Fix checklogic of detecting packagename line in changelog.

2016-07-27 10:58:53 +09:00
parent 4f0dbff059
commit 04166632d3
2 changed files with 84 additions and 17 deletions
--- a/scan/redhat.go
+++ b/scan/redhat.go
@@ -301,6 +301,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error)
 		CveIDs   []string
 	}

+	// { packageName: changelog-lines }
 	var rpm2changelog map[string]*string
 	if !config.Conf.SSHExternal {
 		allChangelog, err := o.getAllChangelog(packInfoList)
@@ -460,7 +461,7 @@ func (o *redhat) parseYumCheckUpdateLine(line string) (models.PackageInfo, error
 	if len(fields) != 2 {
 		return models.PackageInfo{}, fmt.Errorf("Unknown format: %s", line)
 	}
-	version := fields[0]
+	version := o.regexpReplace(fields[0], `^[0-9]+:`, "")
 	release := fields[1]
 	return models.PackageInfo{
 		Name:       packName,
@@ -499,7 +500,7 @@ func (o *redhat) regexpReplace(src string, pat string, rep string) string {
 }

 func (o *redhat) getChangelogCVELines(rpm2changelog map[string]*string, packInfo models.PackageInfo) string {
-	rpm := fmt.Sprintf("%s-%s-%s", packInfo.Name, o.regexpReplace(packInfo.NewVersion, `^[0-9]+:`, ""), packInfo.NewRelease)
+	rpm := fmt.Sprintf("%s-%s-%s", packInfo.Name, packInfo.NewVersion, packInfo.NewRelease)
 	retLine := ""
 	if rpm2changelog[rpm] != nil {
 		lines := strings.Split(*rpm2changelog[rpm], "\n")
@@ -527,15 +528,19 @@ func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, err
 	tmpline := ""
 	var lines []string
 	var prev, now bool
+	var err error
 	for i := range orglines {
 		if majorVersion == 5 {
 			/* for CentOS5 (yum-util < 1.1.20) */
 			prev = false
 			now = false
 			if i > 0 {
-				prev, _ = o.isRpmPackageNameLine(orglines[i-1])
+				prev, err = o.isRpmPackageNameLine(orglines[i-1])
+				if err != nil {
+					return nil, err
+				}
 			}
-			now, _ = o.isRpmPackageNameLine(orglines[i])
+			now, err = o.isRpmPackageNameLine(orglines[i])
 			if prev && now {
 				tmpline = fmt.Sprintf("%s, %s", tmpline, orglines[i])
 				continue
@@ -561,7 +566,10 @@ func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, err
 	rpm2changelog := make(map[string]*string)
 	writePointer := o.mkPstring()
 	for _, line := range lines {
-		match, _ := o.isRpmPackageNameLine(line)
+		match, err := o.isRpmPackageNameLine(line)
+		if err != nil {
+			return nil, err
+		}
 		if match {
 			rpms := strings.Split(line, ",")
 			pNewString := o.mkPstring()
@@ -836,7 +844,20 @@ func (o *redhat) isHorizontalRule(line string) (bool, error) {
 }

 func (o *redhat) isRpmPackageNameLine(line string) (bool, error) {
-	return regexp.MatchString("^[^ ]+(i386|i486|i586|i686|k6|athlon|x86_64|noarch|ppc|alpha|sparc)", line)
+	s := strings.TrimPrefix(line, "ChangeLog for: ")
+	ss := strings.Split(s, ", ")
+	if len(ss) == 0 {
+		return false, nil
+	}
+	for _, s := range ss {
+		s = strings.TrimRight(s, " \r\n")
+		ok, err := regexp.MatchString(
+			`^[^ ]+\.(i386|i486|i586|i686|k6|athlon|x86_64|noarch|ppc|alpha|sparc)$`, s)
+		if !ok {
+			return false, err
+		}
+	}
+	return true, nil
 }

 // see test case
--- a/scan/redhat_test.go
+++ b/scan/redhat_test.go
@@ -328,6 +328,18 @@ func TestIsRpmPackageNameLine(t *testing.T) {
 			" glibc-2.12-1.192.el6.x86_64",
 			false,
 		},
+		{
+			"glibc-2.12-1.192.el6.x86_64, iproute-2.6.18-15.el5.i386",
+			true,
+		},
+		{
+			"k6 hoge.i386",
+			false,
+		},
+		{
+			"triathlon",
+			false,
+		},
 	}

 	for i, tt := range tests {
@@ -603,6 +615,7 @@ bash.x86_64                    4.1.2-33.el6_7.1              updates
 Obsoleting Packages
 python-libs.i686    2.6.6-64.el6   rhui-REGION-rhel-server-releases
    python-ordereddict.noarch     1.1-3.el6ev    installed
+bind-utils.x86_64                       30:9.3.6-25.P1.el5_11.8          updates
 `

