remediation:
Expand Down Expand Up @@ -32,7 +34,7 @@ def __post_init__(self, csaf_product_id: str, cpes: dict[str, str],
# We split the name from the rest of the 'version' data (EVRA). We store name as component.
split_component_version = self.product_version.rsplit("-", maxsplit=2)
if len(split_component_version) < 3:
raise ValueError(
raise RemediationParseError(
f"Could not convert component into NEVRA: {self.product_version}"
)
# RHEL Modules have 4 colons in the name part of the NEVRA. If we detect a modular RPM
Expand Down Expand Up @@ -96,7 +98,12 @@ def __post_init__(self, csaf_vuln: dict[str, Any], cpes: dict[str, str],
self.references = csaf_vuln["references"]
self.remediations = []
for product_id in csaf_vuln["product_status"]["fixed"]:
self.remediations.append(Remediation(product_id, cpes, purls))
try:
self.remediations.append(Remediation(product_id, cpes, purls))
except RemediationParseError:
continue
if not self.remediations:
raise ValueError(f"Did not find any remediations for {self.cve_id}")


def gen_dict_extract(key, var: Iterable):
Expand Down
Loading

0 comments on commit 719ac38

Please sign in to comment.