From b7e74e9aa39a458df749e407b9b0a0eb3c5f6a78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sven=20M=C3=A4der?= <maeder@phys.ethz.ch>
Date: Wed, 19 Jun 2019 09:52:38 +0200
Subject: [PATCH] Add regex exclude arguments

---
 bin/xymon-vulnerabilities.py | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/bin/xymon-vulnerabilities.py b/bin/xymon-vulnerabilities.py
index 63c422c..71da236 100755
--- a/bin/xymon-vulnerabilities.py
+++ b/bin/xymon-vulnerabilities.py
@@ -2,6 +2,9 @@
 
 import os
 import sys
+import re
+import argparse
+import traceback
 from pathlib import Path
 
 try:
@@ -13,9 +16,10 @@ finally:
     import pyxymon as pymon
 
 CHECK_NAME = 'vuln'
-CHECK_VERSION = 1
+CHECK_VERSION = 2
 LIFETIME = 30
 
+rgx = {}
 cpu_vulnerabilities_base = '/sys/devices/system/cpu/vulnerabilities/'
 cpu_vulnerabilities = ['l1tf','mds','meltdown','spec_store_bypass','spectre_v1','spectre_v2']
 
@@ -27,7 +31,7 @@ def red(xymon):
     xymon.color = pymon.STATUS_CRITICAL
 
 
-def run_check(xymon):
+def run_check(xymon, args):
     title = 'CPU'
     content = []
 
@@ -41,7 +45,10 @@ def run_check(xymon):
 
             if lines.startswith('Vulnerable'):
                 icon = '&red'
-                red(xymon)
+                if vuln in rgx and rgx[vuln].match(lines):
+                    lines += ''.join([' (ignore: "', args[vuln], '")'])
+                else:
+                    red(xymon)
         else:
             lines = 'Kernel needs update and host reboot'
             icon = '&yellow'
@@ -53,6 +60,17 @@ def run_check(xymon):
 
 
 def main():
+    parser = argparse.ArgumentParser()
+    for name in cpu_vulnerabilities:
+        parser.add_argument(''.join(['--', name]), dest=name, type=str,
+        help=' '.join([name, 'vulnerable but green if regex matches']))
+    args = vars(parser.parse_args())
+
+    for key, value in args.items():
+        if args[key]:
+            print(key, value)
+            rgx[key] = re.compile(value)
+
     """Run xymon check"""
     xymon = pymon.XymonClient(CHECK_NAME)
     check_script = os.path.basename(__file__)
@@ -61,10 +79,11 @@ def main():
     xymon.title('Vulnerabilities')
 
     try:
-        run_check(xymon)
+        run_check(xymon, args)
     except Exception as e:
         xymon.color = pymon.STATUS_WARNING
         xymon.section('Exception', e)
+        traceback.print_exc()
 
     xymon.footer(check_script, CHECK_VERSION)
     xymon.send()
-- 
GitLab