9cdb43da42
Now the latest json format result file includes the several items in the set data["scannedCves"][cve_id]["cveContents"]["nvd"], so the original usage is not available to filter CVE info anymore. So it's time to drop the exception which is to raise this condition that the length is greater than 1. It will be failed to throw the exception. We are going to use the condition 'source=nvd@nist.gov' to get the accurate CVE information instead. Another update is to expand the function find_lp_assigned with adding new condition to find the CVE id in the description section of the LP page. As the length of title is limited, if one page is used to track many CVE issues, the length may be not enough to record all CVE ID items. Closes-Bug: 2059996 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Change-Id: Ia7dfee5db53baaa82a8e6dd9d5dde8a31da5bcc2
100 lines
2.3 KiB
Python
100 lines
2.3 KiB
Python
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# Copyright (C) 2019 Intel Corporation
|
|
#
|
|
|
|
"""
|
|
Implement system to detect if CVEs has launchpad assigned
|
|
"""
|
|
import json
|
|
import os
|
|
import re
|
|
from os import path
|
|
from launchpadlib.launchpad import Launchpad
|
|
|
|
# Filter the open bugs
|
|
STATUSES = [
|
|
'New',
|
|
'Incomplete',
|
|
'Confirmed',
|
|
'Triaged',
|
|
'In Progress',
|
|
'Fix Committed',
|
|
'Fix Released',
|
|
"Invalid",
|
|
"Won't Fix",
|
|
]
|
|
|
|
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
|
|
CVES_FILE = path.join(CACHEDIR, 'cves_open.json')
|
|
NVD_URL = 'https://nvd.nist.gov/vuln/detail'
|
|
DATA = []
|
|
|
|
|
|
def search_upstrem_lps():
|
|
"""
|
|
Search for launchpads open with CVE or cve in title
|
|
"""
|
|
launchpad = Launchpad.login_anonymously\
|
|
('lplib.cookbook.json_fetcher', 'production',
|
|
CACHEDIR, version='devel')
|
|
project = launchpad.projects['starlingx']
|
|
tasks = project.searchTasks(status=STATUSES, has_cve=True)
|
|
for task in tasks:
|
|
bug = task.bug
|
|
if ("cve" in bug.title.lower()):
|
|
bug_dic = {}
|
|
bug_dic['id'] = bug.id
|
|
bug_dic['status'] = task.status
|
|
bug_dic['title'] = bug.title
|
|
bug_dic['link'] = bug.self_link
|
|
bug_dic['description'] = bug.description
|
|
DATA.append(bug_dic)
|
|
|
|
with open(CVES_FILE, 'w') as outfile:
|
|
json.dump(DATA, outfile)
|
|
|
|
def find_lp_assigned(cve_id):
|
|
"""
|
|
Check if a launchpad for CVE exist in DATA
|
|
DATA must came from file or from upstream launchpad DB
|
|
"""
|
|
global DATA
|
|
|
|
if not DATA:
|
|
if path.isfile(CVES_FILE):
|
|
DATA = json.load(open(CVES_FILE, "r"))
|
|
else:
|
|
search_upstrem_lps()
|
|
|
|
for bug in DATA:
|
|
pattern = cve_id + ": " + path.join(NVD_URL, cve_id)
|
|
if re.search(cve_id, bug["title"]) or re.search(pattern, bug["description"]):
|
|
return bug
|
|
|
|
return None
|
|
|
|
def main():
|
|
|
|
"""
|
|
Sanity test
|
|
"""
|
|
cve_ids = ["CVE-2019-0160",\
|
|
"CVE-2018-7536",\
|
|
"CVE-2019-11810",\
|
|
"CVE-2019-11811",\
|
|
"CVE-2018-15686",\
|
|
"CVE-2019-10126"]
|
|
|
|
for cve_id in cve_ids:
|
|
bug = find_lp_assigned(cve_id)
|
|
if bug:
|
|
print("\n")
|
|
print(bug)
|
|
else:
|
|
print("\n%s has no LP assigned\n" % (cve_id))
|
|
|
|
if __name__ == "__main__":
|
|
main()
|