From 75a3562324bd64d4d02edbcf840809863d4c266f Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Sun, 25 Feb 2024 23:05:37 +0100 Subject: [PATCH] support/scripts/pkg-stats: sort CVEs in HTML output While the old NVD JSON feed provided data files where the CVEs were sorted by ID, the new feed from FKIE does not have sorted CVEs. Add a method to sort a list of CVE IDs (i.e. CVE ID strings, not CVE objects!), and use that when emiting the HTML output. The JSON output need not be sorted, because it is supposed to be used for post-processing, and we do not care about the ordering there; a consumer interested in sorting should sort on their side. Signed-off-by: Yann E. MORIN Cc: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Arnout Vandecappelle --- support/scripts/cve.py | 7 +++++++ support/scripts/pkg-stats | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/support/scripts/cve.py b/support/scripts/cve.py index 747ad881c9..1a3c307e12 100755 --- a/support/scripts/cve.py +++ b/support/scripts/cve.py @@ -117,6 +117,13 @@ class CVE: open(path_metaf, "w").write(page_meta.text) return path_jsonf_xz + @staticmethod + def sort_id(cve_ids): + def cve_key(cve_id): + year, id_ = cve_id.split('-')[1:] + return (int(year), int(id_)) + return sorted(cve_ids, key=cve_key) + @classmethod def read_nvd_dir(cls, nvd_dir): """ diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats index afb746704a..9a4a3ccad5 100755 --- a/support/scripts/pkg-stats +++ b/support/scripts/pkg-stats @@ -1055,9 +1055,9 @@ def dump_html_pkg(f, pkg): f.write(f'
see all ({cve_total}) ▾
\n') if pkg.is_status_error("cve"): - for cve in pkg.cves: + for cve in cvecheck.CVE.sort_id(pkg.cves): f.write(f' {cve}
\n') - for cve in pkg.unsure_cves: + for cve in cvecheck.CVE.sort_id(pkg.unsure_cves): f.write(f' {cve} (unsure)
\n') elif pkg.is_status_na("cve"): f.write(f""" {pkg.status['cve'][1]}""")