#!/usr/bin/env python3
|
|
import argparse
|
import sys
|
import json
|
import subprocess
|
import os
|
from cpedb import CPEDB, CPE
|
|
|
def gen_update_xml_reports(cpeids, cpedb, output):
|
cpe_need_update = []
|
|
for cpe in cpeids:
|
result = cpedb.find(cpe)
|
if not result:
|
result = cpedb.find_partial(CPE.no_version(cpe))
|
if result:
|
cpe_need_update.append(cpe)
|
else:
|
print("WARNING: no match found for '%s'" % cpe)
|
|
for cpe in cpe_need_update:
|
xml = cpedb.gen_update_xml(cpe)
|
fname = CPE.product(cpe) + '-' + CPE.version(cpe) + '.xml'
|
print("Generating %s" % fname)
|
with open(os.path.join(output, fname), 'w+') as fp:
|
fp.write(xml)
|
|
print("Generated %d update files out of %d CPEs" % (len(cpe_need_update), len(cpeids)))
|
|
|
def get_cpe_ids():
|
print("Getting list of CPE for enabled packages")
|
cmd = ["make", "--no-print-directory", "show-info"]
|
js = json.loads(subprocess.check_output(cmd).decode("utf-8"))
|
return set([v["cpe-id"] for k, v in js.items() if "cpe-id" in v])
|
|
|
def resolvepath(path):
|
return os.path.abspath(os.path.expanduser(path))
|
|
|
def parse_args():
|
parser = argparse.ArgumentParser()
|
parser.add_argument('--output', dest='output',
|
help='Path to the output CPE update files', type=resolvepath, required=True)
|
parser.add_argument('--nvd-path', dest='nvd_path',
|
help='Path to the local NVD database', type=resolvepath, required=True)
|
return parser.parse_args()
|
|
|
def __main__():
|
args = parse_args()
|
if not os.path.isdir(args.output):
|
print("ERROR: output directory %s does not exist" % args.output)
|
sys.exit(1)
|
cpedb = CPEDB(args.nvd_path)
|
cpedb.get_xml_dict()
|
cpeids = get_cpe_ids()
|
gen_update_xml_reports(cpeids, cpedb, args.output)
|
|
|
if __name__ == "__main__":
|
__main__()
|
