Merge ubuntu-cve-tracker:check-cves-argparse into ubuntu-cve-tracker:master
- Git
- lp:ubuntu-cve-tracker
- check-cves-argparse
- Merge into master
Status: | Merged |
---|---|
Merged at revision: | d21d58c53de7daca802315de55c383e9206048fd |
Proposed branch: | ubuntu-cve-tracker:check-cves-argparse |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
323 lines (+67/-65) 1 file modified
scripts/check-cves (+67/-65) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Marc Deslauriers | Approve | ||
Review via email: mp+462473@code.launchpad.net |
Commit message
Deprecate optparse for argparse.
Description of the change
optparse is dead, long live argparse
> Deprecated since version 3.2: The optparse module is deprecated and will not be developed further; development will continue with the argparse module. [0]
Apologize for not using my fork.
Mark Esler (eslerm) wrote : | # |
Marc Deslauriers (mdeslaur) wrote : | # |
LGTM, ack, thanks!
Mark Esler (eslerm) wrote : | # |
Thanks Marc :)
Steve Beattie (sbeattie) wrote : | # |
On Fri, Mar 15, 2024 at 05:42:17AM -0000, Mark Esler wrote:
> argparse adds features, such as `choices`, I plan to use later
Note that this branch made a subtle change to the script's behavior;
when check-cves --import-
without a uri(s) argument; this branch or the followup commit
59653e29fcc (check-cves: allow argparse to use default uri if unset,
2024-03-15) causes the mitre-allitems to be loaded by check-cves.
Now, in an ideal world, this would actually happen and the description
from the mitre index would be used if its available when presenting
CVEs debian's tracker has but UCT does not yet, because debian's
description is significantly truncated. But that's not how check-cves
is currently implemented.
--
Steve Beattie
<email address hidden>
Preview Diff
1 | diff --git a/scripts/check-cves b/scripts/check-cves | |||
2 | index a4541ee..2e4ac9b 100755 | |||
3 | --- a/scripts/check-cves | |||
4 | +++ b/scripts/check-cves | |||
5 | @@ -18,7 +18,7 @@ | |||
6 | 18 | from datetime import datetime, timezone, date as datetime_date | 18 | from datetime import datetime, timezone, date as datetime_date |
7 | 19 | import json | 19 | import json |
8 | 20 | import math | 20 | import math |
10 | 21 | import optparse | 21 | import argparse |
11 | 22 | import os | 22 | import os |
12 | 23 | import os.path | 23 | import os.path |
13 | 24 | import random | 24 | import random |
14 | @@ -44,24 +44,28 @@ from uct.config import read_uct_config | |||
15 | 44 | # load settings, if any | 44 | # load settings, if any |
16 | 45 | uct_config = read_uct_config() | 45 | uct_config = read_uct_config() |
17 | 46 | 46 | ||
36 | 47 | parser = optparse.OptionParser() | 47 | # fmt: off |
37 | 48 | parser.add_option("-r", "--report", help="Just report CVEs that need checking", action="store_true") | 48 | parser = argparse.ArgumentParser(prog="check_cves", description="check_cves builds UCT with new CVE data") |
38 | 49 | parser.add_option("-v", "--verbose", help="Report verbose XML details", action="store_true") | 49 | parser.add_argument('uris', nargs='+', default=["https://cve.mitre.org/cve/downloads/allitems.xml",]) |
39 | 50 | parser.add_option("-k", "--known", help="Only report CVEs already known", action="store_true") | 50 | parser.add_argument("-r", "--report", help="Just report CVEs that need checking", action="store_true") |
40 | 51 | parser.add_option("-N", "--skip-nfu", help="Skip any CVEs marked as NFU (used with -k)", action="store_true") | 51 | parser.add_argument("-v", "--verbose", help="Report verbose details", action="store_true") |
41 | 52 | parser.add_option("-R", "--refresh", help="Refresh CVE descriptions", action="store_true") | 52 | parser.add_argument("-d", "--debug", help="Report debugging information", action="store_true") |
