NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support/scripts/pkg-stats: adapt to NVD v2 json format

Browse Source 
Commit 22b6945552 (support/scripts/cve.py: switch from NVD to FKIE for
the JSON files) missed the fact that the layout of the FKIE data files
are different from the original NVD ones. They are formatted according
to the NVD v2 API.

Most differences are relatively trivial fields renaming, and those are
easily spotted in this patch.

There is however one key difference in the layout of the configurations.
Where the NVD had "configurations" as an object with a "nodes" key, the
FKIE has a "configurations" as a list of objects with a single "nodes"
key; i.e. it is one-level deeper.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit is contained in:
Yann E. MORIN 2024-02-25 23:05:36 +01:00 committed by Arnout Vandecappelle
parent f71d9f49e5
commit 54f8d97c91
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
support/scripts/cve.py
View File

@ -128,7 +128,7 @@ class CVE:
filename = CVE.download_nvd_year(nvd_dir, year) filename = CVE.download_nvd_year(nvd_dir, year)
try: try:
uncompressed = subprocess.check_output(["xz", "-d", "-c", filename]) uncompressed = subprocess.check_output(["xz", "-d", "-c", filename])
content = ijson.items(uncompressed, 'CVE_Items.item') content = ijson.items(uncompressed, 'cve_items.item')
except: # noqa: E722 except: # noqa: E722
print("ERROR: cannot read %s. Please remove the file then rerun this script" % filename) print("ERROR: cannot read %s. Please remove the file then rerun this script" % filename)
raise raise
@ -155,11 +155,11 @@ class CVE:
for parsed_node in self.parse_node(child): for parsed_node in self.parse_node(child):
yield parsed_node yield parsed_node
for cpe in node.get('cpe_match', ()): for cpe in node.get('cpeMatch', ()):
if not cpe['vulnerable']: if not cpe['vulnerable']:
return return
product = cpe_product(cpe['cpe23Uri']) product = cpe_product(cpe['criteria'])
version = cpe_version(cpe['cpe23Uri']) version = cpe_version(cpe['criteria'])
# ignore when product is '-', which means N/A # ignore when product is '-', which means N/A
if product == '-': if product == '-':
return return
@ -191,7 +191,7 @@ class CVE:
v_end = cpe['versionEndExcluding'] v_end = cpe['versionEndExcluding']
yield { yield {
'id': cpe['cpe23Uri'], 'id': cpe['criteria'],
'v_start': v_start, 'v_start': v_start,
'op_start': op_start, 'op_start': op_start,
'v_end': v_end, 'v_end': v_end,
@ -199,14 +199,15 @@ class CVE:
} }
def each_cpe(self): def each_cpe(self):
for node in self.nvd_cve['configurations']['nodes']: for nodes in self.nvd_cve.get('configurations', []):
for node in nodes['nodes']:
for cpe in self.parse_node(node): for cpe in self.parse_node(node):
yield cpe yield cpe
@property @property
def identifier(self): def identifier(self):
"""The CVE unique identifier""" """The CVE unique identifier"""
return self.nvd_cve['cve']['CVE_data_meta']['ID'] return self.nvd_cve['id']
@property @property
def affected_products(self): def affected_products(self):