|
@@ -571,8 +571,10 @@ def check_package_cves(nvd_path, packages):
|
|
|
cpe_product_pkgs = defaultdict(list)
|
|
cpe_product_pkgs = defaultdict(list)
|
|
|
for pkg in packages:
|
|
for pkg in packages:
|
|
|
if not pkg.has_valid_infra:
|
|
if not pkg.has_valid_infra:
|
|
|
|
|
+ pkg.status['cve'] = ("na", "no valid package infra")
|
|
|
continue
|
|
continue
|
|
|
if not pkg.current_version:
|
|
if not pkg.current_version:
|
|
|
|
|
+ pkg.status['cve'] = ("na", "no version information available")
|
|
|
continue
|
|
continue
|
|
|
if pkg.cpeid:
|
|
if pkg.cpeid:
|
|
|
cpe_product = cvecheck.cpe_product(pkg.cpeid)
|
|
cpe_product = cvecheck.cpe_product(pkg.cpeid)
|
|
@@ -583,6 +585,13 @@ def check_package_cves(nvd_path, packages):
|
|
|
for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
|
|
for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
|
|
|
check_package_cve_affects(cve, cpe_product_pkgs)
|
|
check_package_cve_affects(cve, cpe_product_pkgs)
|
|
|
|
|
|
|
|
|
|
+ for pkg in packages:
|
|
|
|
|
+ if 'cve' not in pkg.status:
|
|
|
|
|
+ if pkg.cves:
|
|
|
|
|
+ pkg.status['cve'] = ("error", "affected by CVEs")
|
|
|
|
|
+ else:
|
|
|
|
|
+ pkg.status['cve'] = ("ok", "not affected by CVEs")
|
|
|
|
|
+
|
|
|
def calculate_stats(packages):
|
|
def calculate_stats(packages):
|
|
|
stats = defaultdict(int)
|
|
stats = defaultdict(int)
|
|
|
stats['packages'] = len(packages)
|
|
stats['packages'] = len(packages)
|
|
@@ -693,6 +702,18 @@ td.cpe-unknown {
|
|
|
background: #ffd870;
|
|
background: #ffd870;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+td.cve-ok {
|
|
|
|
|
+ background: #d2ffc4;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+td.cve-nok {
|
|
|
|
|
+ background: #ff9a69;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+td.cve-unknown {
|
|
|
|
|
+ background: #ffd870;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
</style>
|
|
</style>
|
|
|
<title>Statistics of Buildroot packages</title>
|
|
<title>Statistics of Buildroot packages</title>
|
|
|
</head>
|
|
</head>
|
|
@@ -851,13 +872,18 @@ def dump_html_pkg(f, pkg):
|
|
|
|
|
|
|
|
# CVEs
|
|
# CVEs
|
|
|
td_class = ["centered"]
|
|
td_class = ["centered"]
|
|
|
- if len(pkg.cves) == 0:
|
|
|
|
|
- td_class.append("correct")
|
|
|
|
|
|
|
+ if pkg.status['cve'][0] == "ok":
|
|
|
|
|
+ td_class.append("cve-ok")
|
|
|
|
|
+ elif pkg.status['cve'][0] == "error":
|
|
|
|
|
+ td_class.append("cve-nok")
|
|
|
else:
|
|
else:
|
|
|
- td_class.append("wrong")
|
|
|
|
|
|
|
+ td_class.append("cve-unknown")
|
|
|
f.write(" <td class=\"%s\">\n" % " ".join(td_class))
|
|
f.write(" <td class=\"%s\">\n" % " ".join(td_class))
|
|
|
- for cve in pkg.cves:
|
|
|
|
|
- f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
|
|
|
|
|
|
|
+ if pkg.status['cve'][0] == "error":
|
|
|
|
|
+ for cve in pkg.cves:
|
|
|
|
|
+ f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
|
|
|
|
|
+ elif pkg.status['cve'][0] == "na":
|
|
|
|
|
+ f.write(" %s" % pkg.status['cve'][1])
|
|
|
f.write(" </td>\n")
|
|
f.write(" </td>\n")
|
|
|
|
|
|
|
|
# CPE ID
|
|
# CPE ID
|
Thomas Petazzoni