509d901837
To support the monthly master StarlingX CVE scans with the new CVSS v3
policy, we run the filter criteria as the following policy:
Base score >= 7.0
Base Metrics have the following:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None or Low
Availability Impact: High or Low
User Interaction: None
A correction is available upstream
We can see the policy here:
https://wiki.openstack.org/wiki/StarlingX/Security/CVE_Support_Policy
Meanwhile update the html report template with new criteria.
TestPlan:
PASS: python3 cve_policy_filter.py localhost.json master_V3_Sep_29_2022 cvssv3
Story: 2010387
Task: 46683
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: I8ab91805b4d78c218aee85f94b6cc25929948417
133 lines
2.9 KiB
Plaintext
133 lines
2.9 KiB
Plaintext
<head></head>
|
|
<body>
|
|
<h1>Security report from vuls scan from {{title}}</h1>
|
|
<h2>CVEs to fix w/o a launchpad assigned: {{cves_to_fix | length}}</h2>
|
|
<table>
|
|
{% if cves_to_fix|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_fix %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss3Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["pr"]}}</td>
|
|
<td>{{cve["ui"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2>CVEs to fix w/ a launchpad assigned: {{cves_to_fix_lp | length}}</h2>
|
|
<table>
|
|
{% if cves_to_fix_lp|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_fix_lp %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss3Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["pr"]}}</td>
|
|
<td>{{cve["ui"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
|
<table>
|
|
{% if cves_to_track|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_track %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss3Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["pr"]}}</td>
|
|
<td>{{cve["ui"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2> CVEs that are Invalid or Won't Fix: {{cves_wont_fix | length}}</h2>
|
|
<table>
|
|
{% if cves_wont_fix|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_wont_fix %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss3Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["pr"]}}</td>
|
|
<td>{{cve["ui"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
|
|
<h2> CVEs to omit: {{cves_to_omit | length}}</h2>
|
|
<table>
|
|
{% if cves_to_omit|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_omit %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss3Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["pr"]}}</td>
|
|
<td>{{cve["ui"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
|
|
<h2>ERROR: CVEs that have no cvss3Score or cvss2Vector:{{cves_w_errors | length}}</h2>
|
|
<table>
|
|
{% if cves_w_errors|length >= 1 %}
|
|
{% for cve in cves_w_errors %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
</body>
|