Message ID | 20210519024638.63607-3-matthew.weber@collins.com |
---|---|
State | Accepted |
Headers | show |
Series | [v2,1/3] support/scripts/pkg-stats: verified CPE has a known id but not version | expand |
Matthew, All, On 2021-05-18 21:46 -0500, Matthew Weber via buildroot spake thusly: > - If a package doesn't have any versioning, ignore and state that > - If a package is virtual, CVE=ignore and CPE state virtual > - For any of these NA cases, don't provide search link and color box > green > > Cc: Yann E. MORIN <yann.morin.1998@free.fr> > Signed-off-by: Matthew Weber <matthew.weber@collins.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > Changes v1 -> v2 > [Yann > - Update coloring of case when package is virtual, color boxes green > for N/A of CPE and CVEs > --- > support/scripts/pkg-stats | 24 +++++++++++++++++------- > 1 file changed, 17 insertions(+), 7 deletions(-) > > diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats > index 0c34388066..cc91d13167 100755 > --- a/support/scripts/pkg-stats > +++ b/support/scripts/pkg-stats > @@ -229,7 +229,10 @@ class Package: > """ > var = self.pkgvar() > if not self.is_actual_package: > - self.status['cpe'] = ("na", "no valid package infra") > + self.status['cpe'] = ("na", "N/A - virtual pkg") > + return > + if not self.current_version: > + self.status['cpe'] = ("na", "no version information available") > return > > if var in self.all_cpeids: > @@ -587,7 +590,7 @@ def check_package_cves(nvd_path, packages): > cpe_product_pkgs = defaultdict(list) > for pkg in packages: > if not pkg.is_actual_package: > - pkg.status['cve'] = ("na", "no valid package infra") > + pkg.status['cve'] = ("na", "N/A") > continue > if not pkg.current_version: > pkg.status['cve'] = ("na", "no version information available") > @@ -909,6 +912,8 @@ def dump_html_pkg(f, pkg): > td_class.append("cve-ok") > elif pkg.is_status_error("cve"): > td_class.append("cve-nok") > + elif pkg.is_status_na("cve") and not pkg.is_actual_package: > + td_class.append("cve-ok") > else: > td_class.append("cve-unknown") > f.write(" <td class=\"%s\">\n" % " ".join(td_class)) > @@ -936,18 +941,23 @@ def dump_html_pkg(f, pkg): > td_class.append("cpe-ok") > elif pkg.is_status_error("cpe"): > td_class.append("cpe-nok") > + elif pkg.is_status_na("cpe") and not pkg.is_actual_package: > + td_class.append("cpe-ok") > else: > td_class.append("cpe-unknown") > f.write(" <td class=\"%s\">\n" % " ".join(td_class)) > if pkg.cpeid: > f.write(" <code>%s</code>\n" % pkg.cpeid) > if not pkg.is_status_ok("cpe"): > - if pkg.cpeid: > - f.write(" <br/>%s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 > - (pkg.status['cpe'][1], ":".join(pkg.cpeid.split(":")[0:5]))) > + if pkg.is_actual_package and pkg.current_version: > + if pkg.cpeid: > + f.write(" <br/>%s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 > + (pkg.status['cpe'][1], ":".join(pkg.cpeid.split(":")[0:5]))) > + else: > + f.write(" %s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 > + (pkg.status['cpe'][1], pkg.name)) > else: > - f.write(" %s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % > - (pkg.status['cpe'][1], pkg.name)) > + f.write(" %s\n" % pkg.status['cpe'][1]) > > f.write(" </td>\n") > > -- > 2.17.1 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats index 0c34388066..cc91d13167 100755 --- a/support/scripts/pkg-stats +++ b/support/scripts/pkg-stats @@ -229,7 +229,10 @@ class Package: """ var = self.pkgvar() if not self.is_actual_package: - self.status['cpe'] = ("na", "no valid package infra") + self.status['cpe'] = ("na", "N/A - virtual pkg") + return + if not self.current_version: + self.status['cpe'] = ("na", "no version information available") return if var in self.all_cpeids: @@ -587,7 +590,7 @@ def check_package_cves(nvd_path, packages): cpe_product_pkgs = defaultdict(list) for pkg in packages: if not pkg.is_actual_package: - pkg.status['cve'] = ("na", "no valid package infra") + pkg.status['cve'] = ("na", "N/A") continue if not pkg.current_version: pkg.status['cve'] = ("na", "no version information available") @@ -909,6 +912,8 @@ def dump_html_pkg(f, pkg): td_class.append("cve-ok") elif pkg.is_status_error("cve"): td_class.append("cve-nok") + elif pkg.is_status_na("cve") and not pkg.is_actual_package: + td_class.append("cve-ok") else: td_class.append("cve-unknown") f.write(" <td class=\"%s\">\n" % " ".join(td_class)) @@ -936,18 +941,23 @@ def dump_html_pkg(f, pkg): td_class.append("cpe-ok") elif pkg.is_status_error("cpe"): td_class.append("cpe-nok") + elif pkg.is_status_na("cpe") and not pkg.is_actual_package: + td_class.append("cpe-ok") else: td_class.append("cpe-unknown") f.write(" <td class=\"%s\">\n" % " ".join(td_class)) if pkg.cpeid: f.write(" <code>%s</code>\n" % pkg.cpeid) if not pkg.is_status_ok("cpe"): - if pkg.cpeid: - f.write(" <br/>%s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 - (pkg.status['cpe'][1], ":".join(pkg.cpeid.split(":")[0:5]))) + if pkg.is_actual_package and pkg.current_version: + if pkg.cpeid: + f.write(" <br/>%s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 + (pkg.status['cpe'][1], ":".join(pkg.cpeid.split(":")[0:5]))) + else: + f.write(" %s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % # noqa: E501 + (pkg.status['cpe'][1], pkg.name)) else: - f.write(" %s <a href=\"https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=%s\">(Search)</a>\n" % - (pkg.status['cpe'][1], pkg.name)) + f.write(" %s\n" % pkg.status['cpe'][1]) f.write(" </td>\n")
- If a package doesn't have any versioning, ignore and state that - If a package is virtual, CVE=ignore and CPE state virtual - For any of these NA cases, don't provide search link and color box green Cc: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Matthew Weber <matthew.weber@collins.com> --- Changes v1 -> v2 [Yann - Update coloring of case when package is virtual, color boxes green for N/A of CPE and CVEs --- support/scripts/pkg-stats | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-)