Merge ~sahnaseredini/ubuntu-cve-tracker:amir-dev-oval-pkgcve into ubuntu-cve-tracker:master
- Git
- lp:~sahnaseredini/ubuntu-cve-tracker
- amir-dev-oval-pkgcve
- Merge into master
Status: | Merged |
---|---|
Approved by: | Eduardo Barretto |
Approved revision: | 18d80992467cdbff057d1b66730b72028f3f8147 |
Merged at revision: | 1ac82430d607d6b30372f1709014f6f616dd6eb7 |
Proposed branch: | ~sahnaseredini/ubuntu-cve-tracker:amir-dev-oval-pkgcve |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
308 lines (+89/-30) 2 files modified
scripts/generate-oval (+46/-15) scripts/oval_lib.py (+43/-15) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Eduardo Barretto | Approve | ||
David Fernandez Gonzalez | Pending | ||
Review via email: mp+460242@code.launchpad.net |
Commit message
goals:
- to generate one file for all the different product/release
- to keep the previous functionality with an added option
Description of the change
changes:
- added an option to the code expand
- when’s it’s off all the oval data (from ubuntu, esm-infra, and esm-apps) is
combined in one output file
- by default this option is off and can be turned on by adding --expand
argument when running the code
- adding --expand would make the code behave like before by generating
different output files (from ubuntu, esm-infra, and esm-apps) for oval
- a function `_eligible_
Eduardo Barretto (ebarretto) wrote : | # |
Eduardo Barretto (ebarretto) wrote : | # |
There's a small fix needed.
In the criterion comment, it is showing up, for example, as 'esm-apps/jammy'. It should show as jammy.
Eduardo Barretto (ebarretto) wrote : | # |
lgtm, thanks for addressing my comment.
Amir Naseredini (sahnaseredini) wrote : | # |
Thanks for the review Eduardo.
Preview Diff
1 | diff --git a/scripts/generate-oval b/scripts/generate-oval | |||
2 | index bdb9902..920bba6 100755 | |||
3 | --- a/scripts/generate-oval | |||
4 | +++ b/scripts/generate-oval | |||
5 | @@ -103,6 +103,10 @@ def main(): | |||
6 | 103 | 'CVE OVAL') | 103 | 'CVE OVAL') |
7 | 104 | parser.add_argument('--fixed-only', action='store_true', | 104 | parser.add_argument('--fixed-only', action='store_true', |
8 | 105 | help='only generate pkg oval for fixed CVEs') | 105 | help='only generate pkg oval for fixed CVEs') |
9 | 106 | parser.add_argument('--expand', action='store_true', | ||
10 | 107 | help='avoids combining all the oval data into one ' | ||
11 | 108 | 'file and expands the output oval files into different ' | ||
12 | 109 | 'releases, such as esm-apps, esm-infra, and ubuntu') | ||
13 | 106 | 110 | ||
14 | 107 | args = parser.parse_args() | 111 | args = parser.parse_args() |
15 | 108 | pathnames = args.pathname or default_cves_to_process | 112 | pathnames = args.pathname or default_cves_to_process |
16 | @@ -150,6 +154,8 @@ def main(): | |||
17 | 150 | if release not in supported_releases: | 154 | if release not in supported_releases: |
18 | 151 | error(f"unknown oval release {release}") | 155 | error(f"unknown oval release {release}") |
19 | 152 | 156 | ||
20 | 157 | expand = args.expand | ||
21 | 158 | |||
22 | 153 | cache = {} | 159 | cache = {} |
23 | 154 | for release in supported_releases: | 160 | for release in supported_releases: |
24 | 155 | cve_cache = {} | 161 | cve_cache = {} |
25 | @@ -157,15 +163,15 @@ def main(): | |||
26 | 157 | 163 | ||
