Skip to content

Commit

Permalink
cve-check-tool: version update + mapping file+csv2
Browse files Browse the repository at this point in the history 
Change-Id: Ia552934c3b7082e29fadb2adcbb977d6e2e73167
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1342
Tested-by: gerrit-photon <[email protected]>
Reviewed-by: suezzelur <[email protected]>
  • Loading branch information
@YustasSwamp @suezzelur
YustasSwamp authored and suezzelur committed Sep 1, 2016
1 parent 4e2e832 commit 6d1a2db
Show file tree
Hide file tree
Showing 4 changed files with 341 additions and 3 deletions.
149 changes: 149 additions & 0 deletions SPECS/cve-check-tool/csv2-output-plugin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
From e641c214cdb6cf5f098ace29199caa1b149f2afc Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <[email protected]>
Date: Wed, 31 Aug 2016 11:06:17 +0000
Subject: [PATCH] Alternative csv output

---
src/plugins/Makefile.am | 1 +
src/plugins/output/csv2/Makefile.am | 16 +++++++
src/plugins/output/csv2/csv2.c | 96 +++++++++++++++++++++++++++++++++++++
3 files changed, 113 insertions(+)
create mode 100644 src/plugins/output/csv2/Makefile.am
create mode 100644 src/plugins/output/csv2/csv2.c

diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 0d56f8e..2c728af 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -6,6 +6,7 @@ pkglib_LTLIBRARIES =
# Output plugins
include output/cli/Makefile.am
include output/csv/Makefile.am
+include output/csv2/Makefile.am
include output/html/Makefile.am

# Packaging plugins
diff --git a/src/plugins/output/csv2/Makefile.am b/src/plugins/output/csv2/Makefile.am
new file mode 100644
index 0000000..dd753d4
--- /dev/null
+++ b/src/plugins/output/csv2/Makefile.am
@@ -0,0 +1,16 @@
+pkglib_LTLIBRARIES += \
+ csv2.la
+
+csv2_la_SOURCES = \
+ output/csv2/csv2.c
+
+csv2_la_LIBADD = \
+ $(MODULE_COMMON_LIBS) \
+ ${top_builddir}/src/libcve.la
+
+csv2_la_CFLAGS = \
+ $(MODULE_COMMON_CFLAGS) \
+ $(AM_CFLAGS)
+
+csv2_la_LDFLAGS = \
+ $(MODULE_FLAGS)
diff --git a/src/plugins/output/csv2/csv2.c b/src/plugins/output/csv2/csv2.c
new file mode 100644
index 0000000..fe9f579
--- /dev/null
+++ b/src/plugins/output/csv2/csv2.c
@@ -0,0 +1,96 @@
+/*
+ * csv2.c - CSV output
+ *
+ * Copyright (C) 2016 Alexey Makhalov <[email protected]>
+ *
+ * cve-check-tool is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "config.h"
+#include "util.h"
+#include "cve-check-tool.h"
+#include "plugin.h"
+
+static bool csv_write_report(CveCheckTool *self)
+{
+ GHashTableIter iter;
+ gchar *key = NULL;
+ struct source_package_t *v = NULL;
+ struct cve_entry_t *entry = NULL;
+ GList *c = NULL;
+ FILE *fd = NULL;
+ bool ret = false;
+
+ if (self->output_file) {
+ fd = fopen(self->output_file, "w");
+ if (!fd) {
+ fprintf(stderr, "Unable to open %s for writing: %s\n", self->output_file, strerror(errno));
+ return false;
+ }
+ } else {
+ fd = stdout;
+ }
+
+ /* CVE score|CVE number|package name|CVE summary */
+ g_hash_table_iter_init(&iter, self->db);
+ while (g_hash_table_iter_next(&iter, (void**)&key, (void**)&v)) {
+ if (!v->issues && !v->patched && !self->show_unaffected) {
+ continue;
+ }
+ if (!v->issues && self->hide_patched) {
+ continue;
+ }
+ for (c = v->issues; c; c = c->next) {
+ entry = cve_db_get_cve(self->cve_db, (gchar*)c->data);
+ if (self->modified > 0 && entry->modified > self->modified) {
+ cve_free(entry);
+ continue;
+ }
+ if (fprintf(fd, "%s|%s|%s|%s\n", entry->score, entry->id, key, entry->summary) < 0) {
+ goto io_error;
+ }
+ }
+ }
+
+ ret = true;
+ goto success;
+
+io_error:
+ fprintf(stderr, "Error writing to file: %s\n", strerror(errno));
+success:
+ ret = true;
+ if (fd != stdout && self->output_file) {
+ fclose(fd);
+ }
+
+ return ret;
+}
+
+_module_export_ bool cve_plugin_module_init(CvePlugin *self)
+{
+ self->report = csv_write_report;
+ self->flags = PLUGIN_TYPE_REPORT;
+ self->name = "csv2";
+ return true;
+}
+
+/*
+ * Editor modelines - https://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 expandtab:
+ * :indentSize=8:tabSize=8:noTabs=true:
+ */
17 changes: 14 additions & 3 deletions SPECS/cve-check-tool/cve-check-tool.spec
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
Summary: cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs.
Name: cve-check-tool
Version: 5.6.2
Release: 2%{?dist}
Version: 5.6.4.1
Release: 1%{?dist}
Source0: cve-check-tool-%{version}.tar.gz
%define sha1 cve-check-tool=ccfa275fb8edccfdd977f1bbfc6713498769e347
%define sha1 cve-check-tool=880719673907f5e69ece5180e762611fa66f4ae2
Source1: packages-mapping.cfg
Patch0: report-type-option.patch
Patch1: csv2-output-plugin.patch
License: GPLv2
URL: https://github.com/ikeydoherty/cve-check-tool
Vendor: VMware, Inc.
Expand All @@ -27,6 +30,8 @@ The tool will identify potentially vunlnerable software packages within Linux di

