From 0618535d5ed4069c1fe4be3cee2d5ec0c5271f28 Mon Sep 17 00:00:00 2001 From: Lucas Moura Date: Fri, 11 Oct 2024 11:39:54 -0300 Subject: [PATCH] cli: update fixable message on vulnerability list If the CVE is fixable by both ubuntu pro and ubuntu security, we are now counting one for each instead of prioritizing ubuntu pro --- uaclient/cli/vulnerability/list.py | 51 +++++++++++++++--------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/uaclient/cli/vulnerability/list.py b/uaclient/cli/vulnerability/list.py index 2be00aa36a..f51976a01e 100644 --- a/uaclient/cli/vulnerability/list.py +++ b/uaclient/cli/vulnerability/list.py @@ -125,33 +125,32 @@ def _get_info_from_vulnerabilities(vulnerabilities): for vuln in vulnerabilities: if vuln.fixable == "yes": - pocket = ( - "ubuntu_pro" - if any( - pkg - for pkg in vuln.affected_packages - if re.match( - r"^(esm|fips)", pkg.fix_available_from or "no-fix" - ) - ) - else "ubuntu_security" - ) - vulnerability_count_info[pocket]["count"] += 1 - - if not getattr(vuln, "ubuntu_priority", None): - continue - - if ( - vuln.ubuntu_priority - in vulnerability_count_info[pocket]["info"] - ): - vulnerability_count_info[pocket]["info"][ - vuln.ubuntu_priority - ] += 1 - else: - vulnerability_count_info[pocket]["info"][ + pockets = set() + for pkg in vuln.affected_packages: + if re.match( + r"^(esm|fips)", pkg.fix_available_from or "no-fix" + ): + pockets.add("ubuntu_pro") + else: + pockets.add("ubuntu_security") + + for pocket in pockets: + vulnerability_count_info[pocket]["count"] += 1 + + if not getattr(vuln, "ubuntu_priority", None): + continue + + if ( vuln.ubuntu_priority - ] = 1 + in vulnerability_count_info[pocket]["info"] + ): + vulnerability_count_info[pocket]["info"][ + vuln.ubuntu_priority + ] += 1 + else: + vulnerability_count_info[pocket]["info"][ + vuln.ubuntu_priority + ] = 1 return vulnerability_count_info