feat: Added CI-PRE-CHECKER for VENDOR_PRODUCT

.github/workflows/checkers-action.yml

@@ -0,0 +1,27 @@
+name: checkers-action
+
+on:
+ push:
+ paths:
+ - 'cve_bin_tool/checkers/**'
+ pull_request:
+ paths:
+ - 'cve_bin_tool/checkers/**'
+
+jobs:
+ run-script:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Get changed files
+ id: changed-files
+ uses: jitterbit/get-changed-files@v1
+
+ - name: Run Python script
+ run: |
+ for file in ${{ steps.changed-files.outputs.added_modified }}; do
+ python cve_bin_tool/ci_pre_checker.py "$file"
+ done
+ shell: bash

cve_bin_tool/ci_pre_checker.py

@@ -0,0 +1,50 @@
+# Copyright (C) 2021 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+"""Testing script for checker-action.yml"""
+import ast
+import sqlite3
+import sys
+from pathlib import Path
+
+OLD_CACHE_DIR = Path("~").expanduser() / ".cache" / "cve-bin-tool" / "cve.db"
+
+
+def extract_vendor_product(file_path):
+ """Extract {vendor,product} pairs from given checker file"""
+ vendor_product = None
+ with open(file_path) as file:
+ inside_vendor_product = False
+ vendor_product_str = ""
+ for line in file:
+ if "VENDOR_PRODUCT" in line:
+ inside_vendor_product = True
+ if inside_vendor_product:
+ vendor_product_str += line.strip()
+ if line.strip().endswith("]"):
+ break
+ if vendor_product_str:
+ vendor_product = ast.literal_eval(vendor_product_str.split("=")[1].strip())
+ return vendor_product
+
+
+def query_database(file_path):
+ """Query the database and check whether all the {vendor,product} pairs have associated CVEs"""
+ vendor_product = extract_vendor_product(file_path)
+ dbcon = sqlite3.connect(OLD_CACHE_DIR)
+ cursor = dbcon.cursor()
+ for vendor, product in vendor_product:
+ cursor.execute(
+ "SELECT count(*) FROM cve_range WHERE vendor = ? AND product = ?",
+ (vendor, product),
+ )
+ result = cursor.fetchall()
+ # Failing Workflow
+ if result[0] == 0:
+ sys.exit(1)
+ # Indicate Success
+ sys.exit(0)
+
+
+# Caller Code
+file_path = sys.argv[1]
+query_database(file_path)