NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support/scripts/pkg-stats: improve rendering of CVE information

Browse Source 
This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Thomas Petazzoni 2020-12-04 16:46:00 +01:00
parent 78d7521f82
commit bd665d182c
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
support/scripts/pkg-stats
View File

@ -571,8 +571,10 @@ def check_package_cves(nvd_path, packages):
cpe_product_pkgs = defaultdict(list) cpe_product_pkgs = defaultdict(list)
for pkg in packages: for pkg in packages:
if not pkg.has_valid_infra: if not pkg.has_valid_infra:
pkg.status['cve'] = ("na", "no valid package infra")
continue continue
if not pkg.current_version: if not pkg.current_version:
pkg.status['cve'] = ("na", "no version information available")
continue continue
if pkg.cpeid: if pkg.cpeid:
cpe_product = cvecheck.cpe_product(pkg.cpeid) cpe_product = cvecheck.cpe_product(pkg.cpeid)
@ -583,6 +585,13 @@ def check_package_cves(nvd_path, packages):
for cve in cvecheck.CVE.read_nvd_dir(nvd_path): for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
check_package_cve_affects(cve, cpe_product_pkgs) check_package_cve_affects(cve, cpe_product_pkgs)
for pkg in packages:
if 'cve' not in pkg.status:
if pkg.cves:
pkg.status['cve'] = ("error", "affected by CVEs")
else:
pkg.status['cve'] = ("ok", "not affected by CVEs")
def calculate_stats(packages): def calculate_stats(packages):
stats = defaultdict(int) stats = defaultdict(int)
stats['packages'] = len(packages) stats['packages'] = len(packages)
@ -693,6 +702,18 @@ td.cpe-unknown {
background: #ffd870; background: #ffd870;
} }
td.cve-ok {
background: #d2ffc4;
}
td.cve-nok {
background: #ff9a69;
}
td.cve-unknown {
background: #ffd870;
}
</style> </style>
<title>Statistics of Buildroot packages</title> <title>Statistics of Buildroot packages</title>
</head> </head>
@ -851,13 +872,18 @@ def dump_html_pkg(f, pkg):
# CVEs # CVEs
td_class = ["centered"] td_class = ["centered"]
if len(pkg.cves) == 0: if pkg.status['cve'][0] == "ok":
td_class.append("correct") td_class.append("cve-ok")
elif pkg.status['cve'][0] == "error":
td_class.append("cve-nok")
else: else:
td_class.append("wrong") td_class.append("cve-unknown")
f.write(" <td class=\"%s\">\n" % " ".join(td_class)) f.write(" <td class=\"%s\">\n" % " ".join(td_class))
if pkg.status['cve'][0] == "error":
for cve in pkg.cves: for cve in pkg.cves:
f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve)) f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
elif pkg.status['cve'][0] == "na":
f.write(" %s" % pkg.status['cve'][1])
f.write(" </td>\n") f.write(" </td>\n")
# CPE ID # CPE ID