cve_policy_filter: Create new list to track the fixed LP CVE issue
With the LP page of the CVE issue is 'Fix Released' status, the CVE won't be reported in the cves_to_fix_lp list. we create a new cves_to_track_lp_fixed list to check if there is a newer fixer is provided under the same CVE for the 'stx' versioned pacakge, So that we can recognize when a fixed LP is actually not fixed. Monthly we need to double check the cves_to_track_lp_fixed list if it's not empty in the report. TestPlan: Pass: python3 cve_policy_filter.py localhost.json test cvssv3 Report the fixed LP of CVE issue in cves_to_fix_lp list. Story: 2010387 Task: 46683 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Change-Id: If910a4e58a2a6e2f575c4bad67cd6d19f23ad3f1
This commit is contained in:
parent
771c7d5382
commit
362d2aa36d
@ -18,6 +18,7 @@ cves_valid = []
|
|||||||
cves_to_fix = []
|
cves_to_fix = []
|
||||||
cves_to_fix_lp = []
|
cves_to_fix_lp = []
|
||||||
cves_to_track = []
|
cves_to_track = []
|
||||||
|
cves_to_track_lp_fixed = []
|
||||||
cves_w_errors = []
|
cves_w_errors = []
|
||||||
cves_wont_fix = []
|
cves_wont_fix = []
|
||||||
cves_to_omit = []
|
cves_to_omit = []
|
||||||
@ -54,6 +55,7 @@ def print_html_report(cves_report, title):
|
|||||||
template = template_env.get_template(template_file)
|
template = template_env.get_template(template_file)
|
||||||
output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
|
output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
|
||||||
cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
|
cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
|
||||||
|
cves_to_track_lp_fixed=cves_report["cves_to_track_lp_fixed"],\
|
||||||
cves_to_track=cves_report["cves_to_track"],\
|
cves_to_track=cves_report["cves_to_track"],\
|
||||||
cves_wont_fix=cves_report["cves_wont_fix"],\
|
cves_wont_fix=cves_report["cves_wont_fix"],\
|
||||||
cves_w_errors=cves_report["cves_w_errors"],\
|
cves_w_errors=cves_report["cves_w_errors"],\
|
||||||
@ -103,6 +105,15 @@ def print_report(cves_report, title):
|
|||||||
cve_line.append(key + ":" + str(value))
|
cve_line.append(key + ":" + str(value))
|
||||||
print(cve_line)
|
print(cve_line)
|
||||||
|
|
||||||
|
print("\nCVEs to track for launchpad fixed: %d \n" \
|
||||||
|
% (len(cves_report["cves_to_track_lp_fixed"])))
|
||||||
|
for cve in cves_report["cves_to_track_lp_fixed"]:
|
||||||
|
cve_line = []
|
||||||
|
for key, value in cve.items():
|
||||||
|
if key != "summary":
|
||||||
|
cve_line.append(key + ":" + str(value))
|
||||||
|
print(cve_line)
|
||||||
|
|
||||||
print("\nCVEs to track for incoming fix: %d \n" \
|
print("\nCVEs to track for incoming fix: %d \n" \
|
||||||
% (len(cves_report["cves_to_track"])))
|
% (len(cves_report["cves_to_track"])))
|
||||||
for cve in cves_report["cves_to_track"]:
|
for cve in cves_report["cves_to_track"]:
|
||||||
@ -172,6 +183,7 @@ def update_report():
|
|||||||
cves_report["cves_to_fix"] = cves_to_fix
|
cves_report["cves_to_fix"] = cves_to_fix
|
||||||
cves_report["cves_to_fix_lp"] = cves_to_fix_lp
|
cves_report["cves_to_fix_lp"] = cves_to_fix_lp
|
||||||
cves_report["cves_to_track"] = cves_to_track
|
cves_report["cves_to_track"] = cves_to_track
|
||||||
|
cves_report["cves_to_track_lp_fixed"] = cves_to_track_lp_fixed
