ubuntu-buildroot/support/scripts/gen-missing-cpe

66 lines
1.9 KiB
Python
Executable File

#!/usr/bin/env python3
import argparse
import sys
import json
import subprocess
import os
from cpedb import CPEDB, CPE
def gen_update_xml_reports(cpeids, cpedb, output):
cpe_need_update = []
for cpe in cpeids:
result = cpedb.find(cpe)
if not result:
result = cpedb.find_partial(CPE.no_version(cpe))
if result:
cpe_need_update.append(cpe)
else:
print("WARNING: no match found for '%s'" % cpe)
for cpe in cpe_need_update:
xml = cpedb.gen_update_xml(cpe)
fname = CPE.product(cpe) + '-' + CPE.version(cpe) + '.xml'
print("Generating %s" % fname)
with open(os.path.join(output, fname), 'w+') as fp:
fp.write(xml)
print("Generated %d update files out of %d CPEs" % (len(cpe_need_update), len(cpeids)))
def get_cpe_ids():
print("Getting list of CPE for enabled packages")
cmd = ["make", "--no-print-directory", "show-info"]
js = json.loads(subprocess.check_output(cmd).decode("utf-8"))
return set([v["cpe-id"] for k, v in js.items() if "cpe-id" in v])
def resolvepath(path):
return os.path.abspath(os.path.expanduser(path))
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument('--output', dest='output',
help='Path to the output CPE update files', type=resolvepath, required=True)
parser.add_argument('--nvd-path', dest='nvd_path',
help='Path to the local NVD database', type=resolvepath, required=True)
return parser.parse_args()
def __main__():
args = parse_args()
if not os.path.isdir(args.output):
print("ERROR: output directory %s does not exist" % args.output)
sys.exit(1)
cpedb = CPEDB(args.nvd_path)
cpedb.get_xml_dict()
cpeids = get_cpe_ids()
gen_update_xml_reports(cpeids, cpedb, args.output)
if __name__ == "__main__":
__main__()