42 | 53 | parser.add_option("-S", "--score-refresh", help="Refresh CVSS scores values only", action="store_true") | 53 | parser.add_argument("-k", "--known", help="Only report CVEs already known", action="store_true") |
43 | 54 | parser.add_option("", "--test", help="NO LONGER SUPPORTED, see test_uct_suggestions.py", action="help") | 54 | parser.add_argument("-N", "--skip-nfu", help="Skip any CVEs marked as NFU (used with -k)", action="store_true") |
44 | 55 | parser.add_option("--untriaged", help="Process untriaged CVEs from output of locate_cves.py", metavar="FILE") | 55 | parser.add_argument("-R", "--refresh", help="Refresh CVE descriptions", action="store_true") |
45 | 56 | parser.add_option("--mbox", help="Process untriaged CVEs from mbox file", metavar="FILE") | 56 | parser.add_argument("-S", "--score-refresh", help="Refresh CVSS scores values only", action="store_true") |
46 | 57 | parser.add_option("--rhel8oval", help="Process untriaged RHEL8 CVEs", metavar="FILE") | 57 | # TODO: implement --refresh choices |
47 | 58 | parser.add_option("--import-missing-debian", help="Process missing Debian CVEs", action="store_true") | 58 | # parser.add_argument("-R", "--refresh", choices=["all", "cvss", "description", "public_date", "urls"], help="Refresh CVE data") |
48 | 59 | parser.add_option("--debug", help="Report debugging information", action="store_true") | 59 | parser.add_argument("--untriaged", help="Process untriaged CVEs from output of locate_cves.py", metavar="FILE") |
49 | 60 | parser.add_option("--cve", help="Check only the listed comma-separated CVEs and ignore others", action="store") | 60 | parser.add_argument("--mbox", help="Process untriaged CVEs from mbox file", metavar="FILE") |
50 | 61 | parser.add_option("--mistriaged", help="Process the specified number of possible mistriaged CVEs compared to Debian\n" | 61 | parser.add_argument("--import-missing-debian", help="Process missing Debian CVEs", action="store_true") |
51 | 62 | "Implies --import-missing-debian", | 62 | # TODO: deprecate --rhel8oval, upstream data stream has ended |
52 | 63 | action="store", type=int, default=0) | 63 | parser.add_argument("--rhel8oval", help="Process untriaged RHEL8 CVEs", metavar="FILE") |
53 | 64 | (opt, args) = parser.parse_args() | 64 | parser.add_argument("--cve", help="Check only the listed comma-separated CVEs and ignore others", action="store") |
54 | 65 | parser.add_argument("-e", "--experimental", help="Enable experimental mode", action="store_true") | ||
55 | 66 | parser.add_argument("--mistriaged", help="Process the specified number of possible mistriaged CVEs compared to Debian\nImplies --import-missing-debian", action="store", type=int, default=0) | ||
56 | 67 | args = parser.parse_args() | ||
57 | 68 | # fmt: on | ||
58 | 65 | 69 | ||
59 | 66 | experimental = os.getenv('CHECK_CVES_EXPERIMENTAL', False) | 70 | experimental = os.getenv('CHECK_CVES_EXPERIMENTAL', False) |
60 | 67 | breakfix = os.getenv('CHECK_CVES_BREAKFIX', False) | 71 | breakfix = os.getenv('CHECK_CVES_BREAKFIX', False) |
61 | @@ -132,7 +136,7 @@ def _spawn_editor(path): | |||
62 | 132 | 136 | ||
63 | 133 | def debug(msg): | 137 | def debug(msg): |
64 | 134 | global opt | 138 | global opt |
66 | 135 | if opt.debug: | 139 | if args.debug: |
67 | 136 | print(msg, file=sys.stderr) | 140 | print(msg, file=sys.stderr) |
68 | 137 | 141 | ||
69 | 138 | 142 | ||
70 | @@ -245,11 +249,11 @@ def import_debian(handler): | |||
71 | 245 | return False | 249 | return False |
72 | 246 | 250 | ||
73 | 247 | # pull in CVEs from data/DSA/list | 251 | # pull in CVEs from data/DSA/list |
75 | 248 | dsas = cve_lib.load_debian_dsas(uct_config['secure_testing_path'] + '/data/DSA/list', opt.verbose) | 252 | dsas = cve_lib.load_debian_dsas(uct_config['secure_testing_path'] + '/data/DSA/list', args.verbose) |
