search

future-architect / vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
https://vuls.io/
GNU General Public License v3.0
10.93k stars 1.16k forks source link

failed to collect modularitylabel #1968

Open MaineK00n opened 3 months ago

MaineK00n commented 3 months ago

What did you do? (required. The issue will be closed when not provided.)

[vagrant@localhost ~]$ dnf module list Last metadata expiration check: 0:04:02 ago on Mon 17 Jun 2024 16:07:28 CEST. Fedora Modular 28 - x86_64 Name Stream Version Profiles
reviewboard 2.5 [d] 20180206144254 default, server

Fedora Modular 28 - x86_64 - Updates Name Stream Version Profiles
afterburn rolling [d] 2820190507144241 default
ant 1.10 2820190507144348 default
askalono-cli rolling [d] 2820190424143105 default
avocado 52lts 2820190312151646 default, minimal ...

[vagrant@localhost ~]$ rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} %{MODULARITYLABEL}\n" error: incorrect format: unknown tag: "MODULARITYLABEL" error: incorrect format: unknown tag: "MODULARITYLABEL" ...

MaineK00n commented 3 months ago

There is a large discrepancy between the MODULARITYLABEL of an installed package and the enabled modules.

[root@12c22a8c3af1 /]# rpm -q nodejs --qf "%{NAME} %{MODULARITYLABEL}\n"
nodejs nodejs:12:8060020220523160029:d63f516d
[root@12c22a8c3af1 /]# dnf module disable nodejs:12
[root@12c22a8c3af1 /]# find /etc/dnf/modules.d -type f -name *.module | xargs cat
[nodejs]
name=nodejs
stream=
profiles=
state=disabled
[root@12c22a8c3af1 /]# dnf module enable nodejs:20
[root@12c22a8c3af1 /]# find /etc/dnf/modules.d -type f -name *.module | xargs cat
[nodejs]
name=nodejs
stream=20
profiles=
state=enabled
[root@12c22a8c3af1 /]# dnf module list | grep nodejs
nodejs               10 [d]          common [d], development, minimal, s2i    Javascript runtime                                                                                                                                                                                                               
nodejs               12              common [d], development, minimal, s2i    Javascript runtime                                                                                                                                                                                                               
nodejs               14              common [d], development, minimal, s2i    Javascript runtime                                                                                                                                                                                                               
nodejs               16              common [d], development, minimal, s2i    Javascript runtime                                                                                                                                                                                                               
nodejs               18              common [d], development, minimal, s2i    Javascript runtime                                                                                                                                                                                                               
nodejs               20 [e]          common [d], development, minimal, s2i    Javascript runtime
MaineK00n commented 3 months ago

It may be necessary to create a table to calculate MODULARITYLABEL from rpm package(nevra) as follows.

$ curl https://yum.oracle.com/repo/OracleLinux/OL8/appstream/x86_64/repodata/06af2a645db34f209049e1672342c066ebdad128b3914a6758ff4e7c8e39a94e-modules.yaml.gz | gzip --decompress
---
document: modulemd
version: 2
data:
  name: 389-ds
  stream: 1.4
  version: 20190512202313
  context: 1fc8b219
  arch: x86_64
  summary: 389 Directory Server (base)
  description: >-
    389 Directory Server is an LDAPv3 compliant server.  The base package includes
    the LDAP server and command line utilities for server administration.
  license:
    module:
    - MIT
    content:
    - GPLv3+
  xmd:
    mbs:
      mse: TRUE
      scmurl: 
      commit: 
      buildrequires:
        nodejs:
          ref: 
          stream: 10
          context: 9edba152
          version: 20190512012822
          filtered_rpms: []
        platform:
          ref: 
          stream: el8
          context: 32e30060
          version: 20190214123456
          filtered_rpms: []
      rpms:
        389-ds-base:
          ref: 72adaa88854b1657f0f2786324f2e0ea7e336c98
  dependencies:
  - buildrequires:
      nodejs: [10]
      platform: [el8]
    requires:
      platform: [el8]
  filter:
    rpms:
    - cockpit-389-ds
  components:
    rpms:
      389-ds-base:
        rationale: Package in api
        ref: stream-1.4
        arches: [aarch64 x86_64 s390x ppc64le]
  artifacts:
    rpms:
    - 389-ds-base-0:1.4.0.20-7.module+el8+5152+0751f230.x86_64
    - 389-ds-base-devel-0:1.4.0.20-7.module+el8+5152+0751f230.x86_64
    - 389-ds-base-legacy-tools-0:1.4.0.20-7.module+el8+5152+0751f230.x86_64
    - 389-ds-base-libs-0:1.4.0.20-7.module+el8+5152+0751f230.x86_64
    - 389-ds-base-snmp-0:1.4.0.20-7.module+el8+5152+0751f230.x86_64
    - python3-lib389-0:1.4.0.20-7.module+el8+5152+0751f230.noarch
...
---
...