Update filter to track won't fix or invalid bugs
The Security team wants to be able to mark bugs as Won't Fix or Invalid when the CVE pertains to an upstream component or driver that we do not include in StarlingX Story: 2007538 Task: 39357 Change-Id: I030f4ea0a7b9132b23796d7acf6c2650770b1d44 Signed-off-by: Saul Wold <sgw@linux.intel.com>
This commit is contained in:
parent
988b0fd88a
commit
ae486fa9af
@ -28,6 +28,7 @@ def print_html_report(cves_report, title):
|
|||||||
output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
|
output_text = template.render(cves_to_fix=cves_report["cves_to_fix"],\
|
||||||
cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
|
cves_to_fix_lp=cves_report["cves_to_fix_lp"],\
|
||||||
cves_to_track=cves_report["cves_to_track"],\
|
cves_to_track=cves_report["cves_to_track"],\
|
||||||
|
cves_wont_fix=cves_report["cves_wont_fix"],\
|
||||||
cves_w_errors=cves_report["cves_w_errors"],\
|
cves_w_errors=cves_report["cves_w_errors"],\
|
||||||
cves_to_omit=cves_report["cves_to_omit"],\
|
cves_to_omit=cves_report["cves_to_omit"],\
|
||||||
heads=heads,\
|
heads=heads,\
|
||||||
@ -77,6 +78,16 @@ def print_report(cves_report, title):
|
|||||||
cve_line.append(key + ":" + str(value))
|
cve_line.append(key + ":" + str(value))
|
||||||
print(cve_line)
|
print(cve_line)
|
||||||
|
|
||||||
|
print("\nCVEs with no plans to fix (Won't Fix or Invalid): %d \n" \
|
||||||
|
% (len(cves_report["cves_wont_fix"])))
|
||||||
|
for cve in cves_report["cves_wont_fix"]:
|
||||||
|
cve_line = []
|
||||||
|
for key, value in cve.items():
|
||||||
|
if key != "summary":
|
||||||
|
cve_line.append(key + ":" + str(value))
|
||||||
|
print(cve_line)
|
||||||
|
|
||||||
|
|
||||||
print("\nERROR: CVEs that have no cvss2Score or cvss2Vector: %d \n" \
|
print("\nERROR: CVEs that have no cvss2Score or cvss2Vector: %d \n" \
|
||||||
% (len(cves_report["cves_w_errors"])))
|
% (len(cves_report["cves_w_errors"])))
|
||||||
for cve in cves_report["cves_w_errors"]:
|
for cve in cves_report["cves_w_errors"]:
|
||||||
@ -142,6 +153,7 @@ def main():
|
|||||||
cves_to_fix_lp = []
|
cves_to_fix_lp = []
|
||||||
cves_to_track = []
|
cves_to_track = []
|
||||||
cves_w_errors = []
|
cves_w_errors = []
|
||||||
|
cves_wont_fix = []
|
||||||
cves_to_omit = []
|
cves_to_omit = []
|
||||||
cves_report = {}
|
cves_report = {}
|
||||||
|
|
||||||
@ -209,8 +221,13 @@ def main():
|
|||||||
and ("N" in cve["au"] or "S" in cve["au"])
|
and ("N" in cve["au"] or "S" in cve["au"])
|
||||||
and ("P" in cve["ai"] or "C" in cve["ai"])):
|
and ("P" in cve["ai"] or "C" in cve["ai"])):
|
||||||
if cve["status"] == "fixed":
|
if cve["status"] == "fixed":
|
||||||
if find_lp_assigned(cve["id"]):
|
bug = find_lp_assigned(cve["id"])
|
||||||
cves_to_fix_lp.append(cve)
|
if (bug):
|
||||||
|
print(bug["status"])
|
||||||
|
if (bug["status"] == "Invalid" or bug["status"] == "Won't Fix"):
|
||||||
|
cves_wont_fix.append(cve)
|
||||||
|
else:
|
||||||
|
cves_to_fix_lp.append(cve)
|
||||||
else:
|
else:
|
||||||
cves_to_fix.append(cve)
|
cves_to_fix.append(cve)
|
||||||
else:
|
else:
|
||||||
@ -222,6 +239,7 @@ def main():
|
|||||||
cves_report["cves_to_fix_lp"] = cves_to_fix_lp
|
cves_report["cves_to_fix_lp"] = cves_to_fix_lp
|
||||||
cves_report["cves_to_track"] = cves_to_track
|
cves_report["cves_to_track"] = cves_to_track
|