76 | 249 | for dsa in dsas: | 253 | for dsa in dsas: |
77 | 250 | for cve in dsas[dsa]['cves']: | 254 | for cve in dsas[dsa]['cves']: |
78 | 251 | if not cve_lib.CVE_RE.match(cve): | 255 | if not cve_lib.CVE_RE.match(cve): |
80 | 252 | if opt.verbose: | 256 | if args.verbose: |
81 | 253 | print("Skipping %s, not well-formed?" % cve, file=sys.stderr) | 257 | print("Skipping %s, not well-formed?" % cve, file=sys.stderr) |
82 | 254 | continue | 258 | continue |
83 | 255 | 259 | ||
84 | @@ -270,27 +274,27 @@ def import_debian(handler): | |||
85 | 270 | cves[cve]['subject'] = escape(dsas[dsa]['desc']) | 274 | cves[cve]['subject'] = escape(dsas[dsa]['desc']) |
86 | 271 | cves[cve]['date'] = dsas[dsa]['date'] | 275 | cves[cve]['date'] = dsas[dsa]['date'] |
87 | 272 | 276 | ||
89 | 273 | if opt.verbose: | 277 | if args.verbose: |
90 | 274 | print("Processing %s: %s (%s)" % (dsa, dsas[dsa]['desc'], cves[cve]['date']), file=sys.stderr) | 278 | print("Processing %s: %s (%s)" % (dsa, dsas[dsa]['desc'], cves[cve]['date']), file=sys.stderr) |
91 | 275 | 279 | ||
92 | 276 | # Now pull in CVEs from the data/CVE/list | 280 | # Now pull in CVEs from the data/CVE/list |
93 | 277 | for cve in handler.debian: | 281 | for cve in handler.debian: |
95 | 278 | if opt.verbose: | 282 | if args.verbose: |
96 | 279 | print("[--- Processing %s ---]" % cve, file=sys.stderr) | 283 | print("[--- Processing %s ---]" % cve, file=sys.stderr) |
97 | 280 | 284 | ||
98 | 281 | if cve in cves: | 285 | if cve in cves: |
100 | 282 | if opt.verbose: | 286 | if args.verbose: |
101 | 283 | print("Skipping %s, already found in DSA" % cve, file=sys.stderr) | 287 | print("Skipping %s, already found in DSA" % cve, file=sys.stderr) |
102 | 284 | continue | 288 | continue |
103 | 285 | 289 | ||
104 | 286 | if not cve_lib.CVE_RE.match(cve): | 290 | if not cve_lib.CVE_RE.match(cve): |
106 | 287 | if opt.verbose: | 291 | if args.verbose: |
107 | 288 | print("Skipping %s, not well-formed?" % cve, file=sys.stderr) | 292 | print("Skipping %s, not well-formed?" % cve, file=sys.stderr) |
108 | 289 | continue | 293 | continue |
109 | 290 | 294 | ||
110 | 291 | year = int(re.split('-', cve)[1]) | 295 | year = int(re.split('-', cve)[1]) |
111 | 292 | if year < cve_limit: | 296 | if year < cve_limit: |
113 | 293 | if opt.verbose: | 297 | if args.verbose: |
114 | 294 | print("Skipping %s, year %d predates %d" % (cve, year, cve_limit), file=sys.stderr) | 298 | print("Skipping %s, year %d predates %d" % (cve, year, cve_limit), file=sys.stderr) |
115 | 295 | continue | 299 | continue |
116 | 296 | 300 | ||
117 | @@ -300,7 +304,7 @@ def import_debian(handler): | |||
118 | 300 | # add a note about how this was originally classified | 304 | # add a note about how this was originally classified |
119 | 301 | handler.debian[cve]['desc'] = mistriaged_hint + handler.debian[cve]['desc'] | 305 | handler.debian[cve]['desc'] = mistriaged_hint + handler.debian[cve]['desc'] |
120 | 302 | else: | 306 | else: |
122 | 303 | if opt.verbose: | 307 | if args.verbose: |
123 | 304 | print("Skipping %s, already known" % cve, file=sys.stderr) | 308 | print("Skipping %s, already known" % cve, file=sys.stderr) |
124 | 305 | continue | 309 | continue |
125 | 306 | 310 | ||
126 | @@ -316,7 +320,7 @@ def import_debian(handler): | |||
127 | 316 | date = "%s-%s-%s" % (today.year, today.month, today.day) | 320 | date = "%s-%s-%s" % (today.year, today.month, today.day) |
128 | 317 | cves[cve]['date'] = datetime.strptime(date, "%Y-%m-%d") | 321 | cves[cve]['date'] = datetime.strptime(date, "%Y-%m-%d") |
129 | 318 | 322 | ||
131 | 319 | if opt.verbose: | 323 | if args.verbose: |
132 | 320 | print("Processing %s: %s (%s)" % (cve, handler.debian[cve]['desc'], cves[cve]['date']), file=sys.stderr) | 324 | print("Processing %s: %s (%s)" % (cve, handler.debian[cve]['desc'], cves[cve]['date']), file=sys.stderr) |
