From f23aa0798b831ad6ca6602f3949081626ae17aef Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Tue, 18 May 2021 14:53:56 +0200
Subject: [PATCH 01/10] Add suggest capability to debsecan plugin

---
 plugins/debian/debsecan_ | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index ab743004..9814851b 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -36,6 +36,7 @@ Shell globbing patterns are allowed.
 
 * Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/, Inspiration of the moment 10/10/2007
 * Olivier Mehani <shtrom+munin@ssji.net>, 2016
+* Wilco de Boer <deboer.wilco@gmail.com>, 2021
 
 =head1 LICENSE
 
@@ -43,13 +44,13 @@ Public Domain
 
 =head1 MAGIC MARKERS
 
-%# family=auto
-%# capabilities=autoconf
+#%# family=auto
+#%# capabilities=autoconf suggest
 
 =cut
 
 # Auto enable if we have debsecan only
-if [ "$1" = "autoconf" ] ; then
+if [ "$1" = "autoconf" ]; then
   if [ -x /usr/bin/debsecan ]; then
     echo yes
   else
@@ -58,6 +59,13 @@ if [ "$1" = "autoconf" ] ; then
   exit 0
 fi
 
+# Suggest both modes when asked
+if [ "$1" = "suggest" ]; then
+  echo 'pkg'
+  echo 'cve'
+  exit 0
+fi
+
 # Fail if we don't have debsecan
 if [ ! -x /usr/bin/debsecan ]; then
   echo 'error: /usr/bin/debsecan not found' >&2

From 6b28a1ba21a387317126673df7705ab584b7aae8 Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Tue, 18 May 2021 14:57:15 +0200
Subject: [PATCH 02/10] Remove superfluous quotation marks

---
 plugins/debian/debsecan_ | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index 9814851b..07aa0706 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -61,8 +61,8 @@ fi
 
 # Suggest both modes when asked
 if [ "$1" = "suggest" ]; then
-  echo 'pkg'
-  echo 'cve'
+  echo pkg
+  echo cve
   exit 0
 fi
 

From 40366a4c1ecd6447546a065b3d73354e1d3c137f Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Tue, 18 May 2021 15:26:54 +0200
Subject: [PATCH 03/10] Correctly handle empty lists

Using `echo` adds an enter to empty lists, which gets seen as one entry and is sent to Munin as such. Using `printf` prevents this.
---
 plugins/debian/debsecan_ | 52 ++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index 07aa0706..6ed41c5b 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -143,14 +143,14 @@ EOF_
 fi
 
 ALL=$(debsecan --suite "${SUITE}" 2> /dev/null)
-REMOTE=$(echo "$ALL" | grep -w 'remotely')
-NONREMOTE=$(echo "$ALL" | grep -wv 'remotely')
+REMOTE=$(printf "$ALL" | grep -w 'remotely')
+NONREMOTE=$(printf "$ALL" | grep -wv 'remotely')
 
-HIGH=$(echo "${NONREMOTE}" | grep -w 'high urgency')
-MEDIUM=$(echo "${NONREMOTE}" | grep -w 'medium urgency')
-LOW=$(echo "${NONREMOTE}" | grep -w 'low urgency')
-OTHER=$(echo "${NONREMOTE}" | grep -wv 'urgency')
-FIXED=$(echo "${ALL}" | grep -w '(fixed')
+HIGH=$(printf "${NONREMOTE}" | grep -w 'high urgency')
+MEDIUM=$(printf "${NONREMOTE}" | grep -w 'medium urgency')
+LOW=$(printf "${NONREMOTE}" | grep -w 'low urgency')
+OTHER=$(printf "${NONREMOTE}" | grep -wv 'urgency')
+FIXED=$(printf "${ALL}" | grep -w '(fixed')
 
