Update PatchReportExtractor.py
This commit is contained in:
@@ -186,61 +186,84 @@ class PatchReportParser:
|
||||
|
||||
# Match vulnerabilities to this action based on:
|
||||
# 1. KB number in action matches KB in vulnerability
|
||||
# 2. Software name in action matches software in vulnerability plugin name
|
||||
# 3. CVEs mentioned in patch report
|
||||
# 2. Specific package name for RHEL (e.g., "java-1.8.0-openjdk", "firefox")
|
||||
# 3. Software name and version for general software
|
||||
# 4. CVEs mentioned in patch report
|
||||
|
||||
matched_vulns = []
|
||||
|
||||
action_text_lower = action.action.lower()
|
||||
software_name_lower = action.software.lower()
|
||||
|
||||
for vuln in host_vulns:
|
||||
plugin_name = vuln['plugin_name'].lower()
|
||||
action_text = action.action.lower()
|
||||
software_name = action.software.lower()
|
||||
|
||||
# Match KB patches
|
||||
if 'kb' in action_text:
|
||||
kb_match = re.search(r'kb(\d+)', action_text)
|
||||
# PRIORITY 1: Match KB patches by KB number
|
||||
if 'kb' in action_text_lower:
|
||||
kb_match = re.search(r'kb(\d+)', action_text_lower)
|
||||
if kb_match:
|
||||
kb_num = kb_match.group(1)
|
||||
if f'kb{kb_num}' in plugin_name or kb_num in plugin_name:
|
||||
if f'kb{kb_num}' in plugin_name or f'kb {kb_num}' in plugin_name:
|
||||
matched_vulns.append(vuln)
|
||||
continue
|
||||
|
||||
# Match software name
|
||||
if software_name and software_name in plugin_name:
|
||||
# PRIORITY 2: Match RHEL packages by specific package name
|
||||
# Extract package name from action like "Update the RHEL firefox package..."
|
||||
if 'rhel' in action_text_lower or 'rhsa' in action_text_lower:
|
||||
# Extract package name from patterns like:
|
||||
# "Update the RHEL firefox package based on..."
|
||||
# "Update the RHEL java-1.8.0-openjdk package..."
|
||||
package_match = re.search(r'rhel\s+([a-z0-9\-._]+)\s+package', action_text_lower)
|
||||
if package_match:
|
||||
package_name = package_match.group(1)
|
||||
# Match if the package name appears in the vulnerability plugin name
|
||||
if package_name in plugin_name:
|
||||
matched_vulns.append(vuln)
|
||||
continue
|
||||
|
||||
# Also try to extract RHSA number for exact matching
|
||||
rhsa_match = re.search(r'rhsa[-:](\d{4}:\d+)', action_text_lower)
|
||||
if rhsa_match:
|
||||
rhsa_num = rhsa_match.group(1)
|
||||
if rhsa_num in plugin_name or rhsa_num.replace(':', '-') in plugin_name:
|
||||
matched_vulns.append(vuln)
|
||||
continue
|
||||
|
||||
# If no specific package found, skip broad RHEL matching
|
||||
# This prevents matching all RHEL vulns to every RHEL action
|
||||
continue
|
||||
|
||||
# PRIORITY 3: Match by specific software name with version validation
|
||||
if software_name_lower and software_name_lower in plugin_name:
|
||||
# Further validate by checking version if available
|
||||
if action.version_needed:
|
||||
# If version is mentioned, check if this vuln relates to older versions
|
||||
if '<' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name:
|
||||
if '<' in plugin_name or '<=' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name:
|
||||
matched_vulns.append(vuln)
|
||||
continue
|
||||
else:
|
||||
# No version requirement, but software name matches
|
||||
matched_vulns.append(vuln)
|
||||
continue
|
||||
continue
|
||||
|
||||
# Match common software patterns
|
||||
software_keywords = {
|
||||
'7-zip': ['7-zip', '7zip'],
|
||||
'apache': ['apache'],
|
||||
'log4j': ['log4j'],
|
||||
'openssh': ['openssh', 'ssh'],
|
||||
'dell': ['dell'],
|
||||
'microsoft': ['microsoft', 'windows', r'ms\d{2}-'],
|
||||
'adobe': ['adobe'],
|
||||
'air': ['adobe air', 'air'],
|
||||
'curl': ['curl'],
|
||||
'edge': ['edge', 'chromium'],
|
||||
'oracle': ['oracle'],
|
||||
'java': ['java', 'openjdk', 'jre', 'jdk'],
|
||||
'rhel': ['rhel', 'red hat'],
|
||||
'networkmanager': ['networkmanager'],
|
||||
'bcc': ['bcc'],
|
||||
}
|
||||
|
||||
for key, patterns in software_keywords.items():
|
||||
if key in software_name or key in action_text:
|
||||
for pattern in patterns:
|
||||
if re.search(pattern, plugin_name, re.IGNORECASE):
|
||||
matched_vulns.append(vuln)
|
||||
break
|
||||
# PRIORITY 4: Match common software patterns (only for non-RHEL)
|
||||
# This should be specific, not catch-all
|
||||
if 'rhel' not in action_text_lower and 'rhsa' not in action_text_lower:
|
||||
software_keywords = {
|
||||
'7-zip': ['7-zip', '7zip'],
|
||||
'adobe air': ['adobe air', 'adobe.*air'],
|
||||
'curl': [r'\bcurl\b'],
|
||||
'edge': ['microsoft edge', 'edge.*chromium'],
|
||||
'log4j': ['log4j'],
|
||||
'java': [r'java se\b', r'oracle java\b', r'openjdk\b'],
|
||||
}
|
||||
|
||||
for key, patterns in software_keywords.items():
|
||||
if key in software_name_lower or key in action_text_lower:
|
||||
for pattern in patterns:
|
||||
if re.search(pattern, plugin_name, re.IGNORECASE):
|
||||
matched_vulns.append(vuln)
|
||||
break
|
||||
|
||||
# Calculate severity counts from matched vulnerabilities
|
||||
critical = sum(1 for v in matched_vulns if v['severity'] == 4)
|
||||
|
||||
Reference in New Issue
Block a user