||||||
cves_report["cves_w_errors"] = cves_w_errors
|
cves_report["cves_w_errors"] = cves_w_errors
|
||||||
|
cves_report["cves_wont_fix"] = cves_wont_fix
|
||||||
cves_report["cves_to_omit"] = cves_to_omit
|
cves_report["cves_to_omit"] = cves_to_omit
|
||||||
|
|
||||||
print_report(cves_report, title)
|
print_report(cves_report, title)
|
||||||
|
@ -12,7 +12,6 @@ import os
|
|||||||
from os import path
|
from os import path
|
||||||
from launchpadlib.launchpad import Launchpad
|
from launchpadlib.launchpad import Launchpad
|
||||||
|
|
||||||
|
|
||||||
# Filter the open bugs
|
# Filter the open bugs
|
||||||
STATUSES = [
|
STATUSES = [
|
||||||
'New',
|
'New',
|
||||||
@ -22,6 +21,8 @@ STATUSES = [
|
|||||||
'In Progress',
|
'In Progress',
|
||||||
'Fix Committed',
|
'Fix Committed',
|
||||||
'Fix Released',
|
'Fix Released',
|
||||||
|
"Invalid",
|
||||||
|
"Won't Fix",
|
||||||
]
|
]
|
||||||
|
|
||||||
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
|
CACHEDIR = path.join('/tmp', os.environ['USER'], '.launchpadlib/cache')
|
||||||
@ -37,12 +38,13 @@ def search_upstrem_lps():
|
|||||||
('lplib.cookbook.json_fetcher', 'production',
|
('lplib.cookbook.json_fetcher', 'production',
|
||||||
CACHEDIR, version='devel')
|
CACHEDIR, version='devel')
|
||||||
project = launchpad.projects['starlingx']
|
project = launchpad.projects['starlingx']
|
||||||
tasks = project.searchTasks(status=STATUSES)
|
tasks = project.searchTasks(status=STATUSES, has_cve=True)
|
||||||
for task in tasks:
|
for task in tasks:
|
||||||
bug = task.bug
|
bug = task.bug
|
||||||
if ("cve" in bug.title.lower()):
|
if ("cve" in bug.title.lower()):
|
||||||
bug_dic = {}
|
bug_dic = {}
|
||||||
bug_dic['id'] = bug.id
|
bug_dic['id'] = bug.id
|
||||||
|
bug_dic['status'] = task.status
|
||||||
bug_dic['title'] = bug.title
|
bug_dic['title'] = bug.title
|
||||||
bug_dic['link'] = bug.self_link
|
bug_dic['link'] = bug.self_link
|
||||||
DATA.append(bug_dic)
|
DATA.append(bug_dic)
|
||||||
@ -75,6 +77,7 @@ def main():
|
|||||||
Sanity test
|
Sanity test
|
||||||
"""
|
"""
|
||||||
cve_ids = ["CVE-2019-0160",\
|
cve_ids = ["CVE-2019-0160",\
|
||||||
|
"CVE-2018-7536",\
|
||||||
"CVE-2019-11810",\
|
"CVE-2019-11810",\
|
||||||
"CVE-2019-11811",\
|
"CVE-2019-11811",\
|
||||||
"CVE-2018-15686",\
|
"CVE-2018-15686",\
|
||||||
|
@ -67,6 +67,29 @@
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</table>
|
</table>
|
||||||
|
<h2> CVEs that are Invalid or Won't Fix: {{cves_wont_fix | length}}</h2>
|
||||||
|
<table>
|
||||||
|
{% if cves_wont_fix|length >= 1 %}
|
||||||
|
<tr>
|
||||||
|
{% for head in heads %}
|
||||||
|
<th>{{head}}</th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
|
||||||
|
{% for cve in cves_wont_fix %}
|
||||||
|
<tr>
|
||||||
|
<td>{{cve["id"]}}</td>
|
||||||
|
<td>{{cve["status"]}}</td>
|
||||||
|
<td>{{cve["cvss2Score"]}}</td>
|
||||||
|
<td>{{cve["av"]}}</td>
|
||||||
|
<td>{{cve["ac"]}}</td>
|
||||||
|
<td>{{cve["au"]}}</td>
|
||||||
|
<td>{{cve["ai"]}}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
</table>
|
||||||
|
|
||||||
<h2> CVEs to omit: {{cves_to_omit | length}}</h2>
|
<h2> CVEs to omit: {{cves_to_omit | length}}</h2>
|
||||||
<table>
|
<table>
|
||||||
{% if cves_to_omit|length >= 1 %}
|
{% if cves_to_omit|length >= 1 %}
|
||||||
|
Loading…
Reference in New Issue
Block a user