vuln alerts from arch-audit

2026-03-10 12:45:19 +00:00 · 2024-08-11 13:20:55 +03:00 · 2024-08-11 13:20:55 +03:00 · de0ce7d3b0
commit de0ce7d3b0
parent 56ebed516e
6 changed files with 153 additions and 11 deletions
--- a/misc/vuln.py
+++ b/misc/vuln.py
@ -0,0 +1,55 @@
+import json
+import subprocess
+from dataclasses import dataclass
+from enum import StrEnum
+from typing import Optional
+
+from alerting import alerts
+
+
+class Severity(StrEnum):
+    LOW = "Low"
+    MEDIUM = "Medium"
+    HIGH = "High"
+    CRITICAL = "Critical"
+
+
+@dataclass
+class Vulnerability:
+    id: str
+    link: str
+    vuln_type: str
+    packages: list[str]
+    severity: Severity
+    fixed: Optional[str]
+
+
+def _parse_arch_audit_output(output: str) -> list[Vulnerability]:
+    arch_audit_json = json.loads(output)
+    vulnerabilities = []
+    for v in arch_audit_json:
+        vulnerability = Vulnerability(
+            id=v["name"],
+            link=f"https://security.archlinux.org/{v['name']}",
+            vuln_type=v["type"],
+            packages=v["packages"],
+            severity=v["severity"],
+            fixed=v["fixed"],
+        )
+        vulnerabilities.append(vulnerability)
+    return vulnerabilities
+
+
+async def get_vulns() -> list[Vulnerability]:
+    try:
+        arch_audit_output = subprocess.check_output(["arch-audit", "--json"])
+    except FileNotFoundError:
+        await alerts.send_alert(
+            alerts.Alert(
+                alert_type=alerts.AlertType.ERROR,
+                message="arch-audit not installed!",
+                severity=alerts.Severity.CRITICAL,
+            )
+        )
+        return []
+    return _parse_arch_audit_output(arch_audit_output)