From 99659ebe04c8c97f76b5320251f6a628b5881cb8 Mon Sep 17 00:00:00 2001
From: Michael Drake <michael.drake@codethink.co.uk>
Date: Wed, 15 Apr 2015 14:20:30 +0000
Subject: Load CVEs from YAML file, instead of hardcoding.

Change-Id: Id9b23df87a215d267edb577110391b5a63eca9f9
---
 morphlib/plugins/cve_check_plugin.py | 54 +++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/morphlib/plugins/cve_check_plugin.py b/morphlib/plugins/cve_check_plugin.py
index 3179d797..812a4f3d 100644
--- a/morphlib/plugins/cve_check_plugin.py
+++ b/morphlib/plugins/cve_check_plugin.py
@@ -17,10 +17,11 @@
 #
 # See: <http://wiki.baserock.org/guides/release-process> for more information.
 
-import warnings
-
 import re
+
 import cliapp
+import yaml
+
 import morphlib
 
 class CVECheckPlugin(cliapp.Plugin):
@@ -145,29 +146,36 @@ class CVEDataBase:
     """
 
     def __init__(self):
-        # TODO: In the future this could connect to a DB or load YAML data
-        #       For now it just creates a hardcoded DB
+        # TODO: In the future this will be loaded from a remote server
+        #       For now, we have a local YAML file, containing CVE data
         self.db = []
 
-        self._add_software('libpng',
-                           [['CVE-2014-9495', [['0',     '1.5.20'],
-                                               ['1.6.9', '1.6.15']]],
-                            ['CVE-2014-0333', [['1.6.0', '1.6.9' ]]]
-                           ])
-
-        self._add_software('openssl-new',
-                           [['CVE-2014-3567', [['1.0.1', '1.0.1i' ],
-                                               ['1.0.0', '1.0.0n' ],
-                                               ['0.9.8', '0.9.8zc']]],
-                            ['CVE-2014-3568', [['1.0.1', '1.0.1i' ],
-                                               ['1.0.0', '1.0.0n' ],
-                                               ['0.9.8', '0.9.8zc']]],
-                            ['CVE-2014-3513', [['1.0.1', '1.0.1i' ]]],
-                            ['CVE-2015-0289', [['1.0.2', '1.0.2'  ],
-                                               ['1.0.1', '1.0.1l' ],
-                                               ['1.0.0', '1.0.0q' ],
-                                               ['0.9.8', '0.9.8ze']]]
-                           ])
+        def _handle_header(doc):
+            if 'stream' not in doc.keys() or 'version' not in doc.keys():
+                raise InputError('Bad header')
+
+        def _handle_software(doc):
+            software = None
+            cves = []
+            for key, value in doc.iteritems():
+                if key == 'software':
+                    software = value
+                elif key == 'vulnerabilities':
+                    for vuln in value:
+                        cves.append([vuln['id'], vuln['ranges']])
+            self._add_software(software, cves)
+
+        with open('cve.yaml') as f:
+             docs = yaml.load_all(f)
+
+             for i, doc in enumerate(docs):
+                 if not doc:
+                     continue
+
+                 if i == 0:
+                     _handle_header(doc)
+                 else:
+                     _handle_software(doc)
 
     def _add_software(self, name, cves):
         sw = CVESoftware(name)
-- 
cgit v1.2.1