Skip to content

Commit

Permalink
cve-filter: Add variables to set the SCORE Cut off values
Browse files Browse the repository at this point in the history 
Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
  • Loading branch information
@mdrodrigo
mdrodrigo committed Jul 4, 2024
1 parent 2692b15 commit 61a3b96
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 1 deletion.
26 changes: 26 additions & 0 deletions classes/cve-filter.bbclass
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,18 @@
# Example: "CVE-2017-6264 CVE-2023-1234"
# Default: empty

# CVE_FILTER_SCORE_CUTOFF: Global cut off SCORE CVE value
# Set the global value of cut off CVE Score. CVE below the value set here
# will no be considered.
# Example: "9"
# Default: ""

# CVE_FILTER_SCOREV2_CUTTOFF and CVE_FILTER_SCOREV3_CUTTOFF:
# Set the value of cut off to SCOREV2 and V3.
# considered
# Example: "9"
# Default: "0"

# Set the PATH to find the old CVE Json list
CVE_FILTER_PREVIOUS_FILE ??= ""
CVE_FILTER_PREVIOUS_VERSION ??= "0.0.0"
Expand All @@ -51,6 +63,13 @@ CVE_FILTER_MARKDOWN_FILE = "${IMGDEPLOYDIR}/${CVE_FILTER_MARKDOWN_FILE_NAME}"
# List of CVE should be ignored Eg: CVE-2023-1234
CVE_FILTER_IGNORED_CVES ??= ""

# Global Score Cut Off value
CVE_FILTER_SCORE_CUTOFF ??= ""

# Cut off score V2 and V3 value
CVE_FILTER_SCOREV2_CUTOFF ??= "0"
CVE_FILTER_SCOREV3_CUTOFF ??= "0"

inherit python3native

python do_cve_filter (){
Expand All @@ -59,6 +78,9 @@ python do_cve_filter (){
previousFile = d.getVar("CVE_FILTER_PREVIOUS_FILE")
previousVersion = d.getVar("CVE_FILTER_PREVIOUS_VERSION")
cveIgnoreList = d.getVar("CVE_FILTER_IGNORED_CVES").split()
scoreCutOff = int(d.getVar("CVE_FILTER_SCORE_CUTOFF") or 0)
scoreV2CutOff = int(d.getVar("CVE_FILTER_SCOREV2_CUTOFF"))
scoreV3CutOff = int(d.getVar("CVE_FILTER_SCOREV3_CUTOFF"))

cve_prev = Cve()
cve_prev.setMarkdonFileName(d.getVar("CVE_FILTER_MARKDOWN_FILE"))
Expand All @@ -67,13 +89,17 @@ python do_cve_filter (){
if previousFile:
cve_prev.loadCVEfile(previousFile)
cve_prev.setCVEVersion(previousVersion)
cve_prev.setScoreV2CutOff(scoreV2CutOff or scoreCutOff)
cve_prev.setScoreV3CutOff(scoreV3CutOff or scoreCutOff)
cve_prev.setIgnoreCVEList(cveIgnoreList)
cve_prev.loadCVEData()
else:
bb.warn("Previous CVE File Not Defined!!!")

cve_curr.loadCVEfile(d.getVar("CVE_FILTER_CURRENT_FILE"))
cve_curr.setCVEVersion(d.getVar("CVE_FILTER_CURRENT_VERSION"))
cve_curr.setScoreV2CutOff(scoreV2CutOff or scoreCutOff)
cve_curr.setScoreV3CutOff(scoreV3CutOff or scoreCutOff)
cve_curr.setIgnoreCVEList(cveIgnoreList)
cve_curr.loadCVEData()
cve_prev.compareCVes(cve_curr)
Expand Down
10 changes: 9 additions & 1 deletion lib/ossystems/cve_filter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ def __init__(self):
self.__printIssues = []
self.__ignored_cves = []
self.__version = 0
self.__scoreV2cf = 0
self.__scoreV3cf = 0

# def __del__ (self):
# self.__cveJsonFile.close()
Expand Down Expand Up @@ -112,6 +114,12 @@ def setIgnoreCVEList(self, listcve):
def setCVEVersion(self, version=0):
self.__version = version

def setScoreV2CutOff(self, score):
self.__scoreV2cf = score

def setScoreV3CutOff(self, score):
self.__scoreV3cf = score

def getCVEPackages(self):
return self.__packages

Expand All @@ -126,7 +134,7 @@ def loadCVEData(self):
p = Package(pack["name"], pack["version"])
entry = False
for id in pack["issue"]:
if (float(id["scorev2"]) >= 9 or float(id["scorev3"]) >= 9) and id[
if (float(id["scorev2"]) >= self.__scoreV2cf or float(id["scorev3"]) >= self.__scoreV3cf) and id[
"status"
] != "Ignored":
if not (id["id"] in self.__ignored_cves):
Expand Down

0 comments on commit 61a3b96

Please sign in to comment.