27 | 158 | if args.pkg_oval: | 164 | if args.pkg_oval: |
28 | 159 | if args.oci: | 165 | if args.oci: |
30 | 160 | generate_oval_package(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, ocioutdir) | 166 | generate_oval_package(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, ocioutdir, expand) |
31 | 161 | else: | 167 | else: |
33 | 162 | generate_oval_package(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only) | 168 | generate_oval_package(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, expand) |
34 | 163 | return | 169 | return |
35 | 164 | 170 | ||
36 | 165 | if args.oci: | 171 | if args.oci: |
38 | 166 | generate_oval_cve(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, ocioutdir) | 172 | generate_oval_cve(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, ocioutdir, expand) |
39 | 167 | else: | 173 | else: |
41 | 168 | generate_oval_cve(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only) | 174 | generate_oval_cve(releases, outdir, args.cve_prefix_dir, cache, cve_cache, args.oci, args.no_progress, args.packages, pathnames, args.fixed_only, expand) |
42 | 169 | return | 175 | return |
43 | 170 | 176 | ||
44 | 171 | 177 | ||
45 | @@ -199,7 +205,7 @@ def ignore_source_package(source): | |||
46 | 199 | return False | 205 | return False |
47 | 200 | 206 | ||
48 | 201 | 207 | ||
50 | 202 | def parse_cve_file(filepath, cache, pkg_filter=None): | 208 | def parse_cve_file(filepath, cache, pkg_filter=None, expand=False): |
51 | 203 | """ parse CVE data file into a dictionary using cve_lib """ | 209 | """ parse CVE data file into a dictionary using cve_lib """ |
52 | 204 | 210 | ||
53 | 205 | cve_header_data = { | 211 | cve_header_data = { |
54 | @@ -220,7 +226,6 @@ def parse_cve_file(filepath, cache, pkg_filter=None): | |||
55 | 220 | 'Unknown-Fields': [], | 226 | 'Unknown-Fields': [], |
56 | 221 | 'Source-note': filepath | 227 | 'Source-note': filepath |
57 | 222 | } | 228 | } |
58 | 223 | |||
59 | 224 | data = load_cve(filepath) | 229 | data = load_cve(filepath) |
60 | 225 | # first try a naive translation of fields | 230 | # first try a naive translation of fields |
61 | 226 | for f in cve_header_data: | 231 | for f in cve_header_data: |
62 | @@ -255,7 +260,7 @@ def parse_cve_file(filepath, cache, pkg_filter=None): | |||
63 | 255 | if rel not in supported_releases: | 260 | if rel not in supported_releases: |
64 | 256 | continue | 261 | continue |
65 | 257 | state, details = data['pkgs'][pkg][rel] | 262 | state, details = data['pkgs'][pkg][rel] |
67 | 258 | packages[pkg]['Releases'][rel] = oval_lib.CVEPkgRelEntry.parse_package_status(rel, pkg, state, details, filepath, cache) | 263 | packages[pkg]['Releases'][rel] = oval_lib.CVEPkgRelEntry.parse_package_status(rel, pkg, state, details, filepath, cache, oval_lib.find_release_codename(rel), expand) |
68 | 259 | 264 | ||
69 | 260 | # add supplemental packages; usually kernels only need this special case. | 265 | # add supplemental packages; usually kernels only need this special case. |
70 | 261 | for package in [name for name in packages if name in kernel_srcs]: | 266 | for package in [name for name in packages if name in kernel_srcs]: |
71 | @@ -435,9 +440,21 @@ def generate_oval_usn(outdir, usn, usn_releases, cve_dir, usn_db_dir, no_progres | |||
72 | 435 | 440 | ||
73 | 436 | return True | 441 | return True |
