Last active
August 21, 2020 17:36
-
-
Save oholiab/7cf6a1ded49a8c86b91fe13d1c078c37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/cvescan/constants.py b/cvescan/constants.py | |
index 0be4fcf..15b5fff 100644 | |
--- a/cvescan/constants.py | |
+++ b/cvescan/constants.py | |
@@ -107,3 +107,12 @@ UCT_URL = "https://people.canonical.com/~ubuntu-security/cve/%s" | |
UCT_DATA_URL = ( | |
"https://people.canonical.com/~ubuntu-security/cvescan/ubuntu-vuln-db-%s.json.bz2" | |
) | |
+ | |
+SUPPORTED_RELEASES = [ | |
+ "trusty", | |
+ "xenial", | |
+ "bionic", | |
+ "eoan", | |
+ "focal", | |
+ "groovy", | |
+] | |
diff --git a/cvescan/manifest_parser.py b/cvescan/manifest_parser.py | |
index 9ebf147..9312f9f 100644 | |
--- a/cvescan/manifest_parser.py | |
+++ b/cvescan/manifest_parser.py | |
@@ -1,12 +1,18 @@ | |
import re | |
import cvescan.dpkg_parser as dpkg_parser | |
- | |
+from cvescan.constants import SUPPORTED_RELEASES | |
def parse_manifest_file(manifest_file_path): | |
+ codename = None | |
try: | |
with open(manifest_file_path) as mfp: | |
+ first_line = mfp.readline().strip() | |
manifest = mfp.read() | |
+ if first_line in SUPPORTED_RELEASES: | |
+ codename = first_line | |
+ else: | |
+ manifest = "\n".join(first_line, manifest) | |
installed_pkgs = dpkg_parser.get_installed_pkgs_from_manifest(manifest) | |
except Exception as e: | |
@@ -14,14 +20,17 @@ def parse_manifest_file(manifest_file_path): | |
"Failed to parse installed files from manifest the provided file: %s" % e | |
) | |
- return (installed_pkgs, _get_codename(installed_pkgs)) | |
+ if not codename: | |
+ codename = _get_codename_from_package_versions(installed_pkgs) | |
+ | |
+ return (installed_pkgs, codename) | |
# This function uses a hack to guess the ubuntu release codename based on the | |
# versions of certain packages. A better solution would be to include the | |
# codename in the manifest file and fall back on this version checking approach | |
# if the codename is missing. | |
-def _get_codename(installed_pkgs): | |
+def _get_codename_from_package_versions(installed_pkgs): | |
try: | |
trusty_regex = re.compile(r"1:0.196(.\d+)+") | |
xenial_regex = re.compile(r"1:16.04(.\d+)+") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment