starlingx
/
tools
Code Issues Proposed changes

Merge "cve_policy_filter.py: Get the filter data from nvd@nist.gov item"

This commit is contained in:
Zuul 2024-04-24 13:35:48 +00:00 committed by Gerrit Code Review
parent b325e5810b 9cdb43da42
commit 8a7e79c205
2 changed files with 51 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
cve_support/cve_policy_filter.py
View File

@ -25,18 +25,6 @@ cves_to_omit = []
cves_report = {}
class NVDLengthException(Exception):
"""
Throw the exception when the length of NVD list != 1
"""
def __init__(self, length):
self.length = length
def __str__(self):
print("Warning: NVD length: %d, not 1, Please check again!" \
% self.length)
def print_html_report(cves_report, title):
"""
Print the html report
@ -256,13 +244,29 @@ def cvssv3_parse_n_report(cves,title,data):
cve_id = cve["id"]
affectedpackages_list = []
allfixed = "fixed"
try:
nvdlength = len(data["scannedCves"][cve_id]["cveContents"]["nvd"])
if nvdlength != 1:
raise NVDLengthException(nvdlength)
nvd3_score = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss3Score"]
cvss3vector = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss3Vector"]
if 'nvd' not in data['scannedCves'][cve_id]['cveContents'].keys():
continue
missing = False
use_l = {}
for l in data['scannedCves'][cve_id]['cveContents']['nvd']:
try:
if l["optional"]["source"] == "nvd@nist.gov":
if not use_l:
use_l = l
else:
print("Oops: two entries for nvd@nist.gov: %s" % k)
except KeyError:
# ignore missing ["optional"]["source"]
missing = True
pass
if missing and use_l:
print("CVE %s is example" % cve_id)
try:
nvd3_score = l["cvss3Score"]
cvss3vector = l["cvss3Vector"]
if cvss3vector == "":
raise KeyError
except KeyError:
@ -304,13 +308,31 @@ def cvssv2_parse_n_report(cves,title,data):
cve_id = cve["id"]
affectedpackages_list = []
allfixed = "fixed"
try:
nvdlength = len(data["scannedCves"][cve_id]["cveContents"]["nvd"])
if nvdlength != 1:
raise NVDLengthException(nvdlength)
nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss2Score"]
cvss2vector = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss2Vector"]
if 'nvd' not in data['scannedCves'][cve_id]['cveContents'].keys():
continue
missing = False
use_l = {}
for l in data['scannedCves'][cve_id]['cveContents']['nvd']:
try:
if l["optional"]["source"] == "nvd@nist.gov":
if not use_l:
use_l = l
else:
print("Oops: two entries for nvd@nist.gov: %s" % k)
except KeyError:
# ignore missing ["optional"]["source"]
missing = True
pass
if missing and use_l:
print("CVE %s is example" % cve_id)
try:
nvd2_score = l["cvss2Score"]
cvss2vector = l["cvss2Vector"]
if cvss2vector == "":
raise KeyError
except KeyError:
cves_w_errors.append(cve)
else:

6
cve_support/lp.py
View File

@ -9,6 +9,7 @@ Implement system to detect if CVEs has launchpad assigned
"""
import json
import os
import re
from os import path
from launchpadlib.launchpad import Launchpad
@ -27,6 +28,7 @@ STATUSES = [
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
CVES_FILE = path.join(CACHEDIR, 'cves_open.json')
NVD_URL = 'https://nvd.nist.gov/vuln/detail'
DATA = []
@ -47,6 +49,7 @@ def search_upstrem_lps():
bug_dic['status'] = task.status
bug_dic['title'] = bug.title
bug_dic['link'] = bug.self_link
bug_dic['description'] = bug.description
DATA.append(bug_dic)
with open(CVES_FILE, 'w') as outfile:
@ -66,7 +69,8 @@ def find_lp_assigned(cve_id):
search_upstrem_lps()
for bug in DATA:
if cve_id in bug["title"]:
pattern = cve_id + ": " + path.join(NVD_URL, cve_id)
if re.search(cve_id, bug["title"]) or re.search(pattern, bug["description"]):
return bug
return None