74 | 437 | 442 | ||
76 | 438 | def generate_oval_package(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oci, no_progress, packages, pathnames, fixed_only, ocioutdir=None): | 443 | def filter_releases_for_output(releases, ov): |
77 | 444 | output_releases = [] | ||
78 | 445 | for release in releases: | ||
79 | 446 | ov._init_ids(release) | ||
80 | 447 | if ov._eligible_for_output(release): | ||
81 | 448 | if ov.expand == False and 'esm' in ov.release: | ||
82 | 449 | output_releases.append(ov.release_codename) | ||
83 | 450 | else: | ||
84 | 451 | output_releases.append(release) | ||
85 | 452 | return output_releases | ||
86 | 453 | |||
87 | 454 | |||
88 | 455 | def generate_oval_package(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oci, no_progress, packages, pathnames, fixed_only, ocioutdir=None, expand=False): | ||
89 | 439 | if not no_progress: | 456 | if not no_progress: |
91 | 440 | print(f'[*] Generating OVAL PKG for packages in releases {", ".join(releases)}') | 457 | print('[*] Initiating OVAL Generation for PKG') |
92 | 441 | 458 | ||
93 | 442 | ov = oval_lib.OvalGeneratorPkg( | 459 | ov = oval_lib.OvalGeneratorPkg( |
94 | 443 | releases, | 460 | releases, |
95 | @@ -449,8 +466,15 @@ def generate_oval_package(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache | |||
96 | 449 | cve_cache=cve_cache, | 466 | cve_cache=cve_cache, |
97 | 450 | oval_format='dpkg', | 467 | oval_format='dpkg', |
98 | 451 | outdir=outdir, | 468 | outdir=outdir, |
100 | 452 | cve_prefix_dir=cve_prefix_dir | 469 | cve_prefix_dir=cve_prefix_dir, |
101 | 470 | expand=expand | ||
102 | 453 | ) | 471 | ) |
103 | 472 | |||
104 | 473 | output_releases = filter_releases_for_output(releases, ov) | ||
105 | 474 | |||
106 | 475 | if not no_progress: | ||
107 | 476 | print(f'[*] Generating OVAL PKG for packages in releases {", ".join(output_releases)}') | ||
108 | 477 | |||
109 | 454 | ov.generate_oval() | 478 | ov.generate_oval() |
110 | 455 | 479 | ||
111 | 456 | if oci: | 480 | if oci: |
112 | @@ -459,11 +483,11 @@ def generate_oval_package(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache | |||
113 | 459 | ov.generate_oval() | 483 | ov.generate_oval() |
114 | 460 | 484 | ||
115 | 461 | if not no_progress: | 485 | if not no_progress: |
117 | 462 | print(f'[X] Done generating OVAL PKG for packages in releases {", ".join(releases)}') | 486 | print(f'[X] Done generating OVAL PKG for packages in releases {", ".join(output_releases)}') |
118 | 463 | 487 | ||
120 | 464 | def generate_oval_cve(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oci, no_progress, packages, pathnames, fixed_only, ocioutdir=None): | 488 | def generate_oval_cve(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oci, no_progress, packages, pathnames, fixed_only, ocioutdir=None, expand=False): |
121 | 465 | if not no_progress: | 489 | if not no_progress: |
123 | 466 | print(f'[*] Generating OVAL CVE for packages in releases {",".join(releases)}') | 490 | print('[*] Initiating OVAL Generation for CVE') |
124 | 467 | 491 | ||
125 | 468 | ov = oval_lib.OvalGeneratorCVE( | 492 | ov = oval_lib.OvalGeneratorCVE( |
126 | 469 | releases, | 493 | releases, |
127 | @@ -475,8 +499,15 @@ def generate_oval_cve(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oc | |||
128 | 475 | cve_cache=cve_cache, | 499 | cve_cache=cve_cache, |
