[Buildroot] [PATCH 1/2] support/scripts/cve-check: fix typos and grammar
Arnout Vandecappelle
arnout at rnout.be
Thu Dec 11 19:31:39 UTC 2025
In reply of:
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Applied to 2025.02.x and 2025.08.x. Thanks
> ---
> support/scripts/cve-check | 31 ++++++++++++++++---------------
> 1 file changed, 16 insertions(+), 15 deletions(-)
>
> diff --git a/support/scripts/cve-check b/support/scripts/cve-check
> index 6442b2e72c..a72547ab38 100755
> --- a/support/scripts/cve-check
> +++ b/support/scripts/cve-check
> @@ -4,7 +4,7 @@
> # Enriches the input CycloneDX SBOM with vulnerability information from the NVD
> # database.
> #
> -# The nvd database is cloned using a mirror of it and the content is compared
> +# The NVD database is cloned using a mirror of it and the content is compared
> # locally.
> #
> # Example usage:
> @@ -121,7 +121,7 @@ def nvd_cve_references_to_cdx(references):
> def nvd_cve_to_cdx_vulnerability(nvd_cve):
> """
> Turns the CVE object fetched from the NVD API into a CycloneDX
> - vulnerability that fit the spec (see [1]).
> + vulnerability that fits the spec (see [1]).
>
> [1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities
> """
> @@ -153,19 +153,19 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
> return vulnerability
>
>
> -def vuln_append_or_update_affects_if_exist(vulnerabilities, vulnerability):
> +def vuln_append_or_update_affects_if_exists(vulnerabilities, vulnerability):
> """
> Append 'vulnerability' passed as argument to the 'vulnerabilities' argument
> - if an entry with the same 'id' don't exist yet.
> - If an entry already exist the input reference is added to the 'affects'
> - list of the existing vulnerability.
> + if an entry with the same 'id' doesn't exist yet.
> + If the vulnerability already exists, the input reference is added to the
> + 'affects' list of the existing entry.
>
> Args:
> vulnerabilities (list): The vulnerabilities array reference retrieved
> from the input CycloneDX SBOM
> vulnerability (dict): Vulnerability to add to the 'vulnerabilities' list.
> """
> - # Search if a vulnerability with the same identifier already exist in the
> + # Search if a vulnerability with the same identifier already exists in the
> # SBOM vulnerability list.
> matching_vuln = next(
> (vuln for vuln in vulnerabilities if vuln.get("id") == vulnerability["id"]),
> @@ -173,6 +173,7 @@ def vuln_append_or_update_affects_if_exist(vulnerabilities, vulnerability):
> )
>
> # bom-ref to the component is passed to the affects of the vulnerability
> + # passed as argument
> bom_ref = next((a["ref"] for a in vulnerability.get("affects", [])), None)
>
> if matching_vuln is not None:
> @@ -181,7 +182,7 @@ def vuln_append_or_update_affects_if_exist(vulnerabilities, vulnerability):
> del vulnerability["affects"]
>
> if matching_vuln.get("analysis") is not None and "analysis" in vulnerability:
> - # We don't update vulnerability that already have an
> + # We don't update vulnerabilities that already have an
> # 'analysis'.
> # Buildroot ignored vulnerabilities will already have
> # an analysis and need to remain as such.
> @@ -228,13 +229,13 @@ def check_package_cve_affects(cve: cvecheck.CVE, cpe_product_pkgs, sbom, opt: Op
> "ref": comp["bom-ref"]
> }]
>
> - vuln_append_or_update_affects_if_exist(vulnerabilities, vulnerability)
> + vuln_append_or_update_affects_if_exists(vulnerabilities, vulnerability)
>
>
> def check_package_cves(nvd_path: Path, sbom, opt: Options):
> """
> - Iterate over every entries of the NDV API mirror. Each vulnerability is
> - compared to the set of component passed as argument in the 'sbom'.
> + Iterate over every entry of the NVD API mirror. Each vulnerability is
> + compared to the set of components passed as argument in the 'sbom'.
> The vulnerabilities set of that 'sbom' argument is enriched with analysis
> of vulnerabilities that match that set of components.
>
> @@ -257,7 +258,7 @@ def check_package_cves(nvd_path: Path, sbom, opt: Options):
> def enrich_vulnerabilities(nvd_path: Path, sbom):
> """
> Iterate over the vulnerabilities present in the 'sbom' passed as arguments
> - and enrich the vulnerability with content from the NDV API mirror.
> + and enrich the vulnerability with content from the NVD API mirror.
>
> Args:
> nvd_path (Path): Path of the mirror of the NVD API.
> @@ -274,7 +275,7 @@ def enrich_vulnerabilities(nvd_path: Path, sbom):
>
> vulnerability = nvd_cve_to_cdx_vulnerability(cve.nvd_cve)
>
> - vuln_append_or_update_affects_if_exist(vulnerabilities, vulnerability)
> + vuln_append_or_update_affects_if_exists(vulnerabilities, vulnerability)
>
>
> def main():
> @@ -288,8 +289,8 @@ def main():
> help='Path to the local NVD database',
> type=lambda p: Path(p).expanduser().resolve())
> parser.add_argument("--enrich-only", default=False, action='store_true',
> - help="Only update metadata to the vulnerability currently present " +
> - "on the input CycloneDX SBOM. Don't do an analysis.")
> + help="Only update metadata for the vulnerabilities currently present " +
> + "in the input CycloneDX SBOM. Don't do an analysis.")
> parser.add_argument("--include-resolved", default=False, action='store_true',
> help="Add vulnerabilities already 'resolved' that don't affect a " +
> "component to the output CycloneDX vulnerabilities analysis.")
> --
> 2.52.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
More information about the buildroot
mailing list