%prep
%setup -q
%patch0 -p1
%patch1 -p1

%build
./autogen.sh
Expand All @@ -35,6 +40,7 @@ make %{?_smp_mflags} CFLAGS="-w"
%install
[ %{buildroot} != "/"] && rm -rf %{buildroot}/*
make install DESTDIR=%{buildroot}
install -m644 %{SOURCE1} %{buildroot}/usr/share/%{name}

%clean
rm -rf %{buildroot}/*
Expand All @@ -47,6 +53,11 @@ rm -rf %{buildroot}/*
%doc %{_mandir}/man1/*

%changelog
* Wed Aug 31 2016 Alexey Makhalov <[email protected]> 5.6.4.1-1
- Update to version 5.6.4.1 (commit 72e272d)
- Add packages mapping file for Photon OS
- new option '-r' to select report plugin to use
- csv2-output-plugin.patch for alternative csv output
* Tue May 24 2016 Priyesh Padmavilasom <[email protected]> 5.6.2-2
- GA - Bump release of all rpms
* Wed Feb 24 2016 Kumar Kaushik <[email protected]>
Expand Down
7 changes: 7 additions & 0 deletions SPECS/cve-check-tool/packages-mapping.cfg
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[Mapping]
linux-pam=Linux-PAM
network-manager=NetworkManager
xml_parser=XML-Parser
atftpd=atftp
linux_kernel=linux

171 changes: 171 additions & 0 deletions SPECS/cve-check-tool/report-type-option.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
From d00cb4b73a41fce2ffaa5c6313b6752dfc9ad046 Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <[email protected]>
Date: Wed, 31 Aug 2016 11:11:31 +0000
Subject: [PATCH] New option '-r' to select a report plugin

---
src/main.c | 69 +++++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 41 insertions(+), 28 deletions(-)

diff --git a/src/main.c b/src/main.c
index 8593c17..5bb16c9 100644
--- a/src/main.c
+++ b/src/main.c
@@ -283,8 +283,7 @@ static bool _show_version = false;
static bool skip_update = false;
static gchar *nvds = NULL;
static gchar *forced_type = NULL;
-static bool no_html = false;
-static bool csv_mode = false;
+static gchar *report_type = NULL;
static char *modified_stamp = NULL;
static gchar *mapping_file = NULL;
static gchar *output_file = NULL;
@@ -297,10 +296,9 @@ static GOptionEntry _entries[] = {
{ "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL },
{ "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL },
{ "type", 't', 0, G_OPTION_ARG_STRING, &forced_type, "Set package type to T", "T" },
- { "no-html", 'N', 0, G_OPTION_ARG_NONE, &no_html, "Disable HTML report", NULL },
+ { "report", 'r', 0, G_OPTION_ARG_STRING, &report_type, "Set report type to R", "R" },
{ "modified", 'm', 0, G_OPTION_ARG_STRING, &modified_stamp, "Ignore reports after modification date", "D" },
{ "srpm-dir", 's', 0, G_OPTION_ARG_STRING, &srpm_dir, "Source RPM directory", "S" },
- { "csv", 'c', 0, G_OPTION_ARG_NONE, &csv_mode, "Output CSV formatted data only", NULL },
{ "mapping", 'M', 0, G_OPTION_ARG_STRING, &mapping_file, "Path to a mapping file", NULL},
{ "output-file", 'o', 0, G_OPTION_ARG_STRING, &output_file, "Path to the output file (output plugin specific)", NULL},
{ "use-fractional-compare", 'f', 0, G_OPTION_ARG_NONE, &use_frac_compare, "CVE version string fractional compare", NULL },
@@ -387,7 +385,7 @@ static CvePlugin *plugin_for_path(GList *plugins, const char *path, bool recurse
return ret;
}

