peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-09 10:13:18 +02:00
Code Issues Projects Releases Wiki Activity

remove prometheus-legacy format

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-04-08 20:53:19 +02:00
parent b9c203120b
commit 9e617a4363
4 changed files with 4 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/libs/002_core_globals.sh
View File

@@ -49,8 +49,7 @@ show_usage() {
--batch json produce comprehensive JSON output with system, CPU, and vulnerability details --batch json produce comprehensive JSON output with system, CPU, and vulnerability details
--batch json-terse produce a terse JSON array of per-CVE results (legacy format) --batch json-terse produce a terse JSON array of per-CVE results (legacy format)
--batch nrpe produce machine readable output formatted for NRPE --batch nrpe produce machine readable output formatted for NRPE
--batch prometheus produce Prometheus metrics (smc_* schema, recommended) --batch prometheus produce Prometheus metrics (smc_* schema)
--batch prometheus-legacy produce legacy Prometheus output (specex_vuln_status, deprecated)
--variant VARIANT specify which variant you'd like to check, by default all variants are checked. --variant VARIANT specify which variant you'd like to check, by default all variants are checked.
can be used multiple times (e.g. --variant 3a --variant l1tf) can be used multiple times (e.g. --variant 3a --variant l1tf)

4
src/libs/230_util_optparse.sh
View File

@@ -120,7 +120,7 @@ while [ -n "${1:-}" ]; do
opt_no_color=1 opt_no_color=1
shift shift
case "$1" in case "$1" in
text | short | nrpe | json | json-terse | prometheus | prometheus-legacy) text | short | nrpe | json | json-terse | prometheus)
opt_batch_format="$1" opt_batch_format="$1"
shift shift
;; ;;
@@ -128,7 +128,7 @@ while [ -n "${1:-}" ]; do
'') ;; # allow nothing at all '') ;; # allow nothing at all
*) *)
echo "$0: error: unknown batch format '$1'" >&2 echo "$0: error: unknown batch format '$1'" >&2
echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus, prometheus-legacy" >&2 echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus" >&2
exit 255 exit 255
;; ;;
esac esac

14
src/libs/250_output_emitters.sh
View File

@@ -341,18 +341,7 @@ _emit_nrpe() {
esac esac
} }
# Append a CVE result as a legacy Prometheus metric to the batch output buffer # Append a CVE result as a Prometheus gauge to the batch output buffer
# Args: $1=cve $2=aka $3=status $4=description
# Sets: g_prometheus_output
# Callers: pvulnstatus
_emit_prometheus_legacy() {
local esc_info
# escape backslashes and double quotes for Prometheus label values
esc_info=$(printf '%s' "$4" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g')
g_prometheus_output="${g_prometheus_output:+$g_prometheus_output\n}specex_vuln_status{name=\"$2\",cve=\"$1\",status=\"$3\",info=\"$esc_info\"} 1"
}
# Append a CVE result as a Prometheus gauge to the new-format batch output buffer
# Status is encoded numerically: 0=not_vulnerable, 1=vulnerable, 2=unknown # Status is encoded numerically: 0=not_vulnerable, 1=vulnerable, 2=unknown
# Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description # Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description
# Sets: g_smc_vuln_output, g_smc_ok_count, g_smc_vuln_count, g_smc_unk_count # Sets: g_smc_vuln_output, g_smc_ok_count, g_smc_vuln_count, g_smc_unk_count
@@ -491,7 +480,6 @@ pvulnstatus() {
json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;; json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;;
nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;; nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;;
prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;; prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;;
prometheus-legacy) _emit_prometheus_legacy "$1" "$aka" "$2" "$3" ;;
*) *)
echo "$0: error: invalid batch format '$opt_batch_format' specified" >&2 echo "$0: error: invalid batch format '$opt_batch_format' specified" >&2
exit 255 exit 255

6
src/main.sh
View File

@@ -163,12 +163,6 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then
_pr_echo 0 "$_json_final" _pr_echo 0 "$_json_final"
fi fi
if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus-legacy" ]; then
echo "# TYPE specex_vuln_status untyped"
echo "# HELP specex_vuln_status Exposure of system to speculative execution vulnerabilities"
printf "%b\n" "$g_prometheus_output"
fi
if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then
prom_run_as_root='false' prom_run_as_root='false'
[ "$(id -u)" -eq 0 ] && prom_run_as_root='true' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true'