129 | 476 | oval_format='dpkg', | 500 | oval_format='dpkg', |
130 | 477 | outdir=outdir, | 501 | outdir=outdir, |
132 | 478 | cve_prefix_dir=cve_prefix_dir | 502 | cve_prefix_dir=cve_prefix_dir, |
133 | 503 | expand=expand | ||
134 | 479 | ) | 504 | ) |
135 | 505 | |||
136 | 506 | output_releases = filter_releases_for_output(releases, ov) | ||
137 | 507 | |||
138 | 508 | if not no_progress: | ||
139 | 509 | print(f'[*] Generating OVAL CVE for packages in releases {", ".join(output_releases)}') | ||
140 | 510 | |||
141 | 480 | ov.generate_oval() | 511 | ov.generate_oval() |
142 | 481 | 512 | ||
143 | 482 | if oci: | 513 | if oci: |
144 | @@ -485,7 +516,7 @@ def generate_oval_cve(releases, outdir, cve_prefix_dir, pkg_cache, cve_cache, oc | |||
145 | 485 | ov.generate_oval() | 516 | ov.generate_oval() |
146 | 486 | 517 | ||
147 | 487 | if not no_progress: | 518 | if not no_progress: |
149 | 488 | print(f'[X] Done generating OVAL CVE for packages in releases {", ".join(releases)}') | 519 | print(f'[X] Done generating OVAL CVE for packages in releases {", ".join(output_releases)}') |
150 | 489 | 520 | ||
151 | 490 | if __name__ == '__main__': | 521 | if __name__ == '__main__': |
152 | 491 | main() | 522 | main() |
153 | diff --git a/scripts/oval_lib.py b/scripts/oval_lib.py | |||
154 | index b30a987..e018d74 100644 | |||
155 | --- a/scripts/oval_lib.py | |||
156 | +++ b/scripts/oval_lib.py | |||
157 | @@ -191,20 +191,22 @@ def get_binarypkgs(cache, source_name, release): | |||
158 | 191 | return rel, binaries_map | 191 | return rel, binaries_map |
159 | 192 | 192 | ||
160 | 193 | class CVEPkgRelEntry: | 193 | class CVEPkgRelEntry: |
162 | 194 | def __init__(self, pkg, release, cve, status, note) -> None: | 194 | def __init__(self, pkg, release, cve, status, note, expand=False) -> None: |
163 | 195 | self.pkg = pkg | 195 | self.pkg = pkg |
164 | 196 | self.cve = cve | 196 | self.cve = cve |
165 | 197 | self.orig_status = status | 197 | self.orig_status = status |
166 | 198 | self.orig_note = note | 198 | self.orig_note = note |
167 | 199 | self.release = release | 199 | self.release = release |
169 | 200 | cve_info = CVEPkgRelEntry.parse_package_status(self.release, pkg.name, status, note, cve.number, None) | 200 | self.expand = expand |
170 | 201 | self.release_codename = find_release_codename(self.release) | ||
171 | 202 | cve_info = CVEPkgRelEntry.parse_package_status(self.release, pkg.name, status, note, cve.number, None, self.release_codename, self.expand) | ||
172 | 201 | 203 | ||
173 | 202 | self.note = cve_info['note'] | 204 | self.note = cve_info['note'] |
174 | 203 | self.status = cve_info['status'] | 205 | self.status = cve_info['status'] |
175 | 204 | self.fixed_version = cve_info['fix-version'] if self.status == 'fixed' else None | 206 | self.fixed_version = cve_info['fix-version'] if self.status == 'fixed' else None |
176 | 205 | 207 | ||
177 | 206 | @staticmethod | 208 | @staticmethod |
179 | 207 | def parse_package_status(release, package, status_text, note, filepath, cache): | 209 | def parse_package_status(release, package, status_text, note, filepath, cache, release_codename, expand=False): |
180 | 208 | """ parse ubuntu package status string format: | 210 | """ parse ubuntu package status string format: |