-static gchar *supported_packages(GList *plugins)
+static gchar *supported_plugins(GList *plugins)
{
uint len;
CvePlugin *plugin = NULL;
@@ -400,7 +398,7 @@ static gchar *supported_packages(GList *plugins)
plugin = g_list_nth_data(plugins, 0);

if (!asprintf(&r, "%s", plugin->name)) {
- fprintf(stderr, "supported_packages(): Out of memory\n");
+ fprintf(stderr, "supported_plugins(): Out of memory\n");
abort();
}

@@ -409,7 +407,7 @@ static gchar *supported_packages(GList *plugins)

plugin = g_list_nth_data(plugins, i);
if (!asprintf(&t, "%s, %s", r, plugin->name)) {
- fprintf(stderr, "supported_packages(): Out of memory\n");
+ fprintf(stderr, "supported_plugins(): Out of memory\n");
abort();
}
free(r);
@@ -479,6 +477,7 @@ int main(int argc, char **argv)
autofree(cve_string) *db_path = NULL;
autofree(CveDB) *cve_db = NULL;
GList *pkg_plugins = NULL;
+ GList *report_plugins = NULL;
int ret = EXIT_FAILURE;
CveToolInstance instance = { .pkg_plugin = NULL };
time_t ti;
@@ -501,13 +500,10 @@ int main(int argc, char **argv)
goto cleanup_no_lock;
}

- quiet = csv_mode || !no_html;
self->output_file = output_file;
self->cacert_file = cacert_file;

- if (!csv_mode && self->output_file) {
- quiet = false;
- }
+ quiet = !self->output_file;

if (_show_version) {
show_version();
@@ -569,6 +565,12 @@ int main(int argc, char **argv)
goto cleanup;
}

+ report_plugins = cve_plugin_get_by_cap(PLUGIN_TYPE_REPORT);
+ if (!report_plugins || g_list_length(report_plugins) < 1) {
+ fprintf(stderr, "Cannot find any reporting plugins on this system.\n");
+ goto cleanup;
+ }
+
if (srpm_dir) {
if (!cve_is_dir(srpm_dir)) {
fprintf(stderr, "srpm directory does not exist or is not a directory\n");
@@ -581,7 +583,7 @@ int main(int argc, char **argv)
if (forced_type) {
if (g_str_equal(forced_type, "list")) {
/* Print a list of 'em */
- autofree(gchar) *list = supported_packages(pkg_plugins);
+ autofree(gchar) *list = supported_plugins(pkg_plugins);
printf("Currently supported package types: %s\n", list);
goto cleanup;
} else {
@@ -599,6 +601,30 @@ int main(int argc, char **argv)
}
}

+ if (!report_type) {
+ report_type = "html";
+ }
+ if (g_str_equal(report_type, "list")) {
+ /* Print a list of 'em */
+ autofree(gchar) *list = supported_plugins(report_plugins);
+ printf("Currently supported report types: %s\n", list);
+ goto cleanup;
+ } else {
+ report = cve_plugin_get_by_name(report_type);
+ if (!report) {
+ fprintf(stderr, "Plugin \'%s\' not found.\n", report_type);
+ goto cleanup;
+ }
+ if (!(report->flags & PLUGIN_TYPE_REPORT)) {
+ fprintf(stderr, "Plugin \'%s\' is not a PLUGIN_TYPE_REPORT.\n", report_type);
+ goto cleanup;
+ }
+ if (!report->report) {
+ fprintf(stderr, "No usable output module\n");
+ goto cleanup;
+ }
+ }
+
if (argc != 2) {
fprintf(stderr, "Usage: %s [path-to-source-spec|path-to-source-list-file]\n", argv[0]);
goto cleanup;
@@ -787,22 +813,6 @@ int main(int argc, char **argv)
fprintf(stderr, "Scanned %d source file%s\n", size, size > 1 ? "s" : "");
}

- /* TODO: Switch to single output mode, with a report type set in
- * config and/or flags, i.e. -r html (preserve csv option though)
- */
- if (csv_mode) {
- report = cve_plugin_get_by_name("csv");
- } else if (!no_html) {
- report = cve_plugin_get_by_name("html");
- } else {
- report = cve_plugin_get_by_name("cli");
- }
-
- if (!report || !report->report) {
- fprintf(stderr, "No usable output module\n");
- goto cleanup;
- }
-
if (!report->report(self)) {
fprintf(stderr, "Report generation failed\n");
goto cleanup;
@@ -817,6 +827,9 @@ int main(int argc, char **argv)
if (pkg_plugins) {
g_list_free(pkg_plugins);
}
+ if (report_plugins) {
+ g_list_free(report_plugins);
+ }
if (self->db) {
g_hash_table_unref(self->db);
}

0 comments on commit 6d1a2db

Please sign in to comment.