Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: checker-experiment #3873

Merged
merged 11 commits into from
Aug 9, 2024
Merged

feat: checker-experiment #3873

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
a1e428d
Merge pull request #1 from intel/main
joydeep049 Nov 1, 2023
f0bd35d
Merge pull request #4 from intel/main
joydeep049 Nov 3, 2023
97ec9a5
Merge pull request #5 from intel/main
joydeep049 Nov 9, 2023
829036e
Merge pull request #6 from intel/main
joydeep049 Jan 4, 2024
1d8812e
Merge pull request #11 from intel/main
joydeep049 Feb 18, 2024
f6805f0
Merge pull request #12 from intel/main
joydeep049 Feb 27, 2024
e102d46
feat: checker-experiment
joydeep049 Feb 27, 2024
f3fb022
fix: empty commit
joydeep049 Feb 27, 2024
944294c
feat: added spdx header
joydeep049 Aug 9, 2024
dd916b1
feat: minor changes
joydeep049 Aug 9, 2024
0684b9b
Merge branch 'main' into checker-experiment
joydeep049 Aug 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions experiments/checker-experiment.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Copyright (C) 2024 Intel Corporation
# SPDX-License-Identifier: GPL-3.0-or-later

"""
This experiment is an extension of the CI-Pre-Checker github action.(https://github.com/intel/cve-bin-tool/pull/3840)

This script aims to print any and all the checkers which have {product,version} pairs in their VENDOR_PRODUCT which do NOT have any associated,reported CVEs
After this experiment is done and all the pre-existing checkers are taken care of , we can proceed to add the CI-Pre-checker github action for any newly added/updated checkers.

-- Joydeep Tripathy (www.github.com/joydeep049)
"""

import ast
import os
import sqlite3
import sys
from pathlib import Path

OLD_CACHE_DIR = Path("~").expanduser() / ".cache" / "cve-bin-tool" / "cve.db"


def extract_vendor_product(file_path):
"""Extract {vendor,product} pairs from given checker file"""
vendor_product = None
with open(file_path) as file:
inside_vendor_product = False
vendor_product_str = ""
for line in file:
if "VENDOR_PRODUCT" in line:
inside_vendor_product = True
if inside_vendor_product:
vendor_product_str += line.strip()
if line.strip().endswith("]"):
break
if vendor_product_str:
vendor_product = ast.literal_eval(vendor_product_str.split("=")[1].strip())
return vendor_product


def query_database(file_path):
"""Query the database and check whether all the {vendor,product} pairs have associated CVEs"""
vendor_product = extract_vendor_product(file_path)
dbcon = sqlite3.connect(OLD_CACHE_DIR)
cursor = dbcon.cursor()
for vendor, product in vendor_product:
cursor.execute(
"SELECT count(*) FROM cve_range WHERE vendor = ? AND product = ?",
(vendor, product),
)
result = cursor.fetchall()
# Failing
if result[0] == 0:
return False
# Success
return True


directory = "/home/joydeep/dev/cve-bin-tool/cve_bin_tool/checkers"
value = None
# Iterate through the files in the directory
for filename in os.listdir(directory):
# Check if the file is a Python file and not __init__.py
if filename.endswith(".py") and filename != "__init__.py":
file_path = os.path.join(directory, filename)
value = query_database(file_path)
if value is False:
print("WARNING::")
sys.exit(1)
print(f"For {filename}: {value}")


"""

Result: All the pre-existing checkers are in the clear.
We can go ahead and add the github action.

"""
Loading