diff mbox series

[07/10] support/scripts/cve-checker: show CPE ID in results

Message ID 20201104145145.1316167-8-thomas.petazzoni@bootlin.com
State Not Applicable
Headers show
Series Introduce CPE ID matching for CVEs | expand

Commit Message

Thomas Petazzoni Nov. 4, 2020, 2:51 p.m. UTC
From: Gregory CLEMENT <gregory.clement@bootlin.com>

This commit improves the cve-checker script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.

Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 support/scripts/cve-checker | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

Comments

Matthew Weber Nov. 4, 2020, 5:20 p.m. UTC | #1
Thomas / Greg,

On Wed, Nov 4, 2020 at 8:52 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> From: Gregory CLEMENT <gregory.clement@bootlin.com>
>
> This commit improves the cve-checker script to show the CPE ID of
> packages, if available. For now, it doesn't use CPE IDs to match CVEs.
>
> Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  support/scripts/cve-checker | 21 ++++++++++++++++++---
>  1 file changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/support/scripts/cve-checker b/support/scripts/cve-checker
> index ff110fc17c..421202d049 100755
> --- a/support/scripts/cve-checker
> +++ b/support/scripts/cve-checker
> @@ -26,9 +26,10 @@ import cve as cvecheck
>
>
>  class Package:
> -    def __init__(self, name, version, ignored_cves):
> +    def __init__(self, name, version, cpeid, ignored_cves):
>          self.name = name
>          self.version = version
> +        self.cpeid = cpeid
>          self.cves = list()
>          self.ignored_cves = ignored_cves
>
> @@ -106,6 +107,19 @@ def dump_html_pkg(f, pkg):
>          f.write("   <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
>      f.write("  </td>\n")
>
> +    # CPE ID
> +    td_class = ["left"]
> +    if pkg.cpeid:
> +        td_class.append("correct")
> +    else:
> +        td_class.append("wrong")
> +    f.write("  <td class=\"%s\">\n" % " ".join(td_class))
> +    if pkg.cpeid:
> +        f.write("  <code>%s</code>\n" % pkg.cpeid)
> +    else:
> +        f.write("  N/A\n")
> +    f.write("  </td>\n")
> +


Similar question as in the pkgstats about including host package CPE
IDs in the listing.
Thomas Petazzoni Nov. 26, 2020, 3:38 p.m. UTC | #2
On Wed,  4 Nov 2020 15:51:41 +0100
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> From: Gregory CLEMENT <gregory.clement@bootlin.com>
> 
> This commit improves the cve-checker script to show the CPE ID of
> packages, if available. For now, it doesn't use CPE IDs to match CVEs.
> 
> Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  support/scripts/cve-checker | 21 ++++++++++++++++++---
>  1 file changed, 18 insertions(+), 3 deletions(-)

Since cve-checker is no longer part of Buildroot, this patch no longer
makes sense, and I marked it as Non Applicable in patchwork.

Best regards,

Thomas
diff mbox series

Patch

diff --git a/support/scripts/cve-checker b/support/scripts/cve-checker
index ff110fc17c..421202d049 100755
--- a/support/scripts/cve-checker
+++ b/support/scripts/cve-checker
@@ -26,9 +26,10 @@  import cve as cvecheck
 
 
 class Package:
-    def __init__(self, name, version, ignored_cves):
+    def __init__(self, name, version, cpeid, ignored_cves):
         self.name = name
         self.version = version
+        self.cpeid = cpeid
         self.cves = list()
         self.ignored_cves = ignored_cves
 
@@ -106,6 +107,19 @@  def dump_html_pkg(f, pkg):
         f.write("   <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
     f.write("  </td>\n")
 
+    # CPE ID
+    td_class = ["left"]
+    if pkg.cpeid:
+        td_class.append("correct")
+    else:
+        td_class.append("wrong")
+    f.write("  <td class=\"%s\">\n" % " ".join(td_class))
+    if pkg.cpeid:
+        f.write("  <code>%s</code>\n" % pkg.cpeid)
+    else:
+        f.write("  N/A\n")
+    f.write("  </td>\n")
+
     f.write(" </tr>\n")
 
 
@@ -116,6 +130,7 @@  def dump_html_all_pkgs(f, packages):
 <td>Package</td>
 <td class=\"centered\">Version</td>
 <td class=\"centered\">CVEs</td>
++<td class=\"centered\">CPE ID</td>
 </tr>
 """)
     for pkg in packages:
@@ -141,6 +156,7 @@  def dump_json(packages, date, output):
         pkg.name: {
             "version": pkg.version,
             "cves": pkg.cves,
+            "cpe-id": pkg.cpeid,
         } for pkg in packages
     }
     # The actual structure to dump, add date to it
@@ -170,7 +186,6 @@  def parse_args():
         parser.error('at least one of --html or --json (or both) is required')
     return args
 
-
 def __main__():
     args = parse_args()
 
@@ -178,7 +193,7 @@  def __main__():
     content = json.load(sys.stdin)
     for item in content:
         pkg = content[item]
-        p = Package(item, pkg.get('version', ''), pkg.get('ignore_cves', ''))
+        p = Package(item, pkg.get('version', ''), pkg.get('cpe-id', None), pkg.get('ignore_cves', ''))
         packages.append(p)
 
     date = datetime.datetime.utcnow()