Skip to content

Commit

Permalink
cli: update fixable message on vulnerability list
Browse files Browse the repository at this point in the history 
If the CVE is fixable by both ubuntu pro and ubuntu security,
we are now counting one for each instead of prioritizing
ubuntu pro
  • Loading branch information
@lucasmoura
lucasmoura committed Oct 14, 2024
1 parent 17e5826 commit 0618535
Showing 1 changed file with 25 additions and 26 deletions.
51 changes: 25 additions & 26 deletions uaclient/cli/vulnerability/list.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,33 +125,32 @@ def _get_info_from_vulnerabilities(vulnerabilities):

for vuln in vulnerabilities:
if vuln.fixable == "yes":
pocket = (
"ubuntu_pro"
if any(
pkg
for pkg in vuln.affected_packages
if re.match(
r"^(esm|fips)", pkg.fix_available_from or "no-fix"
)
)
else "ubuntu_security"
)
vulnerability_count_info[pocket]["count"] += 1

if not getattr(vuln, "ubuntu_priority", None):
continue

if (
vuln.ubuntu_priority
in vulnerability_count_info[pocket]["info"]
):
vulnerability_count_info[pocket]["info"][
vuln.ubuntu_priority
] += 1
else:
vulnerability_count_info[pocket]["info"][
pockets = set()
for pkg in vuln.affected_packages:
if re.match(
r"^(esm|fips)", pkg.fix_available_from or "no-fix"
):
pockets.add("ubuntu_pro")
else:
pockets.add("ubuntu_security")

for pocket in pockets:
vulnerability_count_info[pocket]["count"] += 1

if not getattr(vuln, "ubuntu_priority", None):
continue

if (
vuln.ubuntu_priority
] = 1
in vulnerability_count_info[pocket]["info"]
):
vulnerability_count_info[pocket]["info"][
vuln.ubuntu_priority
] += 1
else:
vulnerability_count_info[pocket]["info"][
vuln.ubuntu_priority
] = 1

return vulnerability_count_info

Expand Down

0 comments on commit 0618535

Please sign in to comment.