diff options
Diffstat (limited to 'bin/common/srtool_common.py')
-rwxr-xr-x | bin/common/srtool_common.py | 58 |
1 files changed, 51 insertions, 7 deletions
diff --git a/bin/common/srtool_common.py b/bin/common/srtool_common.py index 62cc95dc..f7e09764 100755 --- a/bin/common/srtool_common.py +++ b/bin/common/srtool_common.py @@ -5,7 +5,7 @@ # # Security Response Tool Implementation # -# Copyright (C) 2017 Wind River Systems +# Copyright (C) 2017-2018 Wind River Systems # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as @@ -44,7 +44,9 @@ import pytz # it may not exist on the first pass try: from srt_schema import ORM -except ImportError: +except: + # Do a pass so that '--generate-schema-header' can fix it + print("Warning: srt_schema not yet created or bad format") pass srtDbName = 'srt.sqlite' @@ -287,7 +289,7 @@ def score_new_cves(cve_filter): # Scan the open CVEs if 'NEW' == cve_filter: - sql = "SELECT * FROM orm_cve WHERE (status='%s' OR status='%s') AND recommend_list = '';" % (ORM.STATUS_NEW,ORM.STATUS_NEW_RESERVED) + sql = "SELECT * FROM orm_cve WHERE (status='%s' OR status='%s');" % (ORM.STATUS_NEW,ORM.STATUS_NEW_RESERVED) cur.execute(sql) elif cve_filter.startswith('CVE-'): cur.execute('SELECT * FROM orm_cve WHERE name LIKE "'+cve_filter+'%"') @@ -312,9 +314,15 @@ def score_new_cves(cve_filter): record_count = 0 write_count = 0 ds_count = 0 + time_now = datetime.now() for i,cve in enumerate(cur): cve_name = cve[ORM.CVE_NAME] + if cve[ORM.CVE_SCORE_DATE]: + #cve_score_date = datetime.strptime(source[ORM.CVE_SCORE_DATE], '%Y-%m-%d %H:%M:%S') + # If there is any score_date, then nothing to do here + continue + # Progress indicator support if 0 == i % 10: print('%04d: %20s\r' % (i,cve_name), end='') @@ -349,9 +357,10 @@ def score_new_cves(cve_filter): sql = ''' UPDATE orm_cve SET recommend = ?, recommend_list = ?, - packages = ? + packages = ?, + score_date = ? WHERE id = ?''' - cur_write.execute(sql, (recommend, recommend_list, cve_packages, cve[ORM.CVE_ID])) + cur_write.execute(sql, (recommend, recommend_list, cve_packages, time_now.strftime('%Y-%m-%d %H:%M:%S'), cve[ORM.CVE_ID])) write_count += 1 if verbose: print(" %d:%s:%s" % (recommend,recommend_list,cve_packages)) @@ -486,11 +495,15 @@ def gen_schema_header(): fd.write(" %s_%s = %d\n" % ('DATASOURCE','WEEKLY' ,3)) fd.write(" %s_%s = %d\n" % ('DATASOURCE','MONTHLY' ,4)) fd.write(" %s_%s = %d\n" % ('DATASOURCE','ONDEMAND' ,5)) + fd.write(" %s_%s = %d\n" % ('DATASOURCE','ONSTARTUP' ,6)) + fd.write(" %s_%s = '%s'\n" % ('DATASOURCE','FREQUENCY_STR', \ + 'Minute,Hourly,Daily,Weekly,Monthly,OnDemand.OnStartup' \ + )) fd.write("\n") ################################# -# fix_name_sort +# fixups # # Recompute all of the CVE name_sort fields @@ -515,6 +528,31 @@ def fix_name_sort(): cur_write.execute(sql, (name_sort, cve[ORM.CVE_ID],)) conn.commit() +# Reset empty CVE recommend fields to the proper integer zero +def fix_cve_recommend(): + conn = sqlite3.connect(srtDbName) + cur = conn.cursor() + cur_write = conn.cursor() + + cur.execute('SELECT * FROM orm_cve WHERE recommend = ""') + i = 0 + for cve in cur: + i += 1 + name_sort = get_name_sort(cve[ORM.CVE_NAME]) + + # Progress indicator support + if 0 == i % 10: + print('%05d: %20s to %20s\r' % (i,cve[ORM.CVE_NAME],name_sort), end='') + if (0 == i % 200): + conn.commit() + + sql = ''' UPDATE orm_cve + SET recommend = ? + WHERE id = ?''' + cur_write.execute(sql, (0, cve[ORM.CVE_ID],)) + print("CVE RECOMMEND FIX COUNT=%d" % i) + conn.commit() + ################################# # main loop # @@ -529,11 +567,13 @@ def main(argv): parser.add_argument('--init-package-keywords', '-p', action='store_const', const='init_package_keywords', dest='command', help='Initialize package keywords') parser.add_argument('--init-notify-categories', '-n', action='store_const', const='init_notify_categories', dest='command', help='Initialize notify categories') parser.add_argument('--score-new-cves', '-s', dest='score_new_cves', help='Score CVEs for triage [NEW|CVE-1234]') - parser.add_argument('--generate-schema-header', action='store_const', const='gen_schema_header', dest='command', help='Generate database schema header') + parser.add_argument('--generate-schema-header', '-g', action='store_const', const='gen_schema_header', dest='command', help='Generate database schema header') + parser.add_argument('--force', '-f', action='store_true', dest='force', help='Force the update') parser.add_argument('--verbose', '-v', action='store_true', dest='verbose', help='Debugging: verbose output') parser.add_argument('--skip', dest='skip', help='Debugging: skip record count') parser.add_argument('--count', dest='count', help='Debugging: short run record count') parser.add_argument('--fix-name-sort', action='store_const', const='fix_name_sort', dest='command', help='Recalulate the CVE name sort values') + parser.add_argument('--fix-cve-recommend', action='store_const', const='fix_cve_recommend', dest='command', help='Fix the empty CVE recommend values') args = parser.parse_args() verbose = args.verbose @@ -554,8 +594,12 @@ def main(argv): score_new_cves(args.score_new_cves) elif 'gen_schema_header' == args.command: gen_schema_header() + ### TO-DO: TEMPORARY WORKAROUND + fix_cve_recommend() elif 'fix_name_sort' == args.command: fix_name_sort() + elif 'fix_cve_recommend' == args.command: + fix_cve_recommend() else: print("Command not found") |