 # Arguments: Field offset to aggregate by
 count_entries() {
@@ -160,20 +160,20 @@ count_entries() {
 
 case "${MODE}" in
 	'cve')
-		remote_count=$(echo "${REMOTE}" | count_entries "${FIELD}" | wc -l)
-		high_count=$(echo "${HIGH}" | count_entries "${FIELD}" | wc -l)
-		medium_count=$(echo "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
-		low_count=$(echo "${LOW}" | count_entries "${FIELD}" | wc -l)
-		other_count=$(echo "${OTHER}" | count_entries "${FIELD}" | wc -l)
-		fixed_count=$(echo "${FIXED}" | count_entries "${FIELD}" | wc -l)
+		remote_count=$(printf "${REMOTE}" | count_entries "${FIELD}" | wc -l)
+		high_count=$(printf "${HIGH}" | count_entries "${FIELD}" | wc -l)
+		medium_count=$(printf "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
+		low_count=$(printf "${LOW}" | count_entries "${FIELD}" | wc -l)
+		other_count=$(printf "${OTHER}" | count_entries "${FIELD}" | wc -l)
+		fixed_count=$(printf "${FIXED}" | count_entries "${FIELD}" | wc -l)
 		;;
 	'pkg' | *)
-		remote_count=$(echo "${REMOTE}" | wc -l)
-		high_count=$(echo "${HIGH}" | wc -l)
-		medium_count=$(echo "${MEDIUM}" | wc -l)
-		low_count=$(echo "${LOW}" | wc -l)
-		other_count=$(echo "${OTHER}" | wc -l)
-		fixed_count=$(echo "${FIXED}" | wc -l)
+		remote_count=$(printf "${REMOTE}" | wc -l)
+		high_count=$(printf "${HIGH}" | wc -l)
+		medium_count=$(printf "${MEDIUM}" | wc -l)
+		low_count=$(printf "${LOW}" | wc -l)
+		other_count=$(printf "${OTHER}" | wc -l)
+		fixed_count=$(printf "${FIXED}" | wc -l)
 		;;
 esac
 
@@ -181,18 +181,18 @@ esac
 CVECOUNTRE='s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/'
 
 # shellcheck disable=SC2005 disable=SC2046
-# The nested $(echo ...)s are needed to yet the newlines
+# The nested $(echo ...)s are needed to yeet the newlines
 cat <<EOF
 remote.value $remote_count
-remote.extinfo $(echo $(echo "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+remote.extinfo $(echo $(printf "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 high.value $high_count
-high.extinfo $(echo $(echo "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+high.extinfo $(echo $(printf "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 medium.value $medium_count
-medium.extinfo $(echo $(echo "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+medium.extinfo $(echo $(printf "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 low.value $low_count
-low.extinfo $(echo $(echo "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+low.extinfo $(echo $(printf "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 other.value $other_count
-other.extinfo $(echo $(echo "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+other.extinfo $(echo $(printf "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 fixed.value $fixed_count
-fixed.extinfo $(echo $(echo "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+fixed.extinfo $(echo $(printf "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
 EOF

From b247f8f22874903605c8f471c71e24dcdd881eee Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Tue, 18 May 2021 15:33:16 +0200
Subject: [PATCH 04/10] Get the default suite from `/etc/os-release`

---
 plugins/debian/debsecan_ | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index 6ed41c5b..9e89d87e 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -72,7 +72,9 @@ if [ ! -x /usr/bin/debsecan ]; then
   exit 1
 fi
 
-SUITE=${suite:-sid}
+source /etc/os-release
+SUITE=${suite:-$VERSION_CODENAME}
+
 FIXEDWARN=${fixed_warning:-1}
 FIXEDCRIT=${fixed_critical:-1000}
 REMOTEWARN=${remote_warning:-1}

From f58515705e796661bc7bf6a28fbc94d15ef274af Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Tue, 18 May 2021 16:31:43 +0200
Subject: [PATCH 05/10] Fix CI problems

