diff --git a/PatchReportExtractor.py b/PatchReportExtractor.py index cb123cc..14149e3 100644 --- a/PatchReportExtractor.py +++ b/PatchReportExtractor.py @@ -186,61 +186,84 @@ class PatchReportParser: # Match vulnerabilities to this action based on: # 1. KB number in action matches KB in vulnerability - # 2. Software name in action matches software in vulnerability plugin name - # 3. CVEs mentioned in patch report + # 2. Specific package name for RHEL (e.g., "java-1.8.0-openjdk", "firefox") + # 3. Software name and version for general software + # 4. CVEs mentioned in patch report matched_vulns = [] + action_text_lower = action.action.lower() + software_name_lower = action.software.lower() + for vuln in host_vulns: plugin_name = vuln['plugin_name'].lower() - action_text = action.action.lower() - software_name = action.software.lower() - # Match KB patches - if 'kb' in action_text: - kb_match = re.search(r'kb(\d+)', action_text) + # PRIORITY 1: Match KB patches by KB number + if 'kb' in action_text_lower: + kb_match = re.search(r'kb(\d+)', action_text_lower) if kb_match: kb_num = kb_match.group(1) - if f'kb{kb_num}' in plugin_name or kb_num in plugin_name: + if f'kb{kb_num}' in plugin_name or f'kb {kb_num}' in plugin_name: matched_vulns.append(vuln) continue - # Match software name - if software_name and software_name in plugin_name: + # PRIORITY 2: Match RHEL packages by specific package name + # Extract package name from action like "Update the RHEL firefox package..." + if 'rhel' in action_text_lower or 'rhsa' in action_text_lower: + # Extract package name from patterns like: + # "Update the RHEL firefox package based on..." + # "Update the RHEL java-1.8.0-openjdk package..." + package_match = re.search(r'rhel\s+([a-z0-9\-._]+)\s+package', action_text_lower) + if package_match: + package_name = package_match.group(1) + # Match if the package name appears in the vulnerability plugin name + if package_name in plugin_name: + matched_vulns.append(vuln) + continue + + # Also try to extract RHSA number for exact matching + rhsa_match = re.search(r'rhsa[-:](\d{4}:\d+)', action_text_lower) + if rhsa_match: + rhsa_num = rhsa_match.group(1) + if rhsa_num in plugin_name or rhsa_num.replace(':', '-') in plugin_name: + matched_vulns.append(vuln) + continue + + # If no specific package found, skip broad RHEL matching + # This prevents matching all RHEL vulns to every RHEL action + continue + + # PRIORITY 3: Match by specific software name with version validation + if software_name_lower and software_name_lower in plugin_name: # Further validate by checking version if available if action.version_needed: # If version is mentioned, check if this vuln relates to older versions - if '<' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name: + if '<' in plugin_name or '<=' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name: matched_vulns.append(vuln) + continue else: + # No version requirement, but software name matches matched_vulns.append(vuln) - continue + continue - # Match common software patterns - software_keywords = { - '7-zip': ['7-zip', '7zip'], - 'apache': ['apache'], - 'log4j': ['log4j'], - 'openssh': ['openssh', 'ssh'], - 'dell': ['dell'], - 'microsoft': ['microsoft', 'windows', r'ms\d{2}-'], - 'adobe': ['adobe'], - 'air': ['adobe air', 'air'], - 'curl': ['curl'], - 'edge': ['edge', 'chromium'], - 'oracle': ['oracle'], - 'java': ['java', 'openjdk', 'jre', 'jdk'], - 'rhel': ['rhel', 'red hat'], - 'networkmanager': ['networkmanager'], - 'bcc': ['bcc'], - } - - for key, patterns in software_keywords.items(): - if key in software_name or key in action_text: - for pattern in patterns: - if re.search(pattern, plugin_name, re.IGNORECASE): - matched_vulns.append(vuln) - break + # PRIORITY 4: Match common software patterns (only for non-RHEL) + # This should be specific, not catch-all + if 'rhel' not in action_text_lower and 'rhsa' not in action_text_lower: + software_keywords = { + '7-zip': ['7-zip', '7zip'], + 'adobe air': ['adobe air', 'adobe.*air'], + 'curl': [r'\bcurl\b'], + 'edge': ['microsoft edge', 'edge.*chromium'], + 'log4j': ['log4j'], + 'java': [r'java se\b', r'oracle java\b', r'openjdk\b'], + } + + for key, patterns in software_keywords.items(): + if key in software_name_lower or key in action_text_lower: + for pattern in patterns: + if re.search(pattern, plugin_name, re.IGNORECASE): + matched_vulns.append(vuln) + break # Calculate severity counts from matched vulnerabilities critical = sum(1 for v in matched_vulns if v['severity'] == 4)