cve_policy_filter: Upstream changed status keys
The upstream seems to have added a new 'fixedIn' key instead of just the 'notFixedYet' keys to the pkg map, so we need to change the logic for setting the correct status. The assumption of allfixed = fixed is because there are multiple packages and any one NotFixedYet will invalid the allfixed at the CVE level. Do some code clean-up along the way by removing get_status() Change-Id: Ib896655b8cf81af2a9531e87964d8e37f74da7c2 Signed-off-by: Saul Wold <sgw@linux.intel.com>
This commit is contained in:
parent
fb25b76817
commit
d7ca9a0a50
|
@ -118,7 +118,7 @@ def get_affectedpackages(data, cve_id):
|
|||
return: affected packages by the CVE and fix/unfix status of each package
|
||||
"""
|
||||
affectedpackages_list = []
|
||||
status_list = []
|
||||
allfixed = "fixed"
|
||||
try:
|
||||
affectedpackages = data["scannedCves"][cve_id]["affectedPackages"]
|
||||
except KeyError:
|
||||
|
@ -126,19 +126,9 @@ def get_affectedpackages(data, cve_id):
|
|||
else:
|
||||
for pkg in affectedpackages:
|
||||
affectedpackages_list.append(pkg["name"])
|
||||
status_list.append(pkg["notFixedYet"])
|
||||
return affectedpackages_list, status_list
|
||||
|
||||
def get_status(status_list):
|
||||
"""
|
||||
return: status of CVE. If one of the pkgs is not fixed, CVE is not fixed
|
||||
"""
|
||||
status = None
|
||||
if True in status_list:
|
||||
status = "unfixed"
|
||||
else:
|
||||
status = "fixed"
|
||||
return status
|
||||
if 'notFixedYet' in pkg and pkg["notFixedYet"] is True:
|
||||
allfixed = "unfixed"
|
||||
return affectedpackages_list, allfixed
|
||||
|
||||
def main():
|
||||
"""
|
||||
|
@ -186,7 +176,7 @@ def main():
|
|||
for cve in cves:
|
||||
cve_id = cve["id"]
|
||||
affectedpackages_list = []
|
||||
status_list = []
|
||||
allfixed = "fixed"
|
||||
try:
|
||||
nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Score"]
|
||||
cvss2vector = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Vector"]
|
||||
|
@ -209,9 +199,9 @@ def main():
|
|||
cve["ai"] = str(_ai)
|
||||
cve["summary"] = get_summary(data, cve_id)
|
||||
cve["sourcelink"] = get_source_link(data, cve_id)
|
||||
affectedpackages_list, status_list = get_affectedpackages(data, cve_id)
|
||||
affectedpackages_list, allfixed = get_affectedpackages(data, cve_id)
|
||||
cve["affectedpackages"] = affectedpackages_list
|
||||
cve["status"] = get_status(status_list)
|
||||
cve["status"] = allfixed
|
||||
cves_valid.append(cve)
|
||||
|
||||
for cve in cves_valid:
|
||||
|
|
Loading…
Reference in New Issue