Skip to content

Commit

Permalink
feat(oval/oracle): ignore fips patched version for non fips package v…
Browse files Browse the repository at this point in the history 
…ersions (#2047)

* ignore fips patched version for non fips package versions

like the ksplice and TDC in SUSE, we need not to report fips patched versions for non fips packages

* add testcase

---------

Co-authored-by: MaineK00n <[email protected]>
  • Loading branch information
@wagde-orca @MaineK00n
wagde-orca and MaineK00n authored Nov 8, 2024
1 parent d78018b commit c0b267d
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 0 deletions.
3 changes: 3 additions & 0 deletions oval/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,9 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family, release s
if extractOracleKsplice(ovalPack.Version) != extractOracleKsplice(req.versionRelease) {
continue
}
if strings.HasSuffix(ovalPack.Version, "_fips") != strings.HasSuffix(req.versionRelease, "_fips") {
continue
}
case constant.SUSEEnterpriseServer:
if strings.Contains(ovalPack.Version, ".TDC.") != strings.Contains(req.versionRelease, ".TDC.") {
continue
Expand Down
64 changes: 64 additions & 0 deletions oval/util_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1929,6 +1929,70 @@ func TestIsOvalDefAffected(t *testing.T) {
},
affected: false,
},
// in: _fips , req: not fips
{
in: in{
family: constant.Oracle,
def: ovalmodels.Definition{
AffectedPacks: []ovalmodels.Package{
{
Name: "gnutls",
Version: "10:3.6.16-4.0.1.el8_fips",
Arch: "x86_64",
},
},
},
req: request{
packName: "gnutls",
versionRelease: "3.6.16-4.el8",
arch: "x86_64",
},
},
affected: false,
},
// in: _fips , req: _fips
{
in: in{
family: constant.Oracle,
def: ovalmodels.Definition{
AffectedPacks: []ovalmodels.Package{
{
Name: "gnutls",
Version: "10:3.6.16-8.el8_9.3_fips",
Arch: "x86_64",
},
},
},
req: request{
packName: "gnutls",
versionRelease: "10:3.6.16-4.0.1.el8_fips",
arch: "x86_64",
},
},
affected: true,
fixedIn: "10:3.6.16-8.el8_9.3_fips",
},
// in: non fips (upstream?), req: _fips
{
in: in{
family: constant.Oracle,
def: ovalmodels.Definition{
AffectedPacks: []ovalmodels.Package{
{
Name: "gnutls",
Version: "0:3.6.16-5.el8_6",
Arch: "x86_64",
},
},
},
req: request{
packName: "gnutls",
versionRelease: "10:3.6.16-4.0.1.el8_fips",
arch: "x86_64",
},
},
affected: false,
},
// same arch
{
in: in{
Expand Down

0 comments on commit c0b267d

Please sign in to comment.