 	r.Packages = []models.PackageInfo{
@@ -626,6 +639,11 @@ python-libs.i686    2.6.6-64.el6   rhui-REGION-rhel-server-releases
 			Version: "1.0",
 			Release: "1",
 		},
+		{
+			Name:    "bind-utils",
+			Version: "1.0",
+			Release: "1",
+		},
 	}
 	var tests = []struct {
 		in  string
@@ -662,6 +680,13 @@ python-libs.i686    2.6.6-64.el6   rhui-REGION-rhel-server-releases
 					NewVersion: "1.1",
 					NewRelease: "3.el6ev",
 				},
+				{
+					Name:       "bind-utils",
+					Version:    "1.0",
+					Release:    "1",
+					NewVersion: "9.3.6",
+					NewRelease: "25.P1.el5_11.8",
+				},
 			},
 		},
 	}
@@ -689,18 +714,18 @@ func TestParseYumCheckUpdateLinesAmazon(t *testing.T) {
 34 package(s) needed for security, out of 71 available

 bind-libs.x86_64           32:9.8.2-0.37.rc1.45.amzn1      amzn-main
-java-1.7.0-openjdk.x86_64  1:1.7.0.95-2.6.4.0.65.amzn1     amzn-main
+java-1.7.0-openjdk.x86_64  1.7.0.95-2.6.4.0.65.amzn1     amzn-main
 if-not-architecture        100-200                         amzn-main
 `
 	r.Packages = []models.PackageInfo{
 		{
 			Name:    "bind-libs",
-			Version: "32:9.8.0",
+			Version: "9.8.0",
 			Release: "0.33.rc1.45.amzn1",
 		},
 		{
 			Name:    "java-1.7.0-openjdk",
-			Version: "1:1.7.0.0",
+			Version: "1.7.0.0",
 			Release: "2.6.4.0.0.amzn1",
 		},
 		{
@@ -718,16 +743,16 @@ if-not-architecture        100-200                         amzn-main
 			models.PackageInfoList{
 				{
 					Name:       "bind-libs",
-					Version:    "32:9.8.0",
+					Version:    "9.8.0",
 					Release:    "0.33.rc1.45.amzn1",
-					NewVersion: "32:9.8.2",
+					NewVersion: "9.8.2",
 					NewRelease: "0.37.rc1.45.amzn1",
 				},
 				{
 					Name:       "java-1.7.0-openjdk",
-					Version:    "1:1.7.0.0",
+					Version:    "1.7.0.0",
 					Release:    "2.6.4.0.0.amzn1",
-					NewVersion: "1:1.7.0.95",
+					NewVersion: "1.7.0.95",
 					NewRelease: "2.6.4.0.65.amzn1",
 				},
 				{
@@ -1029,7 +1054,16 @@ func TestGetChangelogCVELines(t *testing.T) {
 		{
 			models.PackageInfo{
 				Name:       "dhclient",
-				NewVersion: "12:4.1.1",
+				NewVersion: "4.1.1",
+				NewRelease: "51.P1.el6",
+			},
+			`- TESTSTRING CVE-1111-1111
+`,
+		},
+		{
+			models.PackageInfo{
+				Name:       "dhcp-common",
+				NewVersion: "4.1.1",
 				NewRelease: "51.P1.el6",
 			},
 			`- TESTSTRING CVE-1111-1111
@@ -1085,7 +1119,7 @@ func TestGetChangelogCVELines(t *testing.T) {
 		}
 		changelog := r.getChangelogCVELines(rpm2changelog, tt.in)
 		if tt.out != changelog {
-			t.Errorf("line: expected %s, actual %s", tt.out, changelog)
+			t.Errorf("line: expected %s, actual %s, tt: %#v", tt.out, changelog, tt)
 		}
 	}

@@ -1137,7 +1171,19 @@ func TestGetChangelogCVELines(t *testing.T) {
 		{
 			models.PackageInfo{
 				Name:       "bind-libs",
-				NewVersion: "30:9.3.6",
+				NewVersion: "9.3.6",
+				NewRelease: "25.P1.el5_11.8",
+			},
+			`- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite
+- Fix CVE-2016-1285 and CVE-2016-1286
+- Fix CVE-2015-8704
+- Fix CVE-2015-8000
+`,
+		},
+		{
+			models.PackageInfo{
+				Name:       "bind-utils",
+				NewVersion: "9.3.6",
 				NewRelease: "25.P1.el5_11.8",
 			},
 			`- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite
@@ -1156,7 +1202,7 @@ func TestGetChangelogCVELines(t *testing.T) {
 		}
 		changelog := r.getChangelogCVELines(rpm2changelog, tt.in)
 		if tt.out != changelog {
-			t.Errorf("line: expected %s, actual %s", tt.out, changelog)
+			t.Errorf("line: expected %s, actual %s, tt: %#v", tt.out, changelog, tt)
 		}
 	}
 }