Adds checker for CVE-2024-3250 (canonical#812)

Resolves: canonical#811

examples/hotsos-example-juju.short.summary.yaml

@@ -8,3 +8,8 @@ potential-issues:
     JujuWarnings:
       - Juju logs for unit(s) 'nova-compute/0' contain 24 Traceback(s) from the last
         48 hours - please check.
+bugs-detected:
+  juju:
+    https://www.cve.org/CVERecord?id=CVE-2024-3250: This host is running a version
+      of Juju (2.9.22) that is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.

examples/hotsos-example-juju.summary.yaml

@@ -66,6 +66,10 @@ juju:
           update-status:
             logger.go:
               '2022-02-10': 195
+  bugs-detected:
+    https://www.cve.org/CVERecord?id=CVE-2024-3250: This host is running a version
+      of Juju (2.9.22) that is affected by a known security vulnerability. Please
+      upgrade to the latest version to get the fix.
   potential-issues:
     JujuWarnings:
       - Juju logs for unit(s) 'nova-compute/0' contain 24 Traceback(s) from the last

hotsos/core/issues/issue_types.py

@@ -185,6 +185,17 @@ def url(self):
         return "{}{}".format(self.base_url, self.id)
 
 
+class MitreCVE(CVETypeBase):
+
+    @property
+    def base_url(self):
+        return 'https://www.cve.org/CVERecord?id='
+
+    @property
+    def url(self):
+        return "{}{}".format(self.base_url, self.id)
+
+
 class LaunchpadBug(BugTypeBase):
 
     @property

hotsos/defs/scenarios/juju/juju_binary_cve.yaml

@@ -0,0 +1,25 @@
+checks:
+  has_affected_juju_binary:
+    binary:
+      handler: hotsos.core.plugins.juju.JujuBinaryInterface
+      juju:
+        - min: '1.0.0'
+          max: '2.9.49'
+        - min: '3.0.0'
+          max: '3.1.8'
+        - min: '3.2.0'
+          max: '3.3.4'
+        - min: '3.4.0'
+          max: '3.4.2'
+conclusions:
+  juju_binary_cve:
+    decision: has_affected_juju_binary
+    raises:
+      type: MitreCVE
+      cve-id: CVE-2024-3250
+      message: >-
+        This host is running a version of Juju ({version}) that is
+        affected by a known security vulnerability. Please upgrade
+        to the latest version to get the fix.
+      format-dict:
+        version: '@checks.has_affected_juju_binary.requires.version'

hotsos/defs/scenarios/juju/juju_pebble_cve.yaml

@@ -0,0 +1,18 @@
+checks:
+  has_affected_pebble_snap:
+    snap:
+      pebble:
+        - min: 646
+          max: 646
+conclusions:
+  pebble_cve:
+    decision: has_affected_pebble_snap
+    raises:
+      type: MitreCVE
+      cve-id: CVE-2024-3250
+      message: >-
+        This host is running a version of Pebble ({revision}) that is
+        affected by a known security vulnerability. Please upgrade
+        to the latest version to get the fix.
+      format-dict:
+        revision: '@checks.has_affected_pebble_snap.requires.revision'

hotsos/defs/tests/scenarios/juju/juju_binary_cve.yaml

@@ -0,0 +1,10 @@
+mock:
+  patch:
+    hotsos.core.plugins.juju.resources.JujuBinaryInterface.get_version:
+      kwargs:
+        return_value: 3.4.1
+raised-bugs:
+  https://www.cve.org/CVERecord?id=CVE-2024-3250: >-
+    This host is running a version of Juju (3.4.1) that is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.

hotsos/defs/tests/scenarios/juju/juju_pebble_cve.yaml

@@ -0,0 +1,9 @@
+data-root:
+  files:
+    sos_commands/snap/snap_list_--all: |
+      pebble             v1.10.2          646    latest/stable  canonical**  classic
+raised-bugs:
+  https://www.cve.org/CVERecord?id=CVE-2024-3250: >-
+    This host is running a version of Pebble (646) that is
+    affected by a known security vulnerability. Please upgrade
+    to the latest version to get the fix.