[Buildroot] [PATCH 07/10] support/scripts/cve-checker: show CPE ID in results

Thomas Petazzoni thomas.petazzoni at bootlin.com
Wed Nov 4 14:51:41 UTC 2020 

From: Gregory CLEMENT <gregory.clement at bootlin.com>

This commit improves the cve-checker script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.

Signed-off-by: Gregory CLEMENT <gregory.clement at bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
 support/scripts/cve-checker | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/support/scripts/cve-checker b/support/scripts/cve-checker
index ff110fc17c..421202d049 100755
--- a/support/scripts/cve-checker
+++ b/support/scripts/cve-checker
@@ -26,9 +26,10 @@ import cve as cvecheck
 
 
 class Package:
-    def __init__(self, name, version, ignored_cves):
+    def __init__(self, name, version, cpeid, ignored_cves):
         self.name = name
         self.version = version
+        self.cpeid = cpeid
         self.cves = list()
         self.ignored_cves = ignored_cves
 
@@ -106,6 +107,19 @@ def dump_html_pkg(f, pkg):
         f.write("   <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
     f.write("  </td>\n")
 
+    # CPE ID
+    td_class = ["left"]
+    if pkg.cpeid:
+        td_class.append("correct")
+    else:
+        td_class.append("wrong")
+    f.write("  <td class=\"%s\">\n" % " ".join(td_class))
+    if pkg.cpeid:
+        f.write("  <code>%s</code>\n" % pkg.cpeid)
+    else:
+        f.write("  N/A\n")
+    f.write("  </td>\n")
+
     f.write(" </tr>\n")
 
 
@@ -116,6 +130,7 @@ def dump_html_all_pkgs(f, packages):
 <td>Package</td>
 <td class=\"centered\">Version</td>
 <td class=\"centered\">CVEs</td>
++<td class=\"centered\">CPE ID</td>
 </tr>
 """)
     for pkg in packages:
@@ -141,6 +156,7 @@ def dump_json(packages, date, output):
         pkg.name: {
             "version": pkg.version,
             "cves": pkg.cves,
+            "cpe-id": pkg.cpeid,
         } for pkg in packages
     }
     # The actual structure to dump, add date to it
@@ -170,7 +186,6 @@ def parse_args():
         parser.error('at least one of --html or --json (or both) is required')
     return args
 
-
 def __main__():
     args = parse_args()
 
@@ -178,7 +193,7 @@ def __main__():
     content = json.load(sys.stdin)
     for item in content:
         pkg = content[item]
-        p = Package(item, pkg.get('version', ''), pkg.get('ignore_cves', ''))
+        p = Package(item, pkg.get('version', ''), pkg.get('cpe-id', None), pkg.get('ignore_cves', ''))
         packages.append(p)
 
     date = datetime.datetime.utcnow()
-- 
2.26.2

More information about the buildroot mailing list