Fix: RPM package comparison by adding exceptions for version (#313)

In some cases RPM package versions containing a '.ksplice' or a '_fips' string. These versions are not comparable with other Versions missing this string.
greenbone · Oct 12, 2022 · d496276 · d496276
1 parent 1886bcd
commit d496276
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/notus/scanner/models/packages/rpm.py b/notus/scanner/models/packages/rpm.py
@@ -18,6 +18,11 @@
 
 logger = logging.getLogger(__name__)
 
+excpetions = [
+    "_fips",
+    ".ksplice",
+]
+
 
 @dataclass
 class RPMPackage(Package):
@@ -33,6 +38,12 @@ def _compare(self, other: "RPMPackage") -> PackageComparison:
         if self.arch != other.arch:
             return PackageComparison.NOT_COMPARABLE
 
+        for e in excpetions:
+            if (self.full_version.find(e) > -1) != (
+                other.full_version.find(e) > -1
+            ):
+                return PackageComparison.NOT_COMPARABLE
+
         if self.full_version == other.full_version:
             return PackageComparison.EQUAL
 

diff --git a/tests/models/packages/test_rpm.py b/tests/models/packages/test_rpm.py
@@ -253,3 +253,33 @@ def test_from_name_and_full_version(self):
         self.assertEqual(package.version, "1.6.3")
         self.assertEqual(package.release, "26.h1")
         self.assertEqual(package.full_name, "cups-libs-1.6.3-26.h1.x86_64")
+
+    def test_exceptions(self):
+        """tests for the exceptions _fips and .ksplice"""
+        package1 = RPMPackage.from_full_name("gnutls-3.6.16-4.el8.x86_64")
+        package2 = RPMPackage.from_full_name(
+            "gnutls-3.6.16-4.0.1.el8_fips.x86_64"
+        )
+
+        self.assertFalse(package1 > package2)
+        self.assertFalse(package2 > package1)
+
+        package1 = RPMPackage.from_full_name("gnutls-3.6.16-4.el8_fips.x86_64")
+
+        self.assertTrue(package2 > package1)
+
+        package1 = RPMPackage.from_full_name(
+            "openssl-libs-1.0.2k-24.0.3.el7_8.x86_64"
+        )
+        package2 = RPMPackage.from_full_name(
+            "openssl-libs-1.0.2k-24.0.3.ksplice1.el7_9.x86_64"
+        )
+
+        self.assertFalse(package1 > package2)
+        self.assertFalse(package2 > package1)
+
+        package1 = RPMPackage.from_full_name(
+            "openssl-libs-1.0.2k-24.0.3.ksplice1.el7_8.x86_64"
+        )
+
+        self.assertTrue(package2 > package1)