---
 plugins/debian/debsecan_ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index 9e89d87e..a49a5c72 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -72,7 +72,7 @@ if [ ! -x /usr/bin/debsecan ]; then
   exit 1
 fi
 
-source /etc/os-release
+. /etc/os-release
 SUITE=${suite:-$VERSION_CODENAME}
 
 FIXEDWARN=${fixed_warning:-1}

From e2b04d0b46080ffa7fff254803efbe9fc1a45b91 Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Wed, 14 Jul 2021 23:41:54 +0200
Subject: [PATCH 06/10] Cleanup all the `printf`s

---
 plugins/debian/debsecan_ | 52 +++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 27 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index a49a5c72..c99b5c8e 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -145,14 +145,14 @@ EOF_
 fi
 
 ALL=$(debsecan --suite "${SUITE}" 2> /dev/null)
-REMOTE=$(printf "$ALL" | grep -w 'remotely')
-NONREMOTE=$(printf "$ALL" | grep -wv 'remotely')
+REMOTE=$(printf '%s' "$ALL" | grep -w 'remotely')
+NONREMOTE=$(printf '%s' "$ALL" | grep -wv 'remotely')
 
-HIGH=$(printf "${NONREMOTE}" | grep -w 'high urgency')
-MEDIUM=$(printf "${NONREMOTE}" | grep -w 'medium urgency')
-LOW=$(printf "${NONREMOTE}" | grep -w 'low urgency')
-OTHER=$(printf "${NONREMOTE}" | grep -wv 'urgency')
-FIXED=$(printf "${ALL}" | grep -w '(fixed')
+HIGH=$(printf '%s' "${NONREMOTE}" | grep -w 'high urgency')
+MEDIUM=$(printf '%s' "${NONREMOTE}" | grep -w 'medium urgency')
+LOW=$(printf '%s' "${NONREMOTE}" | grep -w 'low urgency')
+OTHER=$(printf '%s' "${NONREMOTE}" | grep -wv 'urgency')
+FIXED=$(printf '%s' "${ALL}" | grep -w '(fixed')
 
 # Arguments: Field offset to aggregate by
 count_entries() {
@@ -162,39 +162,37 @@ count_entries() {
 
 case "${MODE}" in
 	'cve')
-		remote_count=$(printf "${REMOTE}" | count_entries "${FIELD}" | wc -l)
-		high_count=$(printf "${HIGH}" | count_entries "${FIELD}" | wc -l)
-		medium_count=$(printf "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
-		low_count=$(printf "${LOW}" | count_entries "${FIELD}" | wc -l)
-		other_count=$(printf "${OTHER}" | count_entries "${FIELD}" | wc -l)
-		fixed_count=$(printf "${FIXED}" | count_entries "${FIELD}" | wc -l)
+		remote_count=$(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | wc -l)
+		high_count=$(printf '%s' "${HIGH}" | count_entries "${FIELD}" | wc -l)
+		medium_count=$(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
+		low_count=$(printf '%s' "${LOW}" | count_entries "${FIELD}" | wc -l)
+		other_count=$(printf '%s' "${OTHER}" | count_entries "${FIELD}" | wc -l)
+		fixed_count=$(printf '%s' "${FIXED}" | count_entries "${FIELD}" | wc -l)
 		;;
 	'pkg' | *)
-		remote_count=$(printf "${REMOTE}" | wc -l)
-		high_count=$(printf "${HIGH}" | wc -l)
-		medium_count=$(printf "${MEDIUM}" | wc -l)
-		low_count=$(printf "${LOW}" | wc -l)
-		other_count=$(printf "${OTHER}" | wc -l)
-		fixed_count=$(printf "${FIXED}" | wc -l)
+		remote_count=$(printf '%s' "${REMOTE}" | wc -l)
+		high_count=$(printf '%s' "${HIGH}" | wc -l)
+		medium_count=$(printf '%s' "${MEDIUM}" | wc -l)
+		low_count=$(printf '%s' "${LOW}" | wc -l)
+		other_count=$(printf '%s' "${OTHER}" | wc -l)
+		fixed_count=$(printf '%s' "${FIXED}" | wc -l)
 		;;
 esac
 
