elivepatch_client/security.py: IndexError: list index out of range

[DestroyFX]

elivepatch --cve --kernel 4.19.1
Namespace(clear=False, conf_file=None, config='/proc/config.gz', cve=True, debug=False, kernel_version='4.19.1', patch=None, url=None, version=False)
List of current patches:
[]
CVE repository already present.
updating...
4 19 1
Traceback (most recent call last):
File "/usr/lib/python-exec/python3.6/elivepatch", line 31, in
main = Main(ArgsParser())
File "/usr/lib64/python3.6/site-packages/elivepatch_client/cli.py", line 31, in init
self.dispatch(config)
File "/usr/lib64/python3.6/site-packages/elivepatch_client/cli.py", line 50, in dispatch
cve_patch_list = cve_repository.cve_git_id(config.kernel_version)
File "/usr/lib64/python3.6/site-packages/elivepatch_client/security.py", line 41, in cve_git_id
security_versions.append(security_versions_tmp.split('.')[2])
IndexError: list index out of range

[aliceinwire]

looks like there is no 4.19.1 in the security file, we probably have to deal with such situations.

[DestroyFX]

Got it to work
[debug] security versions: [0, '2', '3']

            if len(security_versions_tmp) == 4:
                security_versions.append(0)
            else:
                security_versions.append(security_versions_tmp.split('.')[2])

4.19 is 4 chars, not 3, It look hard-coded for kernel with only one number as the minor (like 4.5). it should have check for 1 and 2 number as minor. Note that I might be wrong as I don't do python.

[aliceinwire]

Hello,
you are right and I was half sleepy 😴, we need to find a way to avoid hard-coding value.

Probably we can split the security_versions_tmp by the dot and check that the resulting values are only two, if we are dealing with more than two values, than we are dealing with a version that have a revision number.

diff --git a/elivepatch_client/security.py b/elivepatch_client/security.py
index 8cc067f..45241e5 100644
--- a/elivepatch_client/security.py
+++ b/elivepatch_client/security.py
@@ -35,7 +35,8 @@ class CVE(object):
             if "CVEs fixed in" in line:
                 security_versions_tmp = line.strip().split(' ')[3][:-1]
                 # if there is not revision, set revision as 0
-                if len(security_versions_tmp) == 3:
+                sv_split_tmp = security_versions_tmp.split('.')
+                if len(sv_split_tmp) == 2:
                     security_versions.append(0)
                 else:
security_versions.append(security_versions_tmp.split('.')[2])

In the future we will want to move to a more "standard" way of managing patches overlay:
like in this example #8

[aliceinwire]

merged 850ad6b

Thanks for the bug report