From e858b9fc1a64c7035bbff0211a2ec617df82f780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20Kr=C3=A4mer?= Date: Wed, 12 Oct 2022 12:12:31 +0200 Subject: [PATCH] Fix: RPM package comparison by adding exceptions for version (#313) In some cases RPM package versions containing a '.ksplice' or a '_fips' string. These versions are not comparable with other Versions missing this string. (cherry picked from commit d49627678446f488e0901fb1e79307566e4345fb) --- notus/scanner/models/packages/rpm.py | 11 ++++++++++ tests/models/packages/test_rpm.py | 30 ++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/notus/scanner/models/packages/rpm.py b/notus/scanner/models/packages/rpm.py index 1f29d433..1cd94ced 100644 --- a/notus/scanner/models/packages/rpm.py +++ b/notus/scanner/models/packages/rpm.py @@ -18,6 +18,11 @@ logger = logging.getLogger(__name__) +excpetions = [ + "_fips", + ".ksplice", +] + @dataclass class RPMPackage(Package): @@ -33,6 +38,12 @@ def _compare(self, other: "RPMPackage") -> PackageComparison: if self.arch != other.arch: return PackageComparison.NOT_COMPARABLE + for e in excpetions: + if (self.full_version.find(e) > -1) != ( + other.full_version.find(e) > -1 + ): + return PackageComparison.NOT_COMPARABLE + if self.full_version == other.full_version: return PackageComparison.EQUAL diff --git a/tests/models/packages/test_rpm.py b/tests/models/packages/test_rpm.py index 1e490e2a..2b9ea36c 100644 --- a/tests/models/packages/test_rpm.py +++ b/tests/models/packages/test_rpm.py @@ -253,3 +253,33 @@ def test_from_name_and_full_version(self): self.assertEqual(package.version, "1.6.3") self.assertEqual(package.release, "26.h1") self.assertEqual(package.full_name, "cups-libs-1.6.3-26.h1.x86_64") + + def test_exceptions(self): + """tests for the exceptions _fips and .ksplice""" + package1 = RPMPackage.from_full_name("gnutls-3.6.16-4.el8.x86_64") + package2 = RPMPackage.from_full_name( + "gnutls-3.6.16-4.0.1.el8_fips.x86_64" + ) + + self.assertFalse(package1 > package2) + self.assertFalse(package2 > package1) + + package1 = RPMPackage.from_full_name("gnutls-3.6.16-4.el8_fips.x86_64") + + self.assertTrue(package2 > package1) + + package1 = RPMPackage.from_full_name( + "openssl-libs-1.0.2k-24.0.3.el7_8.x86_64" + ) + package2 = RPMPackage.from_full_name( + "openssl-libs-1.0.2k-24.0.3.ksplice1.el7_9.x86_64" + ) + + self.assertFalse(package1 > package2) + self.assertFalse(package2 > package1) + + package1 = RPMPackage.from_full_name( + "openssl-libs-1.0.2k-24.0.3.ksplice1.el7_8.x86_64" + ) + + self.assertTrue(package2 > package1)