[Buildroot] [PATCH 08/10] support/script/pkg-stats: show CPE ID in results
Matthew Weber
matthew.weber at rockwellcollins.com
Wed Nov 4 17:18:50 UTC 2020
Thomas / Greg,
On Wed, Nov 4, 2020 at 8:53 AM Thomas Petazzoni
<thomas.petazzoni at bootlin.com> wrote:
>
> From: Gregory CLEMENT <gregory.clement at bootlin.com>
>
> This commit improves the pkg-stats script to show the CPE ID of
> packages, if available. For now, it doesn't use CPE IDs to match CVEs.
>
Reviewed-by: Matt Weber <matthew.weber at rockwellcollins.com>
> Signed-off-by: Gregory CLEMENT <gregory.clement at bootlin.com>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> ---
> support/scripts/pkg-stats | 44 ++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 43 insertions(+), 1 deletion(-)
>
> diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats
> index 503cc45c16..0a48cf9581 100755
> --- a/support/scripts/pkg-stats
> +++ b/support/scripts/pkg-stats
> @@ -76,6 +76,7 @@ class Package:
> all_license_files = list()
> all_versions = dict()
> all_ignored_cves = dict()
> + all_cpeids = dict ()
> # This is the list of all possible checks. Add new checks to this list so
> # a tool that post-processeds the json output knows the checks before
> # iterating over the packages.
> @@ -96,6 +97,7 @@ class Package:
> self.current_version = None
> self.url = None
> self.url_worker = None
> + self.cpeid = None
> self.cves = list()
> self.latest_version = {'status': RM_API_STATUS_ERROR, 'version': None, 'id': None}
> self.status = {}
> @@ -210,6 +212,14 @@ class Package:
> if var in self.all_versions:
> self.current_version = self.all_versions[var]
>
> + def set_cpeid(self):
> + """
> + Fills in the .cpeid field
> + """
> + var = self.pkgvar()
> + if var in self.all_cpeids:
> + self.cpeid = self.all_cpeids[var]
> +
> def set_check_package_warnings(self):
> """
> Fills in the .warnings and .status['pkg-check'] fields
> @@ -333,7 +343,7 @@ def get_pkglist(npackages, package_list):
> def package_init_make_info():
> # Fetch all variables at once
> variables = subprocess.check_output(["make", "BR2_HAVE_DOT_CONFIG=y", "-s", "printvars",
> - "VARS=%_LICENSE %_LICENSE_FILES %_VERSION %_IGNORE_CVES"])
> + "VARS=%_LICENSE %_LICENSE_FILES %_VERSION %_IGNORE_CVES %_CPE_ID"])
> variable_list = variables.decode().splitlines()
>
> # We process first the host package VERSION, and then the target
> @@ -371,6 +381,9 @@ def package_init_make_info():
> pkgvar = pkgvar[:-12]
> Package.all_ignored_cves[pkgvar] = value.split()
>
> + elif pkgvar.endswith("_CPE_ID"):
> + pkgvar = pkgvar[:-7]
> + Package.all_cpeids[pkgvar] = value
I haven't dug that deep yet in the script, but would this populate
host and target CPE ID values? I know the Infrastructure does note
host/target so there is probably enough information to conditionally
pull the value.
More information about the buildroot
mailing list