diff options
| author | Michael Drake <michael.drake@codethink.co.uk> | 2015-04-15 15:17:08 +0000 |
|---|---|---|
| committer | Michael Drake <michael.drake@codethink.co.uk> | 2015-04-15 15:17:08 +0000 |
| commit | 408c622fa5edaa71dc82b39904ef6a8fba452586 (patch) | |
| tree | 0e26bbbc34c8171da74693510f14ca90ced61035 | |
| parent | 99659ebe04c8c97f76b5320251f6a628b5881cb8 (diff) | |
| download | morph-408c622fa5edaa71dc82b39904ef6a8fba452586.tar.gz | |
Avoid cloning repos that we don't have data for.
Change-Id: Iaa66d8f2f147f76ac2f2511be2aec97c4b341109
| -rw-r--r-- | morphlib/plugins/cve_check_plugin.py | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/morphlib/plugins/cve_check_plugin.py b/morphlib/plugins/cve_check_plugin.py index 812a4f3d..33b2bd24 100644 --- a/morphlib/plugins/cve_check_plugin.py +++ b/morphlib/plugins/cve_check_plugin.py @@ -56,8 +56,7 @@ class CVECheckPlugin(cliapp.Plugin): self.lrc, self.rrc = morphlib.util.new_repo_caches(self.app) self.resolver = morphlib.artifactresolver.ArtifactResolver() - self.cve_db = CVEDataBase() - self.version_guesser = VersionGuesser() + self.cve_db = CVEDataBase(self.lrc) for system_filename in system_filenames: self.certify_system(repo, ref, system_filename) @@ -93,19 +92,7 @@ class CVECheckPlugin(cliapp.Plugin): if source.morphology['kind'] != 'chunk': continue - name = source.morphology['name'] - ref = source.original_ref - - print(' Checking chunk: {}'.format(name)) - - # Ensure we have a cache of the repo - if not self.lrc.has_repo(source.repo_name): - self.lrc.cache_repo(source.repo_name) - - cached = self.lrc.get_repo(source.repo_name) - version = self.version_guesser.guess_version(cached, ref) - - self.cve_db.check_vulnerability(name, version) + self.cve_db.check_vulnerability(source) class CVEDetail: @@ -145,10 +132,12 @@ class CVEDataBase: Provides CVE checking functionality """ - def __init__(self): + def __init__(self, lrc): # TODO: In the future this will be loaded from a remote server # For now, we have a local YAML file, containing CVE data self.db = [] + self.lrc = lrc + self.version_guesser = VersionGuesser() def _handle_header(doc): if 'stream' not in doc.keys() or 'version' not in doc.keys(): @@ -183,12 +172,26 @@ class CVEDataBase: sw.add_cve(v[0], v[1]) self.db.append(sw) - def check_vulnerability(self, name, version): + def check_vulnerability(self, source): + name = source.morphology['name'] + for s in self.db: if s.name != name: continue - s.check_vulnerability(version) + print('Checking chunk: {}'.format(name)) + + def get_version(source): + # Ensure we have a cache of the repo + if not self.lrc.has_repo(source.repo_name): + self.lrc.cache_repo(source.repo_name) + + ref = source.original_ref + cached = self.lrc.get_repo(source.repo_name) + + return self.version_guesser.guess_version(cached, ref) + + s.check_vulnerability(get_version(source)) break |