181 | 209 | <status code> (<version/notes>) | 211 | <status code> (<version/notes>) |
182 | 210 | outputs dictionary: { | 212 | outputs dictionary: { |
183 | @@ -216,6 +218,9 @@ class CVEPkgRelEntry: | |||
184 | 216 | 218 | ||
185 | 217 | # TODO fix for CVE Generator | 219 | # TODO fix for CVE Generator |
186 | 218 | 220 | ||
187 | 221 | if expand == False and 'esm' in release: | ||
188 | 222 | release = release_codename | ||
189 | 223 | |||
190 | 219 | # break out status code and detail | 224 | # break out status code and detail |
191 | 220 | code = status_text.lower() | 225 | code = status_text.lower() |
192 | 221 | detail = note.strip('()') if note else None | 226 | detail = note.strip('()') if note else None |
193 | @@ -355,8 +360,8 @@ class CVE: | |||
194 | 355 | return pkgs | 360 | return pkgs |
195 | 356 | 361 | ||
196 | 357 | 362 | ||
199 | 358 | def add_pkg(self, pkg_object, release, state, note): | 363 | def add_pkg(self, pkg_object, release, state, note, expand=False): |
200 | 359 | cve_pkg_entry = CVEPkgRelEntry(pkg_object, release, self, state, note) | 364 | cve_pkg_entry = CVEPkgRelEntry(pkg_object, release, self, state, note, expand) |
201 | 360 | self.pkg_rel_entries[str(pkg_object)] = cve_pkg_entry | 365 | self.pkg_rel_entries[str(pkg_object)] = cve_pkg_entry |
202 | 361 | self.pkgs.append(pkg_object) | 366 | self.pkgs.append(pkg_object) |
203 | 362 | pkg_object.add_cve(self) | 367 | pkg_object.add_cve(self) |
204 | @@ -497,7 +502,7 @@ class OvalGenerator: | |||
205 | 497 | supported_oval_elements = ('definition', 'test', 'object', 'state', 'variable') | 502 | supported_oval_elements = ('definition', 'test', 'object', 'state', 'variable') |
206 | 498 | generator_version = '2' | 503 | generator_version = '2' |
207 | 499 | oval_schema_version = '5.11.1' | 504 | oval_schema_version = '5.11.1' |
209 | 500 | def __init__(self, type, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg') -> None: | 505 | def __init__(self, type, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg', expand=False) -> None: |
210 | 501 | self.releases = releases | 506 | self.releases = releases |
211 | 502 | self.output_dir = outdir | 507 | self.output_dir = outdir |
212 | 503 | self.oval_format = oval_format | 508 | self.oval_format = oval_format |
213 | @@ -508,6 +513,7 @@ class OvalGenerator: | |||
214 | 508 | self.cve_paths = cve_paths | 513 | self.cve_paths = cve_paths |
215 | 509 | self.fixed_only = fixed_only | 514 | self.fixed_only = fixed_only |
216 | 510 | self.packages, self.cves = self._load(cve_prefix_dir, packages) | 515 | self.packages, self.cves = self._load(cve_prefix_dir, packages) |
217 | 516 | self.expand = expand | ||
218 | 511 | 517 | ||
219 | 512 | def _init_ids(self, release): | 518 | def _init_ids(self, release): |
220 | 513 | # e.g. codename for trusty/esm should be trusty | 519 | # e.g. codename for trusty/esm should be trusty |
221 | @@ -538,8 +544,14 @@ class OvalGenerator: | |||
222 | 538 | self.definition_id = self.release_id | 544 | self.definition_id = self.release_id |
223 | 539 | self.definition_step = 1 * 10 ** 5 | 545 | self.definition_step = 1 * 10 ** 5 |
224 | 540 | self.criterion_step = 10 | 546 | self.criterion_step = 10 |
227 | 541 | self.output_filepath = \ | 547 | self.output_filepath = '' |
