Skip to content

Commit

Permalink
fix: skip processing of duplicate products
Browse files Browse the repository at this point in the history 
don't add duplicate affected packages to extended response
  • Loading branch information
@psegedy
psegedy committed Sep 27, 2024
1 parent 29b68c5 commit 8493a2d
Showing 1 changed file with 29 additions and 1 deletion.
30 changes: 29 additions & 1 deletion vmaas/vulnerabilities.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,14 @@ func evaluate(c *Cache, opts *options, request *Request) (*VulnerabilitiesCvesDe

func evaluateUnpatchedCves(c *Cache, products []ProductsPackage, cves *VulnerabilitiesCvesDetails) {
for _, pp := range products {
seenProducts := make(map[CSAFProduct]bool, len(pp.ProductsUnfixed))
for _, product := range pp.ProductsUnfixed {
if seenProducts[product] {
// duplicate product in pp.ProductsUnfixed
// skip processing of already processed product
continue
}
seenProducts[product] = true
module := product.ModuleStream
cn := CpeIDNameID{CpeID: product.CpeID, NameID: product.PackageNameID}
csafCves := c.CSAFCVEs[cn][product]
Expand All @@ -210,7 +217,14 @@ func evaluateUnpatchedCves(c *Cache, products []ProductsPackage, cves *Vulnerabi
func evaluateManualCves(c *Cache, products []ProductsPackage, cves *VulnerabilitiesCvesDetails) {
for _, pp := range products {
pp := pp // make copy because &pp is used
seenProducts := make(map[CSAFProduct]bool, len(pp.ProductsFixed))
for _, product := range pp.ProductsFixed {
if seenProducts[product] {
// duplicate product in pp.ProductsFixed
// skip processing of already processed product
continue
}
seenProducts[product] = true
updateNevra := pkgID2Nevra(c, product.PackageID)
if !isApplicable(c, &updateNevra, &pp.Package.Nevra) {
continue
Expand Down Expand Up @@ -766,7 +780,21 @@ func updateCves(cves map[string]VulnerabilityDetail, cve string, pkg Package, er
affectedPackage.ModuleStreamPtrs.Module = &module.Module
affectedPackage.ModuleStreamPtrs.Stream = &module.Stream
}
vulnDetail.Affected = append(vulnDetail.Affected, affectedPackage)
add2response := true
for _, a := range vulnDetail.Affected {
if a.Cpe == affectedPackage.Cpe && a.EVRA == affectedPackage.EVRA && a.Name == affectedPackage.Name {
if a.ModuleStreamPtrs.Module == nil && a.ModuleStreamPtrs.Stream == nil && module == nil {
add2response = false
}
if a.ModuleStreamPtrs.Module != nil && a.ModuleStreamPtrs.Stream != nil && module != nil &&
*a.ModuleStreamPtrs.Module == module.Module && *a.ModuleStreamPtrs.Stream == module.Stream {
add2response = false
}
}
}
if add2response {
vulnDetail.Affected = append(vulnDetail.Affected, affectedPackage)
}
}
cves[cve] = vulnDetail
}

0 comments on commit 8493a2d

Please sign in to comment.