aboutsummaryrefslogtreecommitdiff
path: root/support
diff options
context:
space:
mode:
authorGravatar Thomas Petazzoni <thomas.petazzoni@bootlin.com>2020-12-04 16:46:00 +0100
committerGravatar Thomas Petazzoni <thomas.petazzoni@bootlin.com>2021-01-04 21:39:11 +0100
commitbd665d182c8131d2deafa39be0f3d89adb43643f (patch)
treee357b73d3e7b4daa4a589a7a72e19087f063e72d /support
parent78d7521f8230928d5839d1e6ec07d297440fcf02 (diff)
downloadbuildroot-bd665d182c8131d2deafa39be0f3d89adb43643f.tar.gz
buildroot-bd665d182c8131d2deafa39be0f3d89adb43643f.tar.bz2
support/scripts/pkg-stats: improve rendering of CVE information
This commit improves pkg-stats to fill in pkg.status['cve'] depending on the situation for CVEs affecting this package. They are then used in the HTML rendering. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'support')
-rwxr-xr-xsupport/scripts/pkg-stats36
1 files changed, 31 insertions, 5 deletions
diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats
index 9ec4d645e6..8a29531cd7 100755
--- a/support/scripts/pkg-stats
+++ b/support/scripts/pkg-stats
@@ -571,8 +571,10 @@ def check_package_cves(nvd_path, packages):
cpe_product_pkgs = defaultdict(list)
for pkg in packages:
if not pkg.has_valid_infra:
+ pkg.status['cve'] = ("na", "no valid package infra")
continue
if not pkg.current_version:
+ pkg.status['cve'] = ("na", "no version information available")
continue
if pkg.cpeid:
cpe_product = cvecheck.cpe_product(pkg.cpeid)
@@ -583,6 +585,13 @@ def check_package_cves(nvd_path, packages):
for cve in cvecheck.CVE.read_nvd_dir(nvd_path):
check_package_cve_affects(cve, cpe_product_pkgs)
+ for pkg in packages:
+ if 'cve' not in pkg.status:
+ if pkg.cves:
+ pkg.status['cve'] = ("error", "affected by CVEs")
+ else:
+ pkg.status['cve'] = ("ok", "not affected by CVEs")
+
def calculate_stats(packages):
stats = defaultdict(int)
stats['packages'] = len(packages)
@@ -693,6 +702,18 @@ td.cpe-unknown {
background: #ffd870;
}
+td.cve-ok {
+ background: #d2ffc4;
+}
+
+td.cve-nok {
+ background: #ff9a69;
+}
+
+td.cve-unknown {
+ background: #ffd870;
+}
+
</style>
<title>Statistics of Buildroot packages</title>
</head>
@@ -851,13 +872,18 @@ def dump_html_pkg(f, pkg):
# CVEs
td_class = ["centered"]
- if len(pkg.cves) == 0:
- td_class.append("correct")
+ if pkg.status['cve'][0] == "ok":
+ td_class.append("cve-ok")
+ elif pkg.status['cve'][0] == "error":
+ td_class.append("cve-nok")
else:
- td_class.append("wrong")
+ td_class.append("cve-unknown")
f.write(" <td class=\"%s\">\n" % " ".join(td_class))
- for cve in pkg.cves:
- f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
+ if pkg.status['cve'][0] == "error":
+ for cve in pkg.cves:
+ f.write(" <a href=\"https://security-tracker.debian.org/tracker/%s\">%s<br/>\n" % (cve, cve))
+ elif pkg.status['cve'][0] == "na":
+ f.write(" %s" % pkg.status['cve'][1])
f.write(" </td>\n")
# CPE ID