vuln alerts from arch-audit

2026-03-12 05:35:19 +00:00 · 2024-08-11 13:20:55 +03:00 · 2024-08-11 13:20:55 +03:00 · de0ce7d3b0
commit de0ce7d3b0
parent 56ebed516e
6 changed files with 153 additions and 11 deletions
--- a/misc/checks.py
+++ b/misc/checks.py
@ -1,5 +1,5 @@
 from alerting import alerts
-from misc import sensors
+from misc import sensors, vuln

 IS_TESTING = False

@ -65,3 +65,30 @@ def ram_check() -> list[alerts.Alert]:
    else:
        return []
    return [alert]
+
+
+async def vuln_check() -> list[alerts.Alert]:
+    vulns = await vuln.get_vulns()
+    alert_list = []
+    for v in vulns:
+        if IS_TESTING or v.fixed or v.severity in (vuln.Severity.HIGH, vuln.Severity.CRITICAL):
+            match v.severity:
+                case vuln.Severity.LOW:
+                    severity = alerts.Severity.INFO
+                case vuln.Severity.MEDIUM:
+                    severity = alerts.Severity.WARNING
+                case vuln.Severity.HIGH | vuln.Severity.CRITICAL:
+                    severity = alerts.Severity.CRITICAL
+            message = f"{v.id}: {v.vuln_type} in {','.join(v.packages)}"
+            html_message = f"<a href='{v.link}'>{v.id}</a>: {v.vuln_type} in {','.join(v.packages)}"
+            if v.fixed:
+                message.append(f" -- update to {v.fixed} ASAP")
+                html_message.append(f" -- update to {v.fixed} ASAP")
+            alert = alerts.Alert(
+                alert_type=alerts.AlertType.VULN,
+                message=message,
+                html_message=html_message,
+                severity=severity,
+            )
+            alert_list.append(alert)
+    return alert_list