Created
May 28, 2023 23:26
-
-
Save jspeed-meyers/65fe6f93e9c7c91f7596af457d53767f to your computer and use it in GitHub Desktop.
# find number of top 1000 python packages that have one or more CVEs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# find number of top 1000 python packages that have one or more CVEs | |
import json | |
# find all packages with a CVE | |
# Open the JSON file | |
with open("pyup_io_safety_db_python_cve.json") as file: | |
# Load the JSON data | |
data = json.load(file) | |
pkgs_with_cves = [] | |
for record in data: | |
try: | |
# only include records indicating CVEs | |
for advisory in data[record]: | |
if "CVE" in advisory["cve"]: | |
pkgs_with_cves.append(record) | |
break | |
except: | |
continue | |
pkgs_with_cves_set = set(pkgs_with_cves) | |
# import list of top 1000 packages | |
with open("top_1000_pkgs.txt") as file: | |
# Load the JSON data | |
top_repos = file.readlines() | |
# remove new lines to enable precise matching in boolean algebra below | |
top_repos = [repo.rstrip("\n") for repo in top_repos] | |
top_repos_set = set(top_repos) | |
print(top_repos_set) | |
# find intersection of packages with a CVE and top repos | |
top_pkgs_with_a_cve = pkgs_with_cves_set & top_repos_set | |
print(len(top_pkgs_with_a_cve)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment