Skip to content

Commit

Permalink
fix: improvements product and metadata
Browse files Browse the repository at this point in the history
  • Loading branch information
mastersans committed Jun 3, 2024
1 parent 8e282c1 commit 452d43d
Showing 1 changed file with 36 additions and 7 deletions.
43 changes: 36 additions & 7 deletions cve_bin_tool/vex_manager/generate.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,33 @@ class VEXGenerate:
Remarks.Mitigated: "resolved",
Remarks.FalsePositive: "false_positive",
Remarks.NotAffected: "not_affected",
}
},
"csaf": {
Remarks.NewFound: "under_investigation",
Remarks.Unexplored: "under_investigation",
Remarks.Confirmed: "known_affected",
Remarks.Mitigated: "fixed",
Remarks.FalsePositive: "known_not_affected",
Remarks.NotAffected: "known_not_affected",
},
}

def __init__(
self,
product: str,
release: str,
vendor: str,
filename: str,
all_cve_data: dict[ProductInfo, CVEData],
vextype: str,
all_cve_data: dict[ProductInfo, CVEData],
sbom: str | None = None,
logger: Logger | None = None,
validate: bool = True,
):
self.product = product
self.release = release
self.vendor = vendor
self.sbom = sbom
self.filename = filename
self.vextype = vextype
self.logger = logger or LOGGER.getChild(self.__class__.__name__)
Expand All @@ -46,15 +62,18 @@ def generate_vex(self) -> None:
None
"""
vexgen = VEXGenerator(vex_type=self.vextype)
vexgen.set_product(name="generation-draft", release="1.0")
kwargs = {"name": self.product, "release": self.release}
if self.sbom:
kwargs["sbom"] = self.sbom
vexgen.set_product(**kwargs)
if Path(self.filename).is_file():
self.logger.warning(
f"Failed to write '{self.filename}'. File already exists"
)
self.logger.info("Generating a new filename with Default Naming Convention")
self.filename = self.generate_vex_filename()
vexgen.generate(
project_name="generation-draft",
project_name=self.product,
vex_data=self.get_vulnerabilities(),
metadata=self.get_metadata(),
filename=self.filename,
Expand All @@ -69,12 +88,18 @@ def generate_vex_filename(self) -> str:
"""
now = datetime.now().strftime("%Y-%m-%d.%H-%M-%S")
filename = os.path.abspath(
os.path.join(os.getcwd(), f"prle.{self.vextype}.{now}.json")
os.path.join(
os.getcwd(), f"{self.product}_{self.release}_{self.vextype}.{now}.json"
)
)
return filename

def get_metadata(self) -> dict:
metadata = {}
metadata = {
"id": f"{self.product.upper()}-{self.release}-VEX",
"supplier": self.vendor,
}
# other metadata can be added here
return metadata

def get_vulnerabilities(self) -> list[Vulnerability]:
Expand All @@ -86,7 +111,7 @@ def get_vulnerabilities(self) -> list[Vulnerability]:
"""
vulnerabilities = []
for product_info, cve_data in self.all_cve_data.items():
product, version, _, _ = product_info
product, version, vendor, _ = product_info
for cve in cve_data["cves"]:
if isinstance(cve, str):
continue
Expand All @@ -107,6 +132,10 @@ def get_vulnerabilities(self) -> list[Vulnerability]:
else cve.remarks.name
)
# more details will be added using set_value()
bom_version = 1
ref = f"urn:cbt:{bom_version}/{vendor}#{product}:{version}"

vulnerability.set_value("bom_link", ref)
vulnerability.set_value("action", detail)
vulnerability.set_value("source", cve.data_source)
vulnerability.set_value("updated", cve.last_modified)
Expand Down

0 comments on commit 452d43d

Please sign in to comment.