aboutsummaryrefslogtreecommitdiffstats
path: root/bin/mitre/srtool_mitre.py
diff options
context:
space:
mode:
Diffstat (limited to 'bin/mitre/srtool_mitre.py')
-rwxr-xr-xbin/mitre/srtool_mitre.py41
1 files changed, 20 insertions, 21 deletions
diff --git a/bin/mitre/srtool_mitre.py b/bin/mitre/srtool_mitre.py
index 3928e51e..75789b7a 100755
--- a/bin/mitre/srtool_mitre.py
+++ b/bin/mitre/srtool_mitre.py
@@ -56,6 +56,8 @@ mitre_cache_dir = 'data/cache/mitre'
# Debugging support
verbose = False
+cmd_skip = 0
+cmd_count = 0
# Development support
overrides = {}
@@ -88,8 +90,7 @@ def srt_error_log(msg):
f1.close()
-# Newly discovered or updated CVEs default to NEW for triage
-# Inited CVEs default to HISTORICAL, unless they are within the courtesy CVE_INIT_NEW_DELTA
+# Newly discovered CVEs default to NEW_RESERVED if reserved, else NEW for triage
init_new_date = None
def get_cve_default_status(is_init,publishedDate,description):
global init_new_date
@@ -110,19 +111,10 @@ def get_cve_default_status(is_init,publishedDate,description):
#print("\nPreset new data = %s" % init_new_date.strftime("%Y-%m-%d"))
init_new_date = init_new_date.strftime("%Y-%m-%d")
- if is_init:
- # Note: the NIST 'published date' is in the format "2017-05-11", so do a simple string compare
- #print("INIT status: %s versus %s" % (init_new_date,publishedDate))
-# if not publishedDate or (publishedDate > init_new_date):
-# # Is this reserved by Mitre? Is '** RESERVED **' within the first 20 char positions?
-# reserved_pos = description.find('** RESERVED **')
-# if (0 <= reserved_pos) and (20 > reserved_pos):
-# return ORM.STATUS_NEW_RESERVED
-# else:
- if True:
- return ORM.STATUS_NEW
-# else:
-# return ORM.STATUS_HISTORICAL
+ # Is this reserved by Mitre? Is '** RESERVED **' within the first 20 char positions?
+ reserved_pos = description.find('** RESERVED **')
+ if (0 <= reserved_pos) and (20 > reserved_pos):
+ return ORM.STATUS_NEW_RESERVED
else:
return ORM.STATUS_NEW
@@ -269,9 +261,6 @@ def append_cve_database(is_init,file_xml):
tree = ET.parse(file_xml)
root = tree.getroot()
- # Max count for development cycle
- cmd_count = 20 if get_override('SRTDBG_MINIMAL_DB') else 0
-
conn = sqlite3.connect(srtDbName)
cur = conn.cursor()
cur_write = conn.cursor()
@@ -319,11 +308,11 @@ def append_cve_database(is_init,file_xml):
# Get the default CVE status
status = get_cve_default_status(is_init,summary['Published'],summary['Description'])
- # 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
+ # 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
sql = ''' INSERT into orm_cve (name, name_sort, priority, status, comments, comments_private, tags, cve_data_type, cve_data_format, cve_data_version, public, publish_state, publish_date, acknowledge_date, description, publishedDate, lastModifiedDate, recommend, recommend_list, cvssV3_baseScore, cvssV3_baseSeverity, cvssV2_baseScore, cvssV2_severity, srt_updated, srt_created, packages)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'''
- cur.execute(sql, (cve_name, get_name_sort(cve_name), ORM.PRIORITY_UNDEFINED, status, '', '', '', 'CVE', 'MITRE', '', 1, ORM.PUBLISH_UNPUBLISHED, '', summary['Description'], summary['Published'], summary['Modified'],0, '', '', '', '', '', '', datetime.now(), datetime.now(),''))
- # 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
+ cur.execute(sql, (cve_name, get_name_sort(cve_name), ORM.PRIORITY_UNDEFINED, status, '', '', '', 'CVE', 'MITRE', '', 1, ORM.PUBLISH_UNPUBLISHED, '', '', summary['Description'], summary['Published'], summary['Modified'],0, '', '', '', '', '', datetime.now(), datetime.now(),''))
+ # 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
cve_id = cur.lastrowid
print("MITRE:ADDED %20s\r" % cve_name)
@@ -410,6 +399,8 @@ def dump(file_xml):
def main(argv):
global verbose
+ global cmd_skip
+ global cmd_count
# setup
@@ -425,6 +416,8 @@ def main(argv):
parser.add_argument('--force', '-f', action='store_true', dest='force_update', help='Force update')
parser.add_argument('--update-skip-history', '-H', action='store_true', dest='update_skip_history', help='Skip history updates')
parser.add_argument('--verbose', '-v', action='store_true', dest='is_verbose', help='Enable verbose debugging output')
+ parser.add_argument('--skip', dest='skip', help='Debugging: skip record count')
+ parser.add_argument('--count', dest='count', help='Debugging: short run record count')
parser.add_argument('--dump', '-D', action='store_const', const='dump', dest='command', help='test dump data')
parser.add_argument('--dump2', '-2', action='store_const', const='dump2', dest='command', help='test dump data')
@@ -432,6 +425,12 @@ def main(argv):
if args.is_verbose:
verbose = True
+ if None != args.skip:
+ cmd_skip = int(args.skip)
+ if None != args.count:
+ cmd_count = int(args.count)
+ elif get_override('SRTDBG_MINIMAL_DB'):
+ cmd_count = 20
if 'dump' == args.command:
dump(mitre_cvrf_xml)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-18 17:31:07 +0000