Update PatchReportExtractor.py
This commit is contained in:
@@ -186,61 +186,84 @@ class PatchReportParser:
|
|||||||
|
|
||||||
# Match vulnerabilities to this action based on:
|
# Match vulnerabilities to this action based on:
|
||||||
# 1. KB number in action matches KB in vulnerability
|
# 1. KB number in action matches KB in vulnerability
|
||||||
# 2. Software name in action matches software in vulnerability plugin name
|
# 2. Specific package name for RHEL (e.g., "java-1.8.0-openjdk", "firefox")
|
||||||
# 3. CVEs mentioned in patch report
|
# 3. Software name and version for general software
|
||||||
|
# 4. CVEs mentioned in patch report
|
||||||
|
|
||||||
matched_vulns = []
|
matched_vulns = []
|
||||||
|
|
||||||
|
action_text_lower = action.action.lower()
|
||||||
|
software_name_lower = action.software.lower()
|
||||||
|
|
||||||
for vuln in host_vulns:
|
for vuln in host_vulns:
|
||||||
plugin_name = vuln['plugin_name'].lower()
|
plugin_name = vuln['plugin_name'].lower()
|
||||||
action_text = action.action.lower()
|
|
||||||
software_name = action.software.lower()
|
|
||||||
|
|
||||||
# Match KB patches
|
# PRIORITY 1: Match KB patches by KB number
|
||||||
if 'kb' in action_text:
|
if 'kb' in action_text_lower:
|
||||||
kb_match = re.search(r'kb(\d+)', action_text)
|
kb_match = re.search(r'kb(\d+)', action_text_lower)
|
||||||
if kb_match:
|
if kb_match:
|
||||||
kb_num = kb_match.group(1)
|
kb_num = kb_match.group(1)
|
||||||
if f'kb{kb_num}' in plugin_name or kb_num in plugin_name:
|
if f'kb{kb_num}' in plugin_name or f'kb {kb_num}' in plugin_name:
|
||||||
matched_vulns.append(vuln)
|
matched_vulns.append(vuln)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# Match software name
|
# PRIORITY 2: Match RHEL packages by specific package name
|
||||||
if software_name and software_name in plugin_name:
|
# Extract package name from action like "Update the RHEL firefox package..."
|
||||||
|
if 'rhel' in action_text_lower or 'rhsa' in action_text_lower:
|
||||||
|
# Extract package name from patterns like:
|
||||||
|
# "Update the RHEL firefox package based on..."
|
||||||
|
# "Update the RHEL java-1.8.0-openjdk package..."
|
||||||
|
package_match = re.search(r'rhel\s+([a-z0-9\-._]+)\s+package', action_text_lower)
|
||||||
|
if package_match:
|
||||||
|
package_name = package_match.group(1)
|
||||||
|
# Match if the package name appears in the vulnerability plugin name
|
||||||
|
if package_name in plugin_name:
|
||||||
|
matched_vulns.append(vuln)
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Also try to extract RHSA number for exact matching
|
||||||
|
rhsa_match = re.search(r'rhsa[-:](\d{4}:\d+)', action_text_lower)
|
||||||
|
if rhsa_match:
|
||||||
|
rhsa_num = rhsa_match.group(1)
|
||||||
|
if rhsa_num in plugin_name or rhsa_num.replace(':', '-') in plugin_name:
|
||||||
|
matched_vulns.append(vuln)
|
||||||
|
continue
|
||||||
|
|
||||||
|
# If no specific package found, skip broad RHEL matching
|
||||||
|
# This prevents matching all RHEL vulns to every RHEL action
|
||||||
|
continue
|
||||||
|
|
||||||
|
# PRIORITY 3: Match by specific software name with version validation
|
||||||
|
if software_name_lower and software_name_lower in plugin_name:
|
||||||
# Further validate by checking version if available
|
# Further validate by checking version if available
|
||||||
if action.version_needed:
|
if action.version_needed:
|
||||||
# If version is mentioned, check if this vuln relates to older versions
|
# If version is mentioned, check if this vuln relates to older versions
|
||||||
if '<' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name:
|
if '<' in plugin_name or '<=' in plugin_name or 'unsupported' in plugin_name or 'outdated' in plugin_name:
|
||||||
matched_vulns.append(vuln)
|
matched_vulns.append(vuln)
|
||||||
|
continue
|
||||||
else:
|
else:
|
||||||
|
# No version requirement, but software name matches
|
||||||
matched_vulns.append(vuln)
|
matched_vulns.append(vuln)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# Match common software patterns
|
# PRIORITY 4: Match common software patterns (only for non-RHEL)
|
||||||
software_keywords = {
|
# This should be specific, not catch-all
|
||||||
'7-zip': ['7-zip', '7zip'],
|
if 'rhel' not in action_text_lower and 'rhsa' not in action_text_lower:
|
||||||
'apache': ['apache'],
|
software_keywords = {
|
||||||
'log4j': ['log4j'],
|
'7-zip': ['7-zip', '7zip'],
|
||||||
'openssh': ['openssh', 'ssh'],
|
'adobe air': ['adobe air', 'adobe.*air'],
|
||||||
'dell': ['dell'],
|
'curl': [r'\bcurl\b'],
|
||||||
'microsoft': ['microsoft', 'windows', r'ms\d{2}-'],
|
'edge': ['microsoft edge', 'edge.*chromium'],
|
||||||
'adobe': ['adobe'],
|
'log4j': ['log4j'],
|
||||||
'air': ['adobe air', 'air'],
|
'java': [r'java se\b', r'oracle java\b', r'openjdk\b'],
|
||||||
'curl': ['curl'],
|
}
|
||||||
'edge': ['edge', 'chromium'],
|
|
||||||
'oracle': ['oracle'],
|
for key, patterns in software_keywords.items():
|
||||||
'java': ['java', 'openjdk', 'jre', 'jdk'],
|
if key in software_name_lower or key in action_text_lower:
|
||||||
'rhel': ['rhel', 'red hat'],
|
for pattern in patterns:
|
||||||
'networkmanager': ['networkmanager'],
|
if re.search(pattern, plugin_name, re.IGNORECASE):
|
||||||
'bcc': ['bcc'],
|
matched_vulns.append(vuln)
|
||||||
}
|
break
|
||||||
|
|
||||||
for key, patterns in software_keywords.items():
|
|
||||||
if key in software_name or key in action_text:
|
|
||||||
for pattern in patterns:
|
|
||||||
if re.search(pattern, plugin_name, re.IGNORECASE):
|
|
||||||
matched_vulns.append(vuln)
|
|
||||||
break
|
|
||||||
|
|
||||||
# Calculate severity counts from matched vulnerabilities
|
# Calculate severity counts from matched vulnerabilities
|
||||||
critical = sum(1 for v in matched_vulns if v['severity'] == 4)
|
critical = sum(1 for v in matched_vulns if v['severity'] == 4)
|
||||||
|
|||||||
Reference in New Issue
Block a user