[juju] Add checks for 3 CVEs (#985)

Closes: #984

Signed-off-by: Ponnuvel Palaniyappan <[email protected]>

examples/hotsos-example-juju.short.summary.yaml

@@ -10,6 +10,15 @@ potential-issues:
         48 hours - please check.
 bugs-detected:
   juju:
-    https://www.cve.org/CVERecord?id=CVE-2024-3250: This host is running a version
-      of Juju (2.9.22) that is affected by a known security vulnerability. Please
+    https://www.cve.org/CVERecord?id=CVE-2024-3250: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-7558: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-8037: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-8038: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
       upgrade to the latest version to get the fix.

examples/hotsos-example-juju.summary.yaml

@@ -67,8 +67,17 @@ juju:
             logger.go:
               '2022-02-10': 195
   bugs-detected:
-    https://www.cve.org/CVERecord?id=CVE-2024-3250: This host is running a version
-      of Juju (2.9.22) that is affected by a known security vulnerability. Please
+    https://www.cve.org/CVERecord?id=CVE-2024-3250: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-7558: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-8037: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
+    https://www.cve.org/CVERecord?id=CVE-2024-8038: 2.9.22 is the running version
+      of Juju on this host which is affected by a known security vulnerability. Please
       upgrade to the latest version to get the fix.
   potential-issues:
     JujuWarnings:

hotsos/defs/scenarios/juju/juju_binary_cve.yaml

@@ -1,5 +1,10 @@
+vars:
+  msg_common: >-
+    is the running version of Juju on this host which is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.
 checks:
-  has_affected_juju_binary:
+  has_affected_juju_binary_check1:
     binary:
       handler: hotsos.core.plugins.juju.JujuBinaryInterface
       juju:
@@ -11,15 +16,54 @@ checks:
           max: '3.3.3'
         - min: '3.4.0'
           max: '3.4.1'
+  has_affected_juju_binary_check2:
+    binary:
+      handler: hotsos.core.plugins.juju.JujuBinaryInterface
+      juju:
+        - min: '2.9.0'
+          max: '2.9.50'
+        - min: '3.0.0'
+          max: '3.1.9'
+        - min: '3.2.0'
+          max: '3.3.6'
+        - min: '3.4.0'
+          max: '3.4.5'
+        - min: '3.5.0'
+          max: '3.5.3'
 conclusions:
-  juju_binary_cve:
-    decision: has_affected_juju_binary
+  juju_binary_cve_2024_3250:
+    decision: has_affected_juju_binary_check1
     raises:
       type: MitreCVE
       cve-id: CVE-2024-3250
-      message: >-
-        This host is running a version of Juju ({version}) that is
-        affected by a known security vulnerability. Please upgrade
-        to the latest version to get the fix.
+      message: "{version} {msg_common}"
+      format-dict:
+        version: '@checks.has_affected_juju_binary_check1.requires.version'
+        msg_common: $msg_common
+  juju_binary_cve_2024_7558:
+    decision: has_affected_juju_binary_check2
+    raises:
+      type: MitreCVE
+      cve-id: CVE-2024-7558
+      message: "{version} {msg_common}"
+      format-dict:
+        version: '@checks.has_affected_juju_binary_check2.requires.version'
+        msg_common: $msg_common
+  juju_binary_cve_2024_8037:
+    decision: has_affected_juju_binary_check2
+    raises:
+      type: MitreCVE
+      cve-id: CVE-2024-8037
+      message: "{version} {msg_common}"
+      format-dict:
+        version: '@checks.has_affected_juju_binary_check2.requires.version'
+        msg_common: $msg_common
+  juju_binary_cve_2024_8038:
+    decision: has_affected_juju_binary_check2
+    raises:
+      type: MitreCVE
+      cve-id: CVE-2024-8038
+      message: "{version} {msg_common}"
       format-dict:
-        version: '@checks.has_affected_juju_binary.requires.version'
+        version: '@checks.has_affected_juju_binary_check2.requires.version'
+        msg_common: $msg_common

hotsos/defs/tests/scenarios/juju/juju_binary_cve.yaml

@@ -5,6 +5,18 @@ mock:
         return_value: 3.4.1
 raised-bugs:
   https://www.cve.org/CVERecord?id=CVE-2024-3250: >-
-    This host is running a version of Juju (3.4.1) that is
+    3.4.1 is the running version of Juju on this host which is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.
+  https://www.cve.org/CVERecord?id=CVE-2024-7558: >-
+    3.4.1 is the running version of Juju on this host which is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.
+  https://www.cve.org/CVERecord?id=CVE-2024-8037: >-
+    3.4.1 is the running version of Juju on this host which is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.
+  https://www.cve.org/CVERecord?id=CVE-2024-8038: >-
+    3.4.1 is the running version of Juju on this host which is
     affected by a known security vulnerability. Please upgrade
     to the latest version to get the fix.