Merge "cve_policy_filter.py: Get the filter data from nvd@nist.gov item"
This commit is contained in:
Zuul
Gerrit Code Review
commit
8a7e79c205
|
|
@ -25,18 +25,6 @@ cves_to_omit = []
|
||||||
cves_report = {}
|
cves_report = {}
|
||||||
|
|
||||||
|
|
||||||
class NVDLengthException(Exception):
|
|
||||||
"""
|
|
||||||
Throw the exception when the length of NVD list != 1
|
|
||||||
"""
|
|
||||||
def __init__(self, length):
|
|
||||||
self.length = length
|
|
||||||
|
|
||||||
def __str__(self):
|
|
||||||
print("Warning: NVD length: %d, not 1, Please check again!" \
|
|
||||||
% self.length)
|
|
||||||
|
|
||||||
|
|
||||||
def print_html_report(cves_report, title):
|
def print_html_report(cves_report, title):
|
||||||
"""
|
"""
|
||||||
Print the html report
|
Print the html report
|
||||||
|
|
@ -256,13 +244,29 @@ def cvssv3_parse_n_report(cves,title,data):
|
||||||
cve_id = cve["id"]
|
cve_id = cve["id"]
|
||||||
affectedpackages_list = []
|
affectedpackages_list = []
|
||||||
allfixed = "fixed"
|
allfixed = "fixed"
|
||||||
try:
|
|
||||||
nvdlength = len(data["scannedCves"][cve_id]["cveContents"]["nvd"])
|
|
||||||
if nvdlength != 1:
|
|
||||||
raise NVDLengthException(nvdlength)
|
|
||||||
|
|
||||||
nvd3_score = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss3Score"]
|
if 'nvd' not in data['scannedCves'][cve_id]['cveContents'].keys():
|
||||||
cvss3vector = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss3Vector"]
|
continue
|
||||||
|
|
||||||
|
missing = False
|
||||||
|
use_l = {}
|
||||||
|
for l in data['scannedCves'][cve_id]['cveContents']['nvd']:
|
||||||
|
try:
|
||||||
|
if l["optional"]["source"] == "nvd@nist.gov":
|
||||||
|
if not use_l:
|
||||||
|
use_l = l
|
||||||
|
else:
|
||||||
|
print("Oops: two entries for nvd@nist.gov: %s" % k)
|
||||||
|
except KeyError:
|
||||||
|
# ignore missing ["optional"]["source"]
|
||||||
|
missing = True
|
||||||
|
pass
|
||||||
|
if missing and use_l:
|
||||||
|
print("CVE %s is example" % cve_id)
|
||||||
|
|
||||||
|
try:
|
||||||
|
nvd3_score = l["cvss3Score"]
|
||||||
|
cvss3vector = l["cvss3Vector"]
|
||||||
if cvss3vector == "":
|
if cvss3vector == "":
|
||||||
raise KeyError
|
raise KeyError
|
||||||
except KeyError:
|
except KeyError:
|
||||||
|
|
@ -304,13 +308,31 @@ def cvssv2_parse_n_report(cves,title,data):
|
||||||
cve_id = cve["id"]
|
cve_id = cve["id"]
|
||||||
affectedpackages_list = []
|
affectedpackages_list = []
|
||||||
allfixed = "fixed"
|
allfixed = "fixed"
|
||||||
try:
|
|
||||||
nvdlength = len(data["scannedCves"][cve_id]["cveContents"]["nvd"])
|
|
||||||
if nvdlength != 1:
|
|
||||||
raise NVDLengthException(nvdlength)
|
|
||||||
|
|
||||||
nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss2Score"]
|
if 'nvd' not in data['scannedCves'][cve_id]['cveContents'].keys():
|
||||||
cvss2vector = data["scannedCves"][cve_id]["cveContents"]["nvd"][0]["cvss2Vector"]
|
continue
|
||||||
|
|
||||||
|
missing = False
|
||||||
|
use_l = {}
|
||||||
|
for l in data['scannedCves'][cve_id]['cveContents']['nvd']:
|
||||||
|
try:
|
||||||
|
if l["optional"]["source"] == "nvd@nist.gov":
|
||||||
|
if not use_l:
|
||||||
|
use_l = l
|
||||||
|
else:
|
||||||
|
print("Oops: two entries for nvd@nist.gov: %s" % k)
|
||||||
|
except KeyError:
|
||||||
|
# ignore missing ["optional"]["source"]
|
||||||
|
missing = True
|
||||||
|
pass
|
||||||
|
if missing and use_l:
|
||||||
|
print("CVE %s is example" % cve_id)
|
||||||
|
|
||||||
|
try:
|
||||||
|
nvd2_score = l["cvss2Score"]
|
||||||
|
cvss2vector = l["cvss2Vector"]
|
||||||
|
if cvss2vector == "":
|
||||||
|
raise KeyError
|
||||||
except KeyError:
|
except KeyError:
|
||||||
cves_w_errors.append(cve)
|
cves_w_errors.append(cve)
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ Implement system to detect if CVEs has launchpad assigned
|
||||||
"""
|
"""
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
from os import path
|
from os import path
|
||||||
from launchpadlib.launchpad import Launchpad
|
from launchpadlib.launchpad import Launchpad
|
||||||
|
|
||||||
|
|
@ -27,6 +28,7 @@ STATUSES = [
|
||||||
|
|
||||||
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
|
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
|
||||||
CVES_FILE = path.join(CACHEDIR, 'cves_open.json')
|
CVES_FILE = path.join(CACHEDIR, 'cves_open.json')
|
||||||
|
NVD_URL = 'https://nvd.nist.gov/vuln/detail'
|
||||||
DATA = []
|
DATA = []
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -47,6 +49,7 @@ def search_upstrem_lps():
|
||||||
bug_dic['status'] = task.status
|
bug_dic['status'] = task.status
|
||||||
bug_dic['title'] = bug.title
|
bug_dic['title'] = bug.title
|
||||||
bug_dic['link'] = bug.self_link
|
bug_dic['link'] = bug.self_link
|
||||||
|
bug_dic['description'] = bug.description
|
||||||
DATA.append(bug_dic)
|
DATA.append(bug_dic)
|
||||||
|
|
||||||
with open(CVES_FILE, 'w') as outfile:
|
with open(CVES_FILE, 'w') as outfile:
|
||||||
|
|
@ -66,7 +69,8 @@ def find_lp_assigned(cve_id):
|
||||||
search_upstrem_lps()
|
search_upstrem_lps()
|
||||||
|
|
||||||
for bug in DATA:
|
for bug in DATA:
|
||||||
if cve_id in bug["title"]:
|
pattern = cve_id + ": " + path.join(NVD_URL, cve_id)
|
||||||
|
if re.search(cve_id, bug["title"]) or re.search(pattern, bug["description"]):
|
||||||
return bug
|
return bug
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue