[PATCH] cve-check: add option to format reports as comma seperated values

[PATCH] cve-check: add option to format reports as comma seperated values

[t.ulrich]

cve-check will check if CVE_CHECK_FORMAT_CSV is set and format the outputs (manifest etc.) as CSV for use in spreadsheets.

Signed-off-by: Timon Ulrich <t.ulrich@anapur.de>
---
 meta/classes/cve-check.bbclass | 49 +++++++++++++++++++++++++---------
 1 file changed, 37 insertions(+), 12 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2a530a0489..a7803c7aba 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -35,6 +35,7 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
+CVE_CHECK_FORMAT_CSV ??= "0"
 
 # Whitelist for packages (PN)
 CVE_CHECK_PN_WHITELIST ?= ""
@@ -98,10 +99,24 @@ python cve_check_write_rootfs_manifest () {
         manifest_name = d.getVar("CVE_CHECK_MANIFEST")
         cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
 
+        if d.getVar("CVE_CHECK_FORMAT_CSV") == "1":
+            manifest_name += ".csv"
+            
+            with open(cve_tmp_file, "r") as f:
+                db_update_timestamp = f.readline()
+                orig_tmp_file = f.readlines()[1:]
+            with open(cve_tmp_file, "w") as f:
+                f.write(db_update_timestamp+'\n')
+                f.write("PACKAGE NAME;PACKAGE VERSION;CVE;CVE STATUS;"
+                       "CVE SUMMARY;CVSS v2 BASE SCORE;CVSS v3 BASE SCORE;"
+                       "VECTOR;MORE INFORMATION\n")
+            with open(cve_tmp_file, "a") as f:
+                f.writelines(orig_tmp_file)
+
         shutil.copyfile(cve_tmp_file, manifest_name)
 
         if manifest_name and os.path.exists(manifest_name):
-            manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
+            manifest_link = os.path.join(deploy_dir, "%s.cve%s" % 
+ (link_name, ".csv" if d.getVar("CVE_CHECK_FORMAT_CSV") == "1" else 
+ ""))
             # If we already have another manifest, update symlinks
             if os.path.exists(os.path.realpath(manifest_link)):
                 os.remove(manifest_link) @@ -295,26 +310,32 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
 
     cve_file = d.getVar("CVE_CHECK_LOG")
     nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
+    eol_char = '\n' if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else ';'
     write_string = ""
     unpatched_cves = []
     bb.utils.mkdirhier(os.path.dirname(cve_file))
 
     for cve in sorted(cve_data):
-        write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
-        write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV")
-        write_string += "CVE: %s\n" % cve
+        write_string += "%s%s%c" % ("PACKAGE NAME: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", d.getVar("PN"), eol_char)
+        write_string += "%s%s%c" % ("PACKAGE VERSION: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", d.getVar("PV"), eol_char)
+        write_string += "%s%s%c" % ("CVE: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", cve, eol_char)
+        if d.getVar("CVE_CHECK_FORMAT_CSV") != "1":
+            write_string += "CVE STATUS: "
         if cve in whitelisted:
-            write_string += "CVE STATUS: Whitelisted\n"
+            write_string += "Whitelisted"
         elif cve in patched:
-            write_string += "CVE STATUS: Patched\n"
+            write_string += "Patched"
         else:
             unpatched_cves.append(cve)
-            write_string += "CVE STATUS: Unpatched\n"
-        write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
-        write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
-        write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
-        write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
-        write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
+            write_string += "Unpatched"
+        write_string += eol_char
+        write_string += "%s\"%s\"%c" % ("CVE SUMMARY: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", cve_data[cve]["summary"], eol_char)
+        write_string += "%s%s%c" % ("CVSS v2 BASE SCORE: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", cve_data[cve]["scorev2"], eol_char)
+        write_string += "%s%s%c" % ("CVSS v3 BASE SCORE: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", cve_data[cve]["scorev3"], eol_char)
+        write_string += "%s%s%c" % ("VECTOR: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", cve_data[cve]["vector"], eol_char)
+        write_string += "%s%s%s\n" % ("MORE INFORMATION: " if d.getVar("CVE_CHECK_FORMAT_CSV") != "1" else "", nvd_link, cve)
+        if d.getVar("CVE_CHECK_FORMAT_CSV") != "1":
+            write_string += '\n'
 
     if unpatched_cves:
         bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) @@ -328,6 +349,10 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
         bb.utils.mkdirhier(cve_dir)
         deploy_file = os.path.join(cve_dir, d.getVar("PN"))
         with open(deploy_file, "w") as f:
+            if d.getVar("CVE_CHECK_FORMAT_CSV") == "1":
+                f.write("PACKAGE NAME;PACKAGE VERSION;CVE;CVE STATUS;"
+                       "CVE SUMMARY;CVSS v2 BASE SCORE;CVSS v3 BASE SCORE;"
+                       "VECTOR;MORE INFORMATION\n")
             f.write(write_string)
 
     if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
--
2.17.1

✗ patchtest: failure for cve-check: add option to format reports as comma seperated values

[Patchwork]

== Series Details ==

Series: cve-check: add option to format reports as comma seperated values
Revision: 1
URL   : https://patchwork.openembedded.org/series/24000/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue             Series cannot be parsed correctly due to malformed diff lines [test_mbox_format] 
  Suggested fix    Create the series again using git-format-patch and ensure it can be applied using git am
  Diff line        Hunk is longer than expected

* Issue             Series does not apply on top of target branch [test_series_merge_on_head] 
  Suggested fix    Rebase your series on top of targeted branch
  Targeted branch  master (currently at a1353cc923)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe