From f87023a0f10f63a727bafee920b9b2651c6f89b0 Mon Sep 17 00:00:00 2001 From: Sebastien Delafond Date: Tue, 19 Jul 2016 09:53:07 +0000 Subject: Use an actual description, and use unique IDs derived from CVE IDs CVS version numbers english/security/oval/parseJSON2Oval.py: 1.2 -> 1.3 english/security/oval/oval/definition/generator.py: 1.7 -> 1.8 --- english/security/oval/oval/definition/generator.py | 2 +- english/security/oval/parseJSON2Oval.py | 27 +++++++++++----------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/english/security/oval/oval/definition/generator.py b/english/security/oval/oval/definition/generator.py index 16be06585fd..0133c1d9614 100644 --- a/english/security/oval/oval/definition/generator.py +++ b/english/security/oval/oval/definition/generator.py @@ -457,7 +457,7 @@ def createDefinition (dsa, dsaref): metadata.appendChild ( __createXMLElement ("reference", attrs = {"source" : source, "ref_id" : ref_id, "ref_url" : "http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s" % ref_id}) ) #TODO: move this info to other place - metadata.appendChild ( __createXMLElement ("description", "What information can i put there?")) + metadata.appendChild ( __createXMLElement ("description", dsaref.get("actualDescription",""))) debianMetadata = __createXMLElement ("debian") if dsaref.has_key("date"): debianMetadata.appendChild ( __createXMLElement ("date", dsaref["date"]) ) diff --git a/english/security/oval/parseJSON2Oval.py b/english/security/oval/parseJSON2Oval.py index a38ce53d16d..44b5d1f5f08 100644 --- a/english/security/oval/parseJSON2Oval.py +++ b/english/security/oval/parseJSON2Oval.py @@ -38,16 +38,14 @@ def printdsas(dsaref): ovalDefinitions = oval.definition.generator.createOVALDefinitions (dsaref) oval.definition.generator.printOVALDefinitions (ovalDefinitions) -def parseJSON(json_data, id_num, year): +def parseJSON(json_data, year): """ Parse the JSON data and extract information needed for OVAL definitions - :param id_num: int id number to start at for defintions :param json_data: Json_Data :return: """ today = date.today() logging.log(logging.DEBUG, "Start of JSON Parse.") - d_num = id_num for package in json_data: logging.log(logging.DEBUG, "Parsing package %s" % package) for CVE in json_data[package]: @@ -66,14 +64,18 @@ def parseJSON(json_data, id_num, year): release.update({DEBIAN_VERSION[rel]: {u'all': { package: fixed_v}}}) - dsaref.update({str(d_num): {"packages": package, - 'description': "", - 'vulnerable': "yes", - 'date': str(today.isoformat()), - 'fixed': f_str, 'moreinfo': "", - 'release': release, 'secrefs': CVE}}) - logging.log(logging.DEBUG, "Created entry in dsaref %s" % d_num) - d_num += 1 + # print json.dumps(json_data[package][CVE]) + # sys.exit(1) + ovalId = CVE[3:].replace('-', '') + dsaref.update({ovalId: {"packages": package, + 'description': CVE, # "title" element in XML + 'vulnerable': "yes", + 'date': str(today.isoformat()), + 'fixed': f_str, + 'actualDescription': json_data[package][CVE].get("description",""), + 'moreinfo': "", + 'release': release, 'secrefs': CVE}}) + logging.log(logging.DEBUG, "Created entry in dsaref %s" % ovalId) def get_json_data(json_file): @@ -105,7 +107,6 @@ def main(args): json_file = args['JSONfile'] temp_file = args['tmp'] year = args['year'] - id_num = args['id'] if json_file: json_data = get_json_data(json_file) @@ -124,7 +125,7 @@ def main(args): logging.log(logging.DEBUG, "Removing file %s" % temp_file) os.remove(temp_file) - parseJSON(json_data, id_num, year) + parseJSON(json_data, year) #parsedirs (opts['-d'], '.data', 2) logging.log(logging.INFO, "Finished parsing JSON data") printdsas(dsaref) -- cgit v1.2.3