mirror of
https://github.com/prometheus/node_exporter.git
synced 2024-12-22 08:26:07 +01:00
85 lines
2.2 KiB
Go
85 lines
2.2 KiB
Go
|
// Copyright 2019 The Prometheus Authors
|
||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
// you may not use this file except in compliance with the License.
|
||
|
// You may obtain a copy of the License at
|
||
|
//
|
||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||
|
//
|
||
|
// Unless required by applicable law or agreed to in writing, software
|
||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
// See the License for the specific language governing permissions and
|
||
|
// limitations under the License.
|
||
|
|
||
|
package sysfs
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
"path/filepath"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
notAffected = "Not Affected"
|
||
|
vulnerable = "Vulnerable"
|
||
|
mitigation = "Mitigation"
|
||
|
)
|
||
|
|
||
|
// CPUVulnerabilities retrieves a map of vulnerability names to their mitigations.
|
||
|
func (fs FS) CPUVulnerabilities() ([]Vulnerability, error) {
|
||
|
matches, err := filepath.Glob(fs.sys.Path("devices/system/cpu/vulnerabilities/*"))
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
vulnerabilities := make([]Vulnerability, 0, len(matches))
|
||
|
for _, match := range matches {
|
||
|
name := filepath.Base(match)
|
||
|
|
||
|
value, err := ioutil.ReadFile(match)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
v, err := parseVulnerability(name, string(value))
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
vulnerabilities = append(vulnerabilities, v)
|
||
|
}
|
||
|
|
||
|
return vulnerabilities, nil
|
||
|
}
|
||
|
|
||
|
// Vulnerability represents a single vulnerability extracted from /sys/devices/system/cpu/vulnerabilities/
|
||
|
type Vulnerability struct {
|
||
|
CodeName string
|
||
|
State string
|
||
|
Mitigation string
|
||
|
}
|
||
|
|
||
|
func parseVulnerability(name, value string) (Vulnerability, error) {
|
||
|
v := Vulnerability{CodeName: name}
|
||
|
value = strings.TrimSpace(value)
|
||
|
if value == notAffected {
|
||
|
v.State = notAffected
|
||
|
return v, nil
|
||
|
}
|
||
|
|
||
|
if strings.HasPrefix(value, vulnerable) {
|
||
|
v.State = vulnerable
|
||
|
v.Mitigation = strings.TrimPrefix(strings.TrimPrefix(value, vulnerable), ": ")
|
||
|
return v, nil
|
||
|
}
|
||
|
|
||
|
if strings.HasPrefix(value, mitigation) {
|
||
|
v.State = mitigation
|
||
|
v.Mitigation = strings.TrimPrefix(strings.TrimPrefix(value, mitigation), ": ")
|
||
|
return v, nil
|
||
|
}
|
||
|
|
||
|
return v, fmt.Errorf("unknown vulnerability state for %s: %s", name, value)
|
||
|
}
|