4 سال پیش · bd665d182c
--- a/support/scripts/pkg-stats
+++ b/support/scripts/pkg-stats
@@ -571,8 +571,10 @@ def check_package_cves(nvd_path, packages):
 
				     cpe_product_pkgs = defaultdict(list)
			
 
				     for pkg in packages:
			
 
				         if not pkg.has_valid_infra:
			
 
				+            pkg.status['cve'] = ("na", "no valid package infra")
			
 
				             continue
			
 
				         if not pkg.current_version:
			
 
				+            pkg.status['cve'] = ("na", "no version information available")
			
 
				             continue
			
 
				         if pkg.cpeid:
			
 
				             cpe_product = cvecheck.cpe_product(pkg.cpeid)
			
@@ -583,6 +585,13 @@ def check_package_cves(nvd_path, packages):
 
				     for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
			
 
				         check_package_cve_affects(cve, cpe_product_pkgs)
			
 
				 
			
 
				+    for pkg in packages:
			
 
				+        if 'cve' not in pkg.status:
			
 
				+            if pkg.cves:
			
 
				+                pkg.status['cve'] = ("error", "affected by CVEs")
			
 
				+            else:
			
 
				+                pkg.status['cve'] = ("ok", "not affected by CVEs")
			
 
				+
			
 
				 def calculate_stats(packages):
			
 
				     stats = defaultdict(int)
			
 
				     stats['packages'] = len(packages)
			
@@ -693,6 +702,18 @@ td.cpe-unknown {
 
				  background: #ffd870;
			
 
				 }
			
 
				 
			
 
				+td.cve-ok {
			
 
				+  background: #d2ffc4;
			
 
				+}
			
 
				+
			
 
				+td.cve-nok {
			
 
				+  background: #ff9a69;
			
 
				+}
			
 
				+
			
 
				+td.cve-unknown {
			
 
				+ background: #ffd870;
			
 
				+}
			
 
				+
			
 
				 </style>
			
 
				 <title>Statistics of Buildroot packages</title>
			
 
				 </head>
			
@@ -851,13 +872,18 @@ def dump_html_pkg(f, pkg):
 
				 
			
 
				     # CVEs
			
 
				     td_class = ["centered"]
			
 
				-    if len(pkg.cves) == 0:
			
 
				-        td_class.append("correct")
			
 
				+    if pkg.status['cve'][0] == "ok":
			
 
				+        td_class.append("cve-ok")
			
 
				+    elif pkg.status['cve'][0] == "error":
			
 
				+        td_class.append("cve-nok")
			
 
				     else:
			
 
				-        td_class.append("wrong")
			
 
				+        td_class.append("cve-unknown")
			
 
				     f.write("  <td class=\"%s\">\n" % " ".join(td_class))
			
 
				-    for cve in pkg.cves:
			
 
				-        f.write("   <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
			
 
				+    if pkg.status['cve'][0] == "error":
			
 
				+        for cve in pkg.cves:
			
 
				+            f.write("   <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
			
 
				+    elif pkg.status['cve'][0] == "na":
			
 
				+        f.write("    %s" % pkg.status['cve'][1])
			
 
				     f.write("  </td>\n")
			
 
				 
			
 
				     # CPE ID