Created
May 19, 2022 04:37
-
-
Save sfowl/4953f8a6372fe6b624564ee245374556 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import csv | |
import sys | |
# rhsa module comes from https://github.com/RedHatProductSecurity/cve-pylib | |
import rhsda | |
client = rhsda.ApiClient(logLevel="DEBUG") | |
def get_cve_data(params): | |
cves = client.cve_search_query(params, outFormat="list") | |
data = client.mget_cves( | |
cves=cves, | |
numThreads=16, | |
outFormat="json", | |
product="OpenShift Container Platform 4", | |
) | |
return data | |
def get_package_info(nevr): | |
if "/" in nevr: | |
# is a container | |
parts = nevr.split(":") | |
return parts[0], parts[1] | |
parts = nevr.split(":") | |
return parts[0].removesuffix("-0"), parts[1] | |
def get_rows(cve_data): | |
items = [] | |
advisory_to_cve_map = dict() | |
for cve in cve_data: | |
for p in cve.get("package_state", []): | |
if "OpenShift Container Platform 4" in p["product_name"]: | |
flaw_impact = cve["threat_severity"] | |
component_impact = p.get("impact", flaw_impact) | |
items.append([cve["name"], p["product_name"], flaw_impact, p["fix_state"], component_impact, p["package_name"], "", "", "", None]) | |
for advisory in cve.get("affected_release", []): | |
pname = advisory["product_name"] | |
if pname.startswith("Red Hat OpenShift Container Platform 4.9") or pname.startswith("Red Hat OpenShift Container Platform 4.10"): | |
advisory_id = advisory["advisory"] | |
try: | |
advisory_to_cve_map[advisory_id]["cves"].add((cve["name"], cve["threat_severity"])) | |
except KeyError: | |
advisory_info = { | |
"cves": set([(cve["name"], cve["threat_severity"])]), | |
} | |
advisory_info.update(advisory) | |
advisory_to_cve_map[advisory_id] = advisory_info | |
for advisory_id, a in sorted(advisory_to_cve_map.items()): | |
for c in a["cves"]: | |
package, version = get_package_info(a["package"]) | |
component_impact = a.get("impact", c[1]) | |
items.append([c[0], a["product_name"], c[1], "fixed", component_impact, package, version, advisory_id, a["cpe"], a["release_date"]]) | |
return items | |
def main(): | |
params = { | |
"after": "2020-01-01", | |
"product": "OpenShift Container Platform 4", | |
"severity": "important", | |
} | |
importants = get_cve_data(params) | |
rows = get_rows(importants) | |
params = { | |
"after": "2020-01-01", | |
"product": "OpenShift Container Platform 4", | |
"severity": "critical", | |
} | |
criticals = get_cve_data(params) | |
rows += get_rows(criticals) | |
writer = csv.writer(sys.stdout) | |
writer.writerow(["CVE", "Product Name", "Flaw Impact", "Status", "Component Impact", "Package", "Fixed Version", "Advisory", "CPE", "Release Date"]) | |
writer.writerows(sorted(rows)) | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment