support/scripts/pkg-stats: sort CVEs in HTML output

While the old NVD JSON feed provided data files where the CVEs were
sorted by ID, the new feed from FKIE does not have sorted CVEs.

Add a method to sort a list of CVE IDs (i.e. CVE ID strings, not CVE
objects!), and use that when emiting the HTML output.

The JSON output need not be sorted, because it is supposed to be used
for post-processing, and we do not care about the ordering there; a
consumer interested in sorting should sort on their side.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit is contained in:
Yann E. MORIN 2024-02-25 23:05:37 +01:00 committed by Arnout Vandecappelle
parent 54f8d97c91
commit 75a3562324
2 changed files with 9 additions and 2 deletions

View File

@ -117,6 +117,13 @@ class CVE:
open(path_metaf, "w").write(page_meta.text)
return path_jsonf_xz
@staticmethod
def sort_id(cve_ids):
def cve_key(cve_id):
year, id_ = cve_id.split('-')[1:]
return (int(year), int(id_))
return sorted(cve_ids, key=cve_key)
@classmethod
def read_nvd_dir(cls, nvd_dir):
"""

View File

@ -1055,9 +1055,9 @@ def dump_html_pkg(f, pkg):
f.write(f' <div onclick="expandField(\'{data_field_id}\')" \
class="see-more centered cve_ignored">see all ({cve_total}) &#9662;</div>\n')
if pkg.is_status_error("cve"):
for cve in pkg.cves:
for cve in cvecheck.CVE.sort_id(pkg.cves):
f.write(f' <a href="https://security-tracker.debian.org/tracker/{cve}">{cve}</a><br/>\n')
for cve in pkg.unsure_cves:
for cve in cvecheck.CVE.sort_id(pkg.unsure_cves):
f.write(f' <a href="https://security-tracker.debian.org/tracker/{cve}">{cve} <i>(unsure)</i></a><br/>\n')
elif pkg.is_status_na("cve"):
f.write(f""" {pkg.status['cve'][1]}""")