diff --git a/cve_support/cve_policy_filter.py b/cve_support/cve_policy_filter.py
index ab982b82..7a650edb 100644
--- a/cve_support/cve_policy_filter.py
+++ b/cve_support/cve_policy_filter.py
@@ -28,6 +28,7 @@ def print_html_report(cves_report, title):
output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
cves_to_track=cves_report["cves_to_track"],\
+ cves_wont_fix=cves_report["cves_wont_fix"],\
cves_w_errors=cves_report["cves_w_errors"],\
cves_to_omit=cves_report["cves_to_omit"],\
heads=heads,\
@@ -77,6 +78,16 @@ def print_report(cves_report, title):
cve_line.append(key + ":" + str(value))
print(cve_line)
+ print("\nCVEs with no plans to fix (Won't Fix or Invalid): %d \n" \
+ % (len(cves_report["cves_wont_fix"])))
+ for cve in cves_report["cves_wont_fix"]:
+ cve_line = []
+ for key, value in cve.items():
+ if key != "summary":
+ cve_line.append(key + ":" + str(value))
+ print(cve_line)
+
+
print("\nERROR: CVEs that have no cvss2Score or cvss2Vector: %d \n" \
% (len(cves_report["cves_w_errors"])))
for cve in cves_report["cves_w_errors"]:
@@ -142,6 +153,7 @@ def main():
cves_to_fix_lp = []
cves_to_track = []
cves_w_errors = []
+ cves_wont_fix = []
cves_to_omit = []
cves_report = {}
@@ -209,8 +221,13 @@ def main():
and ("N" in cve["au"] or "S" in cve["au"])
and ("P" in cve["ai"] or "C" in cve["ai"])):
if cve["status"] == "fixed":
- if find_lp_assigned(cve["id"]):
- cves_to_fix_lp.append(cve)
+ bug = find_lp_assigned(cve["id"])
+ if (bug):
+ print(bug["status"])
+ if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
+ cves_wont_fix.append(cve)
+ else:
+ cves_to_fix_lp.append(cve)
else:
cves_to_fix.append(cve)
else:
@@ -222,6 +239,7 @@ def main():
cves_report["cves_to_fix_lp"] = cves_to_fix_lp
cves_report["cves_to_track"] = cves_to_track
cves_report["cves_w_errors"] = cves_w_errors
+ cves_report["cves_wont_fix"] = cves_wont_fix
cves_report["cves_to_omit"] = cves_to_omit
print_report(cves_report, title)
diff --git a/cve_support/lp.py b/cve_support/lp.py
index 6a2d2edd..2d071676 100644
--- a/cve_support/lp.py
+++ b/cve_support/lp.py
@@ -12,7 +12,6 @@ import os
from os import path
from launchpadlib.launchpad import Launchpad
-
# Filter the open bugs
STATUSES = [
'New',
@@ -22,6 +21,8 @@ STATUSES = [
'In Progress',
'Fix Committed',
'Fix Released',
+ "Invalid",
+ "Won't Fix",
]
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
@@ -37,12 +38,13 @@ def search_upstrem_lps():
('lplib.cookbook.json_fetcher', 'production',
CACHEDIR, version='devel')
project = launchpad.projects['starlingx']
- tasks = project.searchTasks(status=STATUSES)
+ tasks = project.searchTasks(status=STATUSES, has_cve=True)
for task in tasks:
bug = task.bug
if ("cve" in bug.title.lower()):
bug_dic = {}
bug_dic['id'] = bug.id
+ bug_dic['status'] = task.status
bug_dic['title'] = bug.title
bug_dic['link'] = bug.self_link
DATA.append(bug_dic)
@@ -75,6 +77,7 @@ def main():
Sanity test
"""
cve_ids = ["CVE-2019-0160",\
+ "CVE-2018-7536",\
"CVE-2019-11810",\
"CVE-2019-11811",\
"CVE-2018-15686",\
diff --git a/cve_support/template.txt b/cve_support/template.txt
index 04763f15..dcaea04f 100644
--- a/cve_support/template.txt
+++ b/cve_support/template.txt
@@ -67,6 +67,29 @@
{% endfor %}
{% endif %}
+ CVEs that are Invalid or Won't Fix: {{cves_wont_fix | length}}
+
+ {% if cves_wont_fix|length >= 1 %}
+
+ {% for head in heads %}
+ | {{head}} |
+ {% endfor %}
+
+
+ {% for cve in cves_wont_fix %}
+
+ | {{cve["id"]}} |
+ {{cve["status"]}} |
+ {{cve["cvss2Score"]}} |
+ {{cve["av"]}} |
+ {{cve["ac"]}} |
+ {{cve["au"]}} |
+ {{cve["ai"]}} |
+
+ {% endfor %}
+ {% endif %}
+
+
CVEs to omit: {{cves_to_omit | length}}
{% if cves_to_omit|length >= 1 %}