228 | 542 | '{0}com.ubuntu.{1}.{2}.oval.xml'.format('oci.' if self.oval_format == 'oci' else '', self.release.replace('/', '_'), self.generator_type) | 548 | if self.expand == False and 'esm' in self.release: |
229 | 549 | self.output_filepath = \ | ||
230 | 550 | '{0}com.ubuntu.{1}.{2}.oval.xml'.format('oci.' if self.oval_format == 'oci' else '', self.release_codename, self.generator_type) | ||
231 | 551 | else: | ||
232 | 552 | self.output_filepath = \ | ||
233 | 553 | '{0}com.ubuntu.{1}.{2}.oval.xml'.format('oci.' if self.oval_format == 'oci' else '', self.release.replace('/', '_'), self.generator_type) | ||
234 | 554 | |||
235 | 543 | 555 | ||
236 | 544 | def _add_structure(self, root) -> None: | 556 | def _add_structure(self, root) -> None: |
237 | 545 | structure = {} | 557 | structure = {} |
238 | @@ -730,7 +742,7 @@ class OvalGenerator: | |||
239 | 730 | packages[package_name] = pkg_obj | 742 | packages[package_name] = pkg_obj |
240 | 731 | 743 | ||
241 | 732 | pkg_obj = packages[package_name] | 744 | pkg_obj = packages[package_name] |
243 | 733 | cve.add_pkg(pkg_obj, release, cve_data['pkgs'][package_name][release][0],cve_data['pkgs'][package_name][release][1]) | 745 | cve.add_pkg(pkg_obj, release, cve_data['pkgs'][package_name][release][0],cve_data['pkgs'][package_name][release][1], self.expand) |
244 | 734 | 746 | ||
245 | 735 | def _load(self, cve_prefix_dir, packages_filter=None) -> None: | 747 | def _load(self, cve_prefix_dir, packages_filter=None) -> None: |
246 | 736 | cve_lib.load_external_subprojects() | 748 | cve_lib.load_external_subprojects() |
247 | @@ -806,6 +818,14 @@ class OvalGenerator: | |||
248 | 806 | with open(os.path.join(self.output_dir, self.output_filepath), 'w') as file: | 818 | with open(os.path.join(self.output_dir, self.output_filepath), 'w') as file: |
249 | 807 | file.write(xmlstr) | 819 | file.write(xmlstr) |
250 | 808 | 820 | ||
251 | 821 | def _eligible_for_output(self, release): | ||
252 | 822 | if self.expand == False: | ||
253 | 823 | if self.release_codename == release and 'LTS' in cve_lib.release_name(release): | ||
254 | 824 | return False | ||
255 | 825 | elif 'esm-infra' in release: | ||
256 | 826 | return False | ||
257 | 827 | return True | ||
258 | 828 | |||
259 | 809 | # Object generators | 829 | # Object generators |
260 | 810 | def _generate_criteria(self) -> etree.Element: | 830 | def _generate_criteria(self) -> etree.Element: |
261 | 811 | criteria = etree.Element("criteria") | 831 | criteria = etree.Element("criteria") |
262 | @@ -1291,8 +1311,9 @@ class OvalGenerator: | |||
263 | 1291 | 1311 | ||
264 | 1292 | 1312 | ||
265 | 1293 | class OvalGeneratorPkg(OvalGenerator): | 1313 | class OvalGeneratorPkg(OvalGenerator): |
268 | 1294 | def __init__(self, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg') -> None: | 1314 | def __init__(self, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg',expand=False) -> None: |
269 | 1295 | super().__init__('pkg', releases, cve_paths, packages, progress, pkg_cache, fixed_only, cve_cache, cve_prefix_dir, outdir, oval_format) | 1315 | self.expand = expand |
270 | 1316 | super().__init__('pkg', releases, cve_paths, packages, progress, pkg_cache, fixed_only, cve_cache, cve_prefix_dir, outdir, oval_format, expand) | ||
271 | 1296 | 1317 | ||
272 | 1297 | def _generate_advisory(self, package: Package) -> etree.Element: | 1318 | def _generate_advisory(self, package: Package) -> etree.Element: |
