cve_policy_filter: Upstream changed status keys
The upstream seems to have added a new 'fixedIn' key instead of just the 'notFixedYet' keys to the pkg map, so we need to change the logic for setting the correct status. The assumption of allfixed = fixed is because there are multiple packages and any one NotFixedYet will invalid the allfixed at the CVE level. Do some code clean-up along the way by removing get_status() Change-Id: Ib896655b8cf81af2a9531e87964d8e37f74da7c2 Signed-off-by: Saul Wold <sgw@linux.intel.com>
This commit is contained in:
parent
fb25b76817
commit
d7ca9a0a50
|
@ -118,7 +118,7 @@ def get_affectedpackages(data, cve_id):
|
||||||
return: affected packages by the CVE and fix/unfix status of each package
|
return: affected packages by the CVE and fix/unfix status of each package
|
||||||
"""
|
"""
|
||||||
affectedpackages_list = []
|
affectedpackages_list = []
|
||||||
status_list = []
|
allfixed = "fixed"
|
||||||
try:
|
try:
|
||||||
affectedpackages = data["scannedCves"][cve_id]["affectedPackages"]
|
affectedpackages = data["scannedCves"][cve_id]["affectedPackages"]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
|
@ -126,19 +126,9 @@ def get_affectedpackages(data, cve_id):
|
||||||
else:
|
else:
|
||||||
for pkg in affectedpackages:
|
for pkg in affectedpackages:
|
||||||
affectedpackages_list.append(pkg["name"])
|
affectedpackages_list.append(pkg["name"])
|
||||||
status_list.append(pkg["notFixedYet"])
|
if 'notFixedYet' in pkg and pkg["notFixedYet"] is True:
|
||||||
return affectedpackages_list, status_list
|
allfixed = "unfixed"
|
||||||
|
return affectedpackages_list, allfixed
|
||||||
def get_status(status_list):
|
|
||||||
"""
|
|
||||||
return: status of CVE. If one of the pkgs is not fixed, CVE is not fixed
|
|
||||||
"""
|
|
||||||
status = None
|
|
||||||
if True in status_list:
|
|
||||||
status = "unfixed"
|
|
||||||
else:
|
|
||||||
status = "fixed"
|
|
||||||
return status
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
"""
|
"""
|
||||||
|
@ -186,7 +176,7 @@ def main():
|
||||||
for cve in cves:
|
for cve in cves:
|
||||||
cve_id = cve["id"]
|
cve_id = cve["id"]
|
||||||
affectedpackages_list = []
|
affectedpackages_list = []
|
||||||
status_list = []
|
allfixed = "fixed"
|
||||||
try:
|
try:
|
||||||
nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Score"]
|
nvd2_score = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Score"]
|
||||||
cvss2vector = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Vector"]
|
cvss2vector = data["scannedCves"][cve_id]["cveContents"]["nvd"]["cvss2Vector"]
|
||||||
|
@ -209,9 +199,9 @@ def main():
|
||||||
cve["ai"] = str(_ai)
|
cve["ai"] = str(_ai)
|
||||||
cve["summary"] = get_summary(data, cve_id)
|
cve["summary"] = get_summary(data, cve_id)
|
||||||
cve["sourcelink"] = get_source_link(data, cve_id)
|
cve["sourcelink"] = get_source_link(data, cve_id)
|
||||||
affectedpackages_list, status_list = get_affectedpackages(data, cve_id)
|
affectedpackages_list, allfixed = get_affectedpackages(data, cve_id)
|
||||||
cve["affectedpackages"] = affectedpackages_list
|
cve["affectedpackages"] = affectedpackages_list
|
||||||
cve["status"] = get_status(status_list)
|
cve["status"] = allfixed
|
||||||
cves_valid.append(cve)
|
cves_valid.append(cve)
|
||||||
|
|
||||||
for cve in cves_valid:
|
for cve in cves_valid:
|
||||||
|
|
Loading…
Reference in New Issue