[Buildroot] [PATCH v5 7/7] support/scripts/cpe-report: new script
Matt Weber
matthew.weber at rockwellcollins.com
Fri May 18 03:13:20 UTC 2018
The script supports looking up all the CPEs provided in a
make cpe-info csv file export from a target Buildroot build.
It checks the current version and suggests a CPE needs update
or possibly initial submission to NIST.
Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
---
Changes
v5
[Ricardo
- Updated v4 comments about general flake formatting cleanup
- Incorporated parts of patch 1/2 suggestions for optimizations
[Ricardo/Arnout
- Collectly, decided to move cpe report analysis to this
script and use a seperate module cpedb class
[Arnout
- Rename cpe_dict to instead be cpedb
v1 -> v4
- Patch did not exist and was part of pkg-stats file
---
support/scripts/cpe-report | 53 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100755 support/scripts/cpe-report
diff --git a/support/scripts/cpe-report b/support/scripts/cpe-report
new file mode 100755
index 0000000..036eab2
--- /dev/null
+++ b/support/scripts/cpe-report
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+
+import argparse
+import sys
+import csv
+from cpedb import CPEDB
+
+
+def get_target_cpe_report(cpe_report_file, cpedb):
+ report_cpe_exact_match = ""
+ report_cpe_needing_update = ""
+ report_cpe_missing = ""
+
+ print("CPE: Checking for matches...")
+ try:
+ with open(cpe_report_file) as cpe_file:
+ cpe_list = csv.reader(cpe_file)
+ next(cpe_list) # make cpe-info has a one line header
+ for cpe in cpe_list:
+ result = cpedb.find(cpe[0])
+ if not result:
+ result = cpedb.find_partial(cpedb.get_cpe_no_version(cpe[0]))
+ if not result:
+ report_cpe_missing += cpe[0] + "\n"
+ else:
+ report_cpe_needing_update += cpe[0] + "\n"
+ else:
+ report_cpe_exact_match += cpe[0] + "\n"
+ except (OSError, IOError) as e:
+ print("CPE: report csv file (%s): %s" % (e.errno, e.strerror))
+ sys.exit(1)
+
+ print("CPE: Found EXACT match:\n" + report_cpe_exact_match)
+ print("CPE: Found but REQUIRES UPDATE:\n" + report_cpe_needing_update)
+ print("CPE: Not found (proposing the following to be added):\n" + report_cpe_missing)
+
+
+def parse_args():
+ parser = argparse.ArgumentParser()
+ parser.add_argument('-c', dest='cpe_report', action='store', required=True,
+ help='CPE Report generated by make cpe-info (csv format)')
+ return parser.parse_args()
+
+
+def __main__():
+ args = parse_args()
+ cpedb = CPEDB()
+ cpedb.get_xml_dict()
+ print("Performing Target CPE Report Analysis...")
+ get_target_cpe_report(args.cpe_report, cpedb)
+
+
+__main__()
--
1.9.1
More information about the buildroot
mailing list