273 | 1298 | advisory = etree.Element("advisory") | 1319 | advisory = etree.Element("advisory") |
274 | @@ -1488,11 +1509,13 @@ class OvalGeneratorPkg(OvalGenerator): | |||
275 | 1488 | else: | 1509 | else: |
276 | 1489 | self._populate_pkg(all_pkgs[pkg], root_element) | 1510 | self._populate_pkg(all_pkgs[pkg], root_element) |
277 | 1490 | 1511 | ||
279 | 1491 | self._write_oval_xml(xml_tree, root_element) | 1512 | if self._eligible_for_output(release): |
280 | 1513 | self._write_oval_xml(xml_tree, root_element) | ||
281 | 1492 | 1514 | ||
282 | 1493 | class OvalGeneratorCVE(OvalGenerator): | 1515 | class OvalGeneratorCVE(OvalGenerator): |
285 | 1494 | def __init__(self, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg') -> None: | 1516 | def __init__(self, releases, cve_paths, packages, progress, pkg_cache, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg', expand=False) -> None: |
286 | 1495 | super().__init__('cve', releases, cve_paths, packages, progress, pkg_cache, fixed_only, cve_cache, cve_prefix_dir, outdir, oval_format) | 1517 | self.expand = expand |
287 | 1518 | super().__init__('cve', releases, cve_paths, packages, progress, pkg_cache, fixed_only, cve_cache, cve_prefix_dir, outdir, oval_format, expand) | ||
288 | 1496 | 1519 | ||
289 | 1497 | # For CVE OVAL, the definition ID is generated | 1520 | # For CVE OVAL, the definition ID is generated |
290 | 1498 | # from the CVE ID | 1521 | # from the CVE ID |
291 | @@ -1737,7 +1760,8 @@ class OvalGeneratorCVE(OvalGenerator): | |||
292 | 1737 | self._set_definition_id(cve_id=all_cves[cve].number) | 1760 | self._set_definition_id(cve_id=all_cves[cve].number) |
293 | 1738 | self._generate_elements_from_cve(all_cves[cve], accepted_releases, root_element, running_kernel_id, pkg_cache, fixed_versions) | 1761 | self._generate_elements_from_cve(all_cves[cve], accepted_releases, root_element, running_kernel_id, pkg_cache, fixed_versions) |
294 | 1739 | 1762 | ||
296 | 1740 | self._write_oval_xml(xml_tree, root_element) | 1763 | if self._eligible_for_output(release): |
297 | 1764 | self._write_oval_xml(xml_tree, root_element) | ||
298 | 1741 | 1765 | ||
299 | 1742 | class OvalGeneratorUSNs(OvalGenerator): | 1766 | class OvalGeneratorUSNs(OvalGenerator): |
300 | 1743 | def __init__(self, release, release_name, cve_paths, packages, progress, pkg_cache, usn_db_dir, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg') -> None: | 1767 | def __init__(self, release, release_name, cve_paths, packages, progress, pkg_cache, usn_db_dir, fixed_only=True, cve_cache=None, cve_prefix_dir=None, outdir='./', oval_format='dpkg') -> None: |
301 | @@ -2646,3 +2670,7 @@ class OvalGeneratorUSN(): | |||
302 | 2646 | # remove tmp dir if empty | 2670 | # remove tmp dir if empty |
303 | 2647 | if not os.listdir(self.tmpdir): | 2671 | if not os.listdir(self.tmpdir): |
304 | 2648 | os.rmdir(self.tmpdir) | 2672 | os.rmdir(self.tmpdir) |
305 | 2673 | |||
306 | 2674 | def find_release_codename(release): | ||
307 | 2675 | return cve_lib.release_progenitor(release) if cve_lib.release_progenitor(release) else release.replace('/', '_') | ||
308 | 2676 |
Thanks, I'm running some tests and will let you know in case of issues. Nevertheless we should wait to merge this until next week so we can inform users of the upcoming change.