 # Reformat the output of the cut|sort|uniq... to a more human-friendly "item (count)" format
 CVECOUNTRE='s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/'
 
-# shellcheck disable=SC2005 disable=SC2046
-# The nested $(echo ...)s are needed to yeet the newlines
 cat <<EOF
 remote.value $remote_count
-remote.extinfo $(echo $(printf "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+remote.extinfo $(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 high.value $high_count
-high.extinfo $(echo $(printf "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+high.extinfo $(printf '%s' "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 medium.value $medium_count
-medium.extinfo $(echo $(printf "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+medium.extinfo $(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 low.value $low_count
-low.extinfo $(echo $(printf "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+low.extinfo $(printf '%s' "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 other.value $other_count
-other.extinfo $(echo $(printf "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+other.extinfo $(printf '%s' "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 fixed.value $fixed_count
-fixed.extinfo $(echo $(printf "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+fixed.extinfo $(printf '%s' "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 EOF

From 31149eb05db6b61b1cc156d1256c08f952278827 Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Wed, 14 Jul 2021 23:48:41 +0200
Subject: [PATCH 07/10] Properly indent heredocs

---
 plugins/debian/debsecan_ | 124 +++++++++++++++++++--------------------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index c99b5c8e..b3cc2651 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -92,55 +92,55 @@ case "${MODE}" in
 		;;
 esac
 
-if [ "$1" = "config" ] ; then
-  cat <<EOF_
-graph_title DebSecan: ${TITLE_ADD}vulnerabilities
-graph_info ${TITLE_ADD}vulnerabilities for ${SUITE}
-graph_args -l 0 --base 1000
-graph_vlabel number of CVE
-graph_category system
-graph_period second
-graph_info This graph show the number of known ${TITLE_ADD}vulnerabilities present on your system. Use debsecan to see details.
-remote.label remote
-remote.colour FF0000
-remote.type GAUGE
-remote.draw AREASTACK
-remote.min 0
-remote.info The number of ${TITLE_ADD}remotely exploitable CVEs with any priority
-remote.warning ${REMOTEWARN}
-remote.critical ${REMOTECRIT}
-high.label high
-high.colour DD2200
-high.type GAUGE
-high.draw AREASTACK
-high.min 0
-high.info The number of ${TITLE_ADD}CVEs marked high priority
-medium.label medium
-medium.colour FFAA00
-medium.type GAUGE
-medium.draw AREASTACK
-medium.min 0
-medium.info The number of ${TITLE_ADD}CVEs marked medium priority
-low.label low
-low.colour 0000FF
-low.type GAUGE
-low.draw AREASTACK
-low.min 0
-low.info The number of ${TITLE_ADD}CVEs marked low priority
-other.label other
-other.colour 00AAFF
-other.type GAUGE
-other.draw AREASTACK
-other.min 0
-other.info The number of ${TITLE_ADD}CVEs with unspecified priority
-fixed.label fixed
-fixed.type GAUGE
-fixed.draw LINE2
-fixed.min 0
-fixed.info The number of ${TITLE_ADD}CVEs fixed by available updates
-fixed.warning ${FIXEDWARN}
-fixed.critical ${FIXEDCRIT}
-EOF_
+if [ "$1" = "config" ]; then
+  cat <<- EOF
+		graph_title DebSecan: ${TITLE_ADD}vulnerabilities
+		graph_info ${TITLE_ADD}vulnerabilities for ${SUITE}
+		graph_args -l 0 --base 1000
+		graph_vlabel number of CVE
+		graph_category system
+		graph_period second
+		graph_info This graph show the number of known ${TITLE_ADD}vulnerabilities present on your system. Use debsecan to see details.
+		remote.label remote
+		remote.colour FF0000
+		remote.type GAUGE
+		remote.draw AREASTACK
+		remote.min 0
+		remote.info The number of ${TITLE_ADD}remotely exploitable CVEs with any priority
+		remote.warning ${REMOTEWARN}
+		remote.critical ${REMOTECRIT}
+		high.label high
+		high.colour DD2200
+		high.type GAUGE
+		high.draw AREASTACK
+		high.min 0
+		high.info The number of ${TITLE_ADD}CVEs marked high priority
+		medium.label medium
+		medium.colour FFAA00
+		medium.type GAUGE
+		medium.draw AREASTACK
+		medium.min 0
+		medium.info The number of ${TITLE_ADD}CVEs marked medium priority
+		low.label low
+		low.colour 0000FF
+		low.type GAUGE
+		low.draw AREASTACK
+		low.min 0
+		low.info The number of ${TITLE_ADD}CVEs marked low priority
+		other.label other
+		other.colour 00AAFF
+		other.type GAUGE
+		other.draw AREASTACK
+		other.min 0
+		other.info The number of ${TITLE_ADD}CVEs with unspecified priority
+		fixed.label fixed
+		fixed.type GAUGE
+		fixed.draw LINE2
+		fixed.min 0
+		fixed.info The number of ${TITLE_ADD}CVEs fixed by available updates
+		fixed.warning ${FIXEDWARN}
+		fixed.critical ${FIXEDCRIT}
+	EOF
   exit 0
 fi
 
