diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index f87a610..7380634 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -49,8 +49,7 @@ show_usage() { --batch json produce comprehensive JSON output with system, CPU, and vulnerability details --batch json-terse produce a terse JSON array of per-CVE results (legacy format) --batch nrpe produce machine readable output formatted for NRPE - --batch prometheus produce Prometheus metrics (smc_* schema, recommended) - --batch prometheus-legacy produce legacy Prometheus output (specex_vuln_status, deprecated) + --batch prometheus produce Prometheus metrics (smc_* schema) --variant VARIANT specify which variant you'd like to check, by default all variants are checked. can be used multiple times (e.g. --variant 3a --variant l1tf) diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 4342655..254ee3b 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -120,7 +120,7 @@ while [ -n "${1:-}" ]; do opt_no_color=1 shift case "$1" in - text | short | nrpe | json | json-terse | prometheus | prometheus-legacy) + text | short | nrpe | json | json-terse | prometheus) opt_batch_format="$1" shift ;; @@ -128,7 +128,7 @@ while [ -n "${1:-}" ]; do '') ;; # allow nothing at all *) echo "$0: error: unknown batch format '$1'" >&2 - echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus, prometheus-legacy" >&2 + echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus" >&2 exit 255 ;; esac diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 31116e7..229cd92 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -341,18 +341,7 @@ _emit_nrpe() { esac } -# Append a CVE result as a legacy Prometheus metric to the batch output buffer -# Args: $1=cve $2=aka $3=status $4=description -# Sets: g_prometheus_output -# Callers: pvulnstatus -_emit_prometheus_legacy() { - local esc_info - # escape backslashes and double quotes for Prometheus label values - esc_info=$(printf '%s' "$4" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g') - g_prometheus_output="${g_prometheus_output:+$g_prometheus_output\n}specex_vuln_status{name=\"$2\",cve=\"$1\",status=\"$3\",info=\"$esc_info\"} 1" -} - -# Append a CVE result as a Prometheus gauge to the new-format batch output buffer +# Append a CVE result as a Prometheus gauge to the batch output buffer # Status is encoded numerically: 0=not_vulnerable, 1=vulnerable, 2=unknown # Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description # Sets: g_smc_vuln_output, g_smc_ok_count, g_smc_vuln_count, g_smc_unk_count @@ -491,7 +480,6 @@ pvulnstatus() { json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;; nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;; prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;; - prometheus-legacy) _emit_prometheus_legacy "$1" "$aka" "$2" "$3" ;; *) echo "$0: error: invalid batch format '$opt_batch_format' specified" >&2 exit 255 diff --git a/src/main.sh b/src/main.sh index b9e15ef..52e0b60 100644 --- a/src/main.sh +++ b/src/main.sh @@ -163,12 +163,6 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then _pr_echo 0 "$_json_final" fi -if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus-legacy" ]; then - echo "# TYPE specex_vuln_status untyped" - echo "# HELP specex_vuln_status Exposure of system to speculative execution vulnerabilities" - printf "%b\n" "$g_prometheus_output" -fi - if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then prom_run_as_root='false' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true'