diff options
author | Michael Drake <michael.drake@codethink.co.uk> | 2015-04-16 14:25:08 +0000 |
---|---|---|
committer | Michael Drake <michael.drake@codethink.co.uk> | 2015-04-16 14:25:08 +0000 |
commit | 00b4efc1182039f10a4e797657457a1dfaaad39e (patch) | |
tree | 4c15f52efe91e35b409f8738e9532d58c1e81b0b /morphlib/plugins/cve_check_plugin.py | |
parent | 75c3c7df9b02ceded0e77f41eb019b3db0b46ac2 (diff) | |
download | morph-00b4efc1182039f10a4e797657457a1dfaaad39e.tar.gz |
Implement checking of version agains CVE ranges.
Change-Id: I028a255abb3be9ce1bcb8e90856e3b84a5527dd4
Diffstat (limited to 'morphlib/plugins/cve_check_plugin.py')
-rw-r--r-- | morphlib/plugins/cve_check_plugin.py | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/morphlib/plugins/cve_check_plugin.py b/morphlib/plugins/cve_check_plugin.py index 73351924..5d314c44 100644 --- a/morphlib/plugins/cve_check_plugin.py +++ b/morphlib/plugins/cve_check_plugin.py @@ -105,18 +105,23 @@ class CVEDetail: self.ranges = ranges def check_vulnerability(self, version): - print(' {}:'.format(self.id)) + v = Version(version) for r in self.ranges: - print(' version is {}; vulnerable range is: {} to {}'. - format(version, r[0], r[1])) + first = Version(r[0]) + last = Version(r[1]) + if v >= first and v <= last: + print(' {}:'.format(self.id)) + print(' version is {}; vulnerable range is: {} to {}'. + format(version, r[0], r[1])) class CVESoftware: """ A piece of software we track CVEs for """ - def __init__(self, name): + def __init__(self, name, filters): self.name = name + self.filters = filters self.cves = [] def add_cve(self, id, ranges): @@ -124,8 +129,12 @@ class CVESoftware: self.cves.append(cve) def check_vulnerability(self, version): + filtered_version = version + for f in self.filters: + filtered_version = re.sub(f[0], f[1], filtered_version) + for v in self.cves: - v.check_vulnerability(version) + v.check_vulnerability(filtered_version) class CVEDataBase: """ @@ -146,13 +155,19 @@ class CVEDataBase: def _handle_software(doc): software = None cves = [] + filters = [] for key, value in doc.iteritems(): if key == 'software': software = value elif key == 'vulnerabilities': for vuln in value: cves.append([vuln['id'], vuln['ranges']]) - self._add_software(software, cves) + elif key == 'tag-filters': + for filter in value: + filters.append([str(filter['match'] or ''), + str(filter['replacement'] or '')]) + + self._add_software(software, filters, cves) with open('cve.yaml') as f: docs = yaml.load_all(f) @@ -166,8 +181,8 @@ class CVEDataBase: else: _handle_software(doc) - def _add_software(self, name, cves): - sw = CVESoftware(name) + def _add_software(self, name, filters, cves): + sw = CVESoftware(name, filters) for v in cves: sw.add_cve(v[0], v[1]) self.db.append(sw) |