Ubuntu CVE Tracker

Merge ubuntu-cve-tracker:addin_nvd_to_ubuntu_table_pkg_status into ubuntu-cve-tracker:master

  1. Git
  2. lp:ubuntu-cve-tracker
  3. addin_nvd_to_ubuntu_table_pkg_status
  4. Merge into master
Proposed by Leonidas S. Barbosa
Status: Merged
Merged at revision: 2a7b05d1210306e7288c823cd5e2c6085cb7cf72
Proposed branch: ubuntu-cve-tracker:addin_nvd_to_ubuntu_table_pkg_status
Merge into: ubuntu-cve-tracker:master
Diff against target: 61 lines (+15/-3)
2 files modified
scripts/pkg_status (+4/-3)
scripts/ubuntu-table (+11/-0)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+424902@code.launchpad.net

Commit message

Adding --nvd priority filter to ubuntu-table and pkg_status scripts

Description of the change

Adding a new option to ubuntu-table and pkg_status so now the package/CVES can be listed by NVD priority if it has one.

Usage: ubunbu-table --supported --nvd -p <pkg> OR in pkg_status: pkg_status -n <pkg>

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm

review: Approve
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

thanks!
Merged

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/pkg_status b/scripts/pkg_status
2index b4f727c..78fe49b 100755
3--- a/scripts/pkg_status
4+++ b/scripts/pkg_status
5@@ -29,12 +29,13 @@ assigned=""
6 subproject=""
7 only_release=
8 skip_esm=
9-while getopts "hfrsaRS:" opt ; do
10+while getopts "hfrsanRS:" opt ; do
11 case "$opt" in
12 f) showfull="yes";;
13 r) only_release="--no-retired --only-release=$OPTARG";;
14 s) skip_esm="--skip-esm";;
15 a) assigned="--show-assignee";;
16+ n) nvd="--nvd";;
17 R) released_info="--show-released-version";;
18 S) subproject="--subproject=$OPTARG";;
19 h) help ; exit 0;;
20@@ -53,10 +54,10 @@ for p in "$@"; do
21 pkgs="${pkgs} -p ${p}"
22 done
23 if [ "$showfull" = "yes" ]; then
24- CVES=$(./scripts/ubuntu-table $only_release $skip_esm $subproject $assigned $released_info --supported $pkgs 2>/dev/null | sort -k 2 | grep -v '^ ' | awk '{print $1}')
25+ CVES=$(./scripts/ubuntu-table $only_release $skip_esm $subproject $assigned $released_info --supported $nvd $pkgs 2>/dev/null | sort -k 2 | grep -v '^ ' | awk '{print $1}')
26 echo "$CVES" | xargs ./scripts/cve_status -f
27 else
28- REPORT=$(./scripts/ubuntu-table $only_release $skip_esm $subproject $assigned $released_info --supported $pkgs 2>/dev/null)
29+ REPORT=$(./scripts/ubuntu-table $only_release $skip_esm $subproject $assigned $released_info --supported $nvd $pkgs 2>/dev/null)
30 if [ -n "$REPORT" ]; then
31 echo "$REPORT" | head -n1
32 echo "$REPORT" | tail -n +2 | sort -n
33diff --git a/scripts/ubuntu-table b/scripts/ubuntu-table
34index e57426e..eeb633c 100755
35--- a/scripts/ubuntu-table
36+++ b/scripts/ubuntu-table
37@@ -70,6 +70,7 @@ parser.add_option("--show-assignee", help="Show who the CVE is assigned to", act
38 parser.add_option("--show-released-version", help="Show the version a CVE was fixed released if it has the released info", action="store_true")
39 parser.add_option("--omit-status", help="Omit per-release status", action="store_true", default=False)
40 parser.add_option("--subproject", help="Show CVE status for a subproject", action="append", default=[])
41+parser.add_option("--nvd", help="Uses NVD priority instead of Ubuntu one", action="store_true")
42 (opt, args) = parser.parse_args()
43
44 # respect release_list from ~/.ubuntu-security-tools.conf
45@@ -147,6 +148,16 @@ else:
46 uems = []
47 (table, priority, cves, namemap, cveinfo) = cve_lib.load_table(cves, uems, opt)
48
49+if opt.nvd:
50+ for cve in priority.keys():
51+ # if we have the CVSS info in the CVE we want to change the priority
52+ # to the value in CVSS[0]['baseSeverity']
53+ if cveinfo[cve]['CVSS']:
54+ priority[cve]['default'] = cveinfo[cve]['CVSS'][0]['baseSeverity'].lower()
55+ # otherwise we keep the old info.
56+ else:
57+ pass
58+
59 if opt.html:
60 print('<table id="cves" class="table table-bordered table-hover">')
61 print(htmlTableHeader(opt.show_crd, opt.show_assignee))

Subscribers

People subscribed via source and target branches