From patchwork Thu Jun 21 17:15:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 932838 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41BSyk1j0Jz9s2R for ; Fri, 22 Jun 2018 03:15:57 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id A06F1228EE; Thu, 21 Jun 2018 17:15:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-JWJSIz54I3; Thu, 21 Jun 2018 17:15:50 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id C34FB22216; Thu, 21 Jun 2018 17:15:50 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 379C71BFFD0 for ; Thu, 21 Jun 2018 17:15:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D952F88FF3 for ; Thu, 21 Jun 2018 17:15:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdxLdD1yijcP for ; Thu, 21 Jun 2018 17:15:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from da1vs02.rockwellcollins.com (da1vs02.rockwellcollins.com [205.175.227.29]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1894E89000 for ; Thu, 21 Jun 2018 17:15:39 +0000 (UTC) Received: from ofwda1n02.rockwellcollins.com (HELO crulimr01.rockwellcollins.com) ([205.175.227.14]) by da1vs02.rockwellcollins.com with ESMTP; 21 Jun 2018 12:15:38 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by crulimr01.rockwellcollins.com (Postfix) with ESMTP id 49D106049F; Thu, 21 Jun 2018 12:15:37 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Thu, 21 Jun 2018 12:15:34 -0500 Message-Id: <1529601335-38937-7-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1529601335-38937-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1529601335-38937-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH v6 6/7] support/scripts/pkg-stats: add CPE reporting X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Pkg status now includes CPE as an item reported in the html output (stat summary and for each pkg) Signed-off-by: Matthew Weber --- Changes v5 -> v6 - Rebased to capture formatting changes v4 -> v5 [Ricardo - Renamed patch to correctly match file name - Removed extra prints as they aren't needed when we have the output reports/stdout - Updated v4 comments about general flake formatting cleanup [Arnout - Collectly with Ricardo, decided to move cpe report analysis to a seperate script and breakout a module that's imported for the cpedb class - Rename cpe_dict to instead be cpedb v3 -> v4 - Collapsed patch 5 and 6 together into this single patch [Eric - added except handling around file io - fixed condition where buildroot isn't generating a CPE string as part of the infra and output that is the case. (eventually these probably could be fixed but there aren't many at this point) [Ricardo - fixed patch naming and resolved flake8 issues - took the opportunity to also fix other flake8 syntax update suggestions - added except handling to have proper exits - cleaned up csv file header skippin - condensed partial cve string split - updated help txt as suggested - reworked output file requirement. Removed -o as required but added check if provided when -c isn't used v3 - New patch --- support/scripts/pkg-stats | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats index b7b00e8..db58a75 100755 --- a/support/scripts/pkg-stats +++ b/support/scripts/pkg-stats @@ -24,6 +24,7 @@ from collections import defaultdict import re import subprocess import sys +from cpedb import CPEDB INFRA_RE = re.compile("\$\(eval \$\(([a-z-]*)-package\)\)") @@ -32,6 +33,7 @@ class Package: all_licenses = list() all_license_files = list() all_versions = dict() + all_cpe_id = dict() def __init__(self, name, path): self.name = name @@ -43,6 +45,8 @@ class Package: self.patch_count = 0 self.warnings = 0 self.current_version = None + self.cpe_id = None + self.has_cpe = False def pkgvar(self): return self.name.upper().replace("-", "_") @@ -116,6 +120,26 @@ class Package: self.warnings = int(m.group(1)) return + def set_cpe_info(self, cpe_dict): + """ + Fills in the .has_cpe field + """ + var = self.pkgvar() + if var in self.all_cpe_id: + self.cpe_id = self.all_cpe_id[var] + if self.cpe_id is None: + # BR infra did not build a CPE ID for this pkg + # as it's most likely a host pkg + return + result = cpe_dict.find(self.cpe_id) + if not result: + result = cpe_dict.find_partial(cpe_dict.get_cpe_no_version(self.cpe_id)) + if result: + self.has_cpe = "Update" + # Unset case for has_cpe is assumed missing/does not exist + else: + self.has_cpe = cpe_dict.get_nvd_url(self.cpe_id) + def __eq__(self, other): return self.path == other.path @@ -254,6 +278,20 @@ def package_init_make_info(): Package.all_versions[pkgvar] = value + # CPE ID + o = subprocess.check_output(["make", "BR2_HAVE_DOT_CONFIG=y", + "-s", "printvars", "VARS=%_CPE_ID"]) + for l in o.splitlines(): + # Get variable name and value + pkgvar, value = l.split("=") + + # Strip _CPE_ID + pkgvar = pkgvar[:-7] + if pkgvar in ("LINUX", "LINUX_HEADERS"): + Package.all_cpe_id[pkgvar] = "cpe:2.3:o:" + value + ":*:*:*:*:*:*:*" + else: + Package.all_cpe_id[pkgvar] = "cpe:2.3:a:" + value + ":*:*:*:*:*:*:*" + def calculate_stats(packages): stats = defaultdict(int) @@ -279,6 +317,12 @@ def calculate_stats(packages): stats["hash"] += 1 else: stats["no-hash"] += 1 + if pkg.has_cpe == "Update": + stats["update-cpe"] += 1 + elif pkg.has_cpe: + stats["cpe"] += 1 + else: + stats["no-cpe"] += 1 stats["patches"] += pkg.patch_count return stats @@ -422,6 +466,20 @@ def dump_html_pkg(f, pkg): f.write(" %d\n" % (" ".join(td_class), pkg.warnings)) + # CPE Valid + td_class = ["centered"] + if not pkg.has_cpe: + td_class.append("wrong") + f.write(" %s\n" % + (" ".join(td_class), boolean_str(pkg.has_cpe))) + elif pkg.has_cpe == "Update": + td_class.append("wrong") + f.write(" Update\n" % + (" ".join(td_class))) + else: + td_class.append("correct") + f.write(" %s\n" % + (" ".join(td_class), pkg.has_cpe, boolean_str(pkg.has_cpe))) f.write(" \n") @@ -437,6 +495,7 @@ def dump_html_all_pkgs(f, packages): Hash file Current version Warnings +CPE Valid """) for pkg in sorted(packages): @@ -463,6 +522,12 @@ def dump_html_stats(f, stats): stats["hash"]) f.write(" Packages not having a hash file%s\n" % stats["no-hash"]) + f.write(" Packages having a registered CPE%s\n" % + stats["cpe"]) + f.write(" Packages needing CPE update%s\n" % + stats["update-cpe"]) + f.write(" Packages missing a registered CPE%s\n" % + stats["no-cpe"]) f.write(" Total number of patches%s\n" % stats["patches"]) f.write("\n") @@ -505,6 +570,8 @@ def __main__(): package_list = args.packages.split(",") else: package_list = None + cpedb = CPEDB() + cpedb.get_xml_dict() print("Build package list ...") packages = get_pkglist(args.npackages, package_list) print("Getting package make info ...") @@ -517,6 +584,7 @@ def __main__(): pkg.set_patch_count() pkg.set_check_package_warnings() pkg.set_current_version() + pkg.set_cpe_info(cpedb) print("Calculate stats") stats = calculate_stats(packages) print("Write HTML")