|
||||||
cves_report["cves_w_errors"] = cves_w_errors
|
cves_report["cves_w_errors"] = cves_w_errors
|
||||||
cves_report["cves_wont_fix"] = cves_wont_fix
|
cves_report["cves_wont_fix"] = cves_wont_fix
|
||||||
cves_report["cves_to_omit"] = cves_to_omit
|
cves_report["cves_to_omit"] = cves_to_omit
|
||||||
@ -193,6 +205,8 @@ def cvssv3_pb_alg():
|
|||||||
print(bug["status"])
|
print(bug["status"])
|
||||||
if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
|
if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
|
||||||
cves_wont_fix.append(cve)
|
cves_wont_fix.append(cve)
|
||||||
|
elif (bug["status"] == "Fix Released"):
|
||||||
|
cves_to_track_lp_fixed.append(cve)
|
||||||
else:
|
else:
|
||||||
cves_to_fix_lp.append(cve)
|
cves_to_fix_lp.append(cve)
|
||||||
else:
|
else:
|
||||||
@ -221,6 +235,8 @@ def cvssv2_pb_alg():
|
|||||||
print(bug["status"])
|
print(bug["status"])
|
||||||
if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
|
if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
|
||||||
cves_wont_fix.append(cve)
|
cves_wont_fix.append(cve)
|
||||||
|
elif (bug["status"] == "Fix Released"):
|
||||||
|
cves_to_track_lp_fixed.append(cve)
|
||||||
else:
|
else:
|
||||||
cves_to_fix_lp.append(cve)
|
cves_to_fix_lp.append(cve)
|
||||||
else:
|
else:
|
||||||
|
@ -45,6 +45,28 @@
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</table>
|
</table>
|
||||||
|
<h2> CVEs to track for launchpad fixed: {{cves_to_track_lp_fixed | length}}</h2>
|
||||||
|
<table>
|
||||||
|
{% if cves_to_track_lp_fixed|length >= 1 %}
|
||||||
|
<tr>
|
||||||
|
{% for head in heads %}
|
||||||
|
<th>{{head}}</th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
{% for cve in cves_to_track_lp_fixed %}
|
||||||
|
<tr>
|
||||||
|
<td>{{cve["id"]}}</td>
|
||||||
|
<td>{{cve["status"]}}</td>
|
||||||
|
<td>{{cve["cvss2Score"]}}</td>
|
||||||
|
<td>{{cve["av"]}}</td>
|
||||||
|
<td>{{cve["ac"]}}</td>
|
||||||
|
<td>{{cve["au"]}}</td>
|
||||||
|
<td>{{cve["ai"]}}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
</table>
|
||||||
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
||||||
<table>
|
<table>
|
||||||
{% if cves_to_track|length >= 1 %}
|
{% if cves_to_track|length >= 1 %}
|
||||||
|
@ -47,6 +47,29 @@
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</table>
|
</table>
|
||||||
|
<h2> CVEs to track for launchpad fixed: {{cves_to_track_lp_fixed | length}}</h2>
|
||||||
|
<table>
|
||||||
|
{% if cves_to_track_lp_fixed|length >= 1 %}
|
||||||
|
<tr>
|
||||||
|
{% for head in heads %}
|
||||||
|
<th>{{head}}</th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
{% for cve in cves_to_track_lp_fixed %}
|
||||||
|
<tr>
|
||||||
|
<td>{{cve["id"]}}</td>
|
||||||
|
<td>{{cve["status"]}}</td>
|
||||||
|
<td>{{cve["cvss3Score"]}}</td>
|
||||||
|
<td>{{cve["av"]}}</td>
|
||||||
|
<td>{{cve["ac"]}}</td>
|
||||||
|
<td>{{cve["pr"]}}</td>
|
||||||
|
<td>{{cve["ui"]}}</td>
|
||||||
|
<td>{{cve["ai"]}}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
</table>
|
||||||
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
||||||
<table>
|
<table>
|
||||||
{% if cves_to_track|length >= 1 %}
|
{% if cves_to_track|length >= 1 %}
|
||||||
|
Loading…
Reference in New Issue
Block a user