@@ -182,17 +182,17 @@ esac
 # Reformat the output of the cut|sort|uniq... to a more human-friendly "item (count)" format
 CVECOUNTRE='s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/'
 
-cat <<EOF
-remote.value $remote_count
-remote.extinfo $(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
-high.value $high_count
-high.extinfo $(printf '%s' "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
-medium.value $medium_count
-medium.extinfo $(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
-low.value $low_count
-low.extinfo $(printf '%s' "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
-other.value $other_count
-other.extinfo $(printf '%s' "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
-fixed.value $fixed_count
-fixed.extinfo $(printf '%s' "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+cat <<- EOF
+	remote.value $remote_count
+	remote.extinfo $(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	high.value $high_count
+	high.extinfo $(printf '%s' "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	medium.value $medium_count
+	medium.extinfo $(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	low.value $low_count
+	low.extinfo $(printf '%s' "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	other.value $other_count
+	other.extinfo $(printf '%s' "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	fixed.value $fixed_count
+	fixed.extinfo $(printf '%s' "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 EOF

From a2556d05280e573cb6686fde2911c890d8b3e4ec Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Wed, 14 Jul 2021 23:54:37 +0200
Subject: [PATCH 08/10] Make indenting consistent across the rest of the file

---
 plugins/debian/debsecan_ | 52 ++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index b3cc2651..3e18d316 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -82,14 +82,14 @@ REMOTECRIT=${remote_critical:-10}
 
 MODE=$(echo "$0" | sed 's/.*_//')
 case "${MODE}" in
-	'cve')
-		TITLE_ADD="unique "
-		FIELD=1
-		;;
-	'pkg' | *)
-		TITLE_ADD="package "
-		FIELD=2
-		;;
+  'cve')
+    TITLE_ADD="unique "
+    FIELD=1
+    ;;
+  'pkg' | *)
+    TITLE_ADD="package "
+    FIELD=2
+    ;;
 esac
 
 if [ "$1" = "config" ]; then
@@ -156,27 +156,27 @@ FIXED=$(printf '%s' "${ALL}" | grep -w '(fixed')
 
