cve-toolkit

CVE helper toolkit
git clone git://git.finwo.net/app/cve-toolkit
Log | Files | Refs | README
commit 686973ad36be6cfd609829d5c55669eb79d91e90
parent c76100535064ef27dad8618b339c2a1f87dff21b
Author: finwo <finwo@pm.me>
Date:   Sat,  2 May 2026 00:00:41 +0200

Nicer report; support for remediation steps

Diffstat:

Msrc/detector/cve-2026-31431.c | 2+-


Msrc/detector/setup.c | 7++++---


Msrc/detector/setup.h | 4+++-


Msrc/main.c | 22+++++++++++++++++++++-


4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/src/detector/cve-2026-31431.c b/src/detector/cve-2026-31431.c
@@ -30,5 +30,5 @@ int detector_cve_2026_31431(int num) {
 
 __attribute__((constructor))
 void detector_cve_2026_31431_setup() {
-  detector_queue_append("CVE-2026-31431", detector_cve_2026_31431);
+  detector_queue_append("CVE-2026-31431", "Add 'initcall_blacklist=algif_aead_init' to the Linux kernel cmdline.\n  For GRUB, add it to GRUB_CMDLINE_LINUX in /etc/default/grub and run update-grub.", detector_cve_2026_31431);
 }
diff --git a/src/detector/setup.c b/src/detector/setup.c
@@ -10,7 +10,7 @@ int detector_total = 0;
 int detector_pass = 0;
 int detector_fail = 0;
 
-void detector_queue_append(const char *name, int (*fn)(int)) {
+void detector_queue_append(const char *name, const char *remediation, int (*fn)(int)) {
 
   // Initial queue initialize
   if (!detector_queue_cap) {
@@ -26,8 +26,9 @@ void detector_queue_append(const char *name, int (*fn)(int)) {
 
   // Build new entry
   struct detector_queue_entry *entry = calloc(1, sizeof(struct detector_queue_entry));
-  entry->handler = fn;
-  entry->name    = name;
+  entry->handler    = fn;
+  entry->name       = name;
+  entry->remediation = remediation;
 
   // Append fn to queue
   detector_queue[detector_queue_length++] = entry;
diff --git a/src/detector/setup.h b/src/detector/setup.h
@@ -10,6 +10,8 @@ extern "C" {
 struct detector_queue_entry {
   int (*handler)(int);
   const char *name;
+  const char *remediation;
+  int result;
 };
 
 extern struct detector_queue_entry **detector_queue;
@@ -19,7 +21,7 @@ extern int detector_total;
 extern int detector_pass;
 extern int detector_fail;
 
-void detector_queue_append(const char *name, int (*fn)(int));
+void detector_queue_append(const char *name, const char *remediation, int (*fn)(int));
 
 #ifdef __cplusplus
 } // extern "C"
diff --git a/src/main.c b/src/main.c
@@ -14,9 +14,29 @@ int main() {
       printf("[fail] %s\n", entry->name);
       detector_fail++;
     }
+    entry->result = result;
   }
 
-  printf("====[ REPORT ]====\n");
+  printf("\n====[ REPORT ]====\n");
   printf("pass: %d\n", detector_pass);
   printf("fail: %d\n", detector_fail);
+
+  int has_remediation = 0;
+  for (int i = 0; i < detector_queue_length; i++) {
+    struct detector_queue_entry *entry = detector_queue[i];
+    if (entry->result && entry->remediation) {
+      has_remediation = 1;
+      break;
+    }
+  }
+
+  if (has_remediation) {
+    printf("\n====[ REMEDIATION ]====\n");
+    for (int i = 0; i < detector_queue_length; i++) {
+      struct detector_queue_entry *entry = detector_queue[i];
+      if (entry->result && entry->remediation) {
+        printf("%s:\n  %s\n", entry->name, entry->remediation);
+      }
+    }
+  }
 }