 # Arguments: Field offset to aggregate by
 count_entries() {
-	CUT_FIELD="${1}"
-	cut -f "${CUT_FIELD}" -d " "| sort | uniq -c
+  CUT_FIELD="${1}"
+  cut -f "${CUT_FIELD}" -d " " | sort | uniq -c
 }
 
 case "${MODE}" in
-	'cve')
-		remote_count=$(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | wc -l)
-		high_count=$(printf '%s' "${HIGH}" | count_entries "${FIELD}" | wc -l)
-		medium_count=$(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
-		low_count=$(printf '%s' "${LOW}" | count_entries "${FIELD}" | wc -l)
-		other_count=$(printf '%s' "${OTHER}" | count_entries "${FIELD}" | wc -l)
-		fixed_count=$(printf '%s' "${FIXED}" | count_entries "${FIELD}" | wc -l)
-		;;
-	'pkg' | *)
-		remote_count=$(printf '%s' "${REMOTE}" | wc -l)
-		high_count=$(printf '%s' "${HIGH}" | wc -l)
-		medium_count=$(printf '%s' "${MEDIUM}" | wc -l)
-		low_count=$(printf '%s' "${LOW}" | wc -l)
-		other_count=$(printf '%s' "${OTHER}" | wc -l)
-		fixed_count=$(printf '%s' "${FIXED}" | wc -l)
-		;;
+  'cve')
+    remote_count=$(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | wc -l)
+    high_count=$(printf '%s' "${HIGH}" | count_entries "${FIELD}" | wc -l)
+    medium_count=$(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
+    low_count=$(printf '%s' "${LOW}" | count_entries "${FIELD}" | wc -l)
+    other_count=$(printf '%s' "${OTHER}" | count_entries "${FIELD}" | wc -l)
+    fixed_count=$(printf '%s' "${FIXED}" | count_entries "${FIELD}" | wc -l)
+    ;;
+  'pkg' | *)
+    remote_count=$(printf '%s' "${REMOTE}" | wc -l)
+    high_count=$(printf '%s' "${HIGH}" | wc -l)
+    medium_count=$(printf '%s' "${MEDIUM}" | wc -l)
+    low_count=$(printf '%s' "${LOW}" | wc -l)
+    other_count=$(printf '%s' "${OTHER}" | wc -l)
+    fixed_count=$(printf '%s' "${FIXED}" | wc -l)
+    ;;
 esac
 
 # Reformat the output of the cut|sort|uniq... to a more human-friendly "item (count)" format

From d8dba4936e374de59e9b072b40df8bf220827c1b Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Thu, 15 Jul 2021 00:11:59 +0200
Subject: [PATCH 09/10] Source the `os-release` file in a subshell

---
 plugins/debian/debsecan_ | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index 3e18d316..fa43aeba 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -72,8 +72,8 @@ if [ ! -x /usr/bin/debsecan ]; then
   exit 1
 fi
 
-. /etc/os-release
-SUITE=${suite:-$VERSION_CODENAME}
+# Suite is taken from environment but defaults to `os-release` content
+SUITE=$(. /etc/os-release && echo "${suite:-$VERSION_CODENAME}")
 
 FIXEDWARN=${fixed_warning:-1}
 FIXEDCRIT=${fixed_critical:-1000}

From 5c048c989fb6526a478edf6201779a8fc85bec7b Mon Sep 17 00:00:00 2001
From: Wilco de Boer <deboer.wilco@gmail.com>
Date: Thu, 15 Jul 2021 00:18:55 +0200
Subject: [PATCH 10/10] Actually, echo suite even when sourcing `os-release`
 fails

---
 plugins/debian/debsecan_ | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index fa43aeba..68d402c9 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -73,7 +73,10 @@ if [ ! -x /usr/bin/debsecan ]; then
 fi
 
 # Suite is taken from environment but defaults to `os-release` content
-SUITE=$(. /etc/os-release && echo "${suite:-$VERSION_CODENAME}")
+SUITE=$(
+  . /etc/os-release
+  echo "${suite:-$VERSION_CODENAME}"
+)
 
 FIXEDWARN=${fixed_warning:-1}
 FIXEDCRIT=${fixed_critical:-1000}