133 | 321 | 325 | ||
134 | 322 | nvd = convert_to_nvd(cves, lambda cve: cves[cve]['subject']) | 326 | nvd = convert_to_nvd(cves, lambda cve: cves[cve]['subject']) |
135 | @@ -347,7 +351,7 @@ class RHEL8OVALHandler(xml.sax.handler.ContentHandler): | |||
136 | 347 | 351 | ||
137 | 348 | def startElement(self, name, attrs): | 352 | def startElement(self, name, attrs): |
138 | 349 | if name == 'oval:timestamp': | 353 | if name == 'oval:timestamp': |
140 | 350 | if opt.verbose: | 354 | if args.verbose: |
141 | 351 | print("Parsing RHEL8 OVAL schema", file=sys.stderr) | 355 | print("Parsing RHEL8 OVAL schema", file=sys.stderr) |
142 | 352 | self._curr_chars_collect = True | 356 | self._curr_chars_collect = True |
143 | 353 | self._curr_chars = "" | 357 | self._curr_chars = "" |
144 | @@ -448,11 +452,11 @@ def read_locate_cves_output(f): | |||
145 | 448 | print("Skipping malformed CVE: '%s' from '%s'" % (cve, f), file=sys.stderr) | 452 | print("Skipping malformed CVE: '%s' from '%s'" % (cve, f), file=sys.stderr) |
146 | 449 | cve = None | 453 | cve = None |
147 | 450 | elif cve in cves: | 454 | elif cve in cves: |
149 | 451 | if opt.verbose: | 455 | if args.verbose: |
150 | 452 | print("Skipping duplicate '%s' from '%s'" % (cve, f), file=sys.stderr) | 456 | print("Skipping duplicate '%s' from '%s'" % (cve, f), file=sys.stderr) |
151 | 453 | cve = None | 457 | cve = None |
152 | 454 | else: | 458 | else: |
154 | 455 | if opt.verbose: | 459 | if args.verbose: |
155 | 456 | print("Adding '%s'" % cve, file=sys.stderr) | 460 | print("Adding '%s'" % cve, file=sys.stderr) |
156 | 457 | cves[cve] = dict() | 461 | cves[cve] = dict() |
157 | 458 | continue | 462 | continue |
158 | @@ -600,7 +604,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): | |||
159 | 600 | # Append to timestamp file list | 604 | # Append to timestamp file list |
160 | 601 | with open('%s/check-cves.log' % (destdir), 'a') as f: | 605 | with open('%s/check-cves.log' % (destdir), 'a') as f: |
161 | 602 | f.write('%s UTC - %s added, %s ignored, %s skipped, %s total - files: %s\n' % | 606 | f.write('%s UTC - %s added, %s ignored, %s skipped, %s total - files: %s\n' % |
163 | 603 | (timestamp, self.num_added, self.num_ignored, self.num_skipped, self.num_added + self.num_ignored, [os.path.basename(x) for x in args])) | 607 | (timestamp, self.num_added, self.num_ignored, self.num_skipped, self.num_added + self.num_ignored, [os.path.basename(x) for x in args.uris])) |
164 | 604 | 608 | ||
165 | 605 | def printReport(self): | 609 | def printReport(self): |
166 | 606 | print('\n============================ Triage summary =============================') | 610 | print('\n============================ Triage summary =============================') |
167 | @@ -732,7 +736,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): | |||
168 | 732 | 736 | ||
169 | 733 | def startElement(self, name, attrs): | 737 | def startElement(self, name, attrs): |
170 | 734 | if name == "item": | 738 | if name == "item": |
172 | 735 | if opt.verbose: | 739 | if args.verbose: |
173 | 736 | print("Parsing Mitre XML schema", file=sys.stderr) | 740 | print("Parsing Mitre XML schema", file=sys.stderr) |
174 | 737 | self.curr_cve = attrs['name'] | 741 | self.curr_cve = attrs['name'] |
175 | 738 | self.curr_refs = [] | 742 | self.curr_refs = [] |
176 | @@ -772,7 +776,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): | |||
177 | 772 | return | 776 | return |
178 | 773 | 777 | ||
179 | 774 | limit = cve_limit | 778 | limit = cve_limit |
181 | 775 | if not opt.refresh and not opt.score_refresh: | 779 | if not args.refresh and not args.score_refresh: |
182 | 776 | limit = 2005 | 780 | limit = 2005 |
183 | 777 | if int(self.curr_cve.split("-")[1]) < limit: | 781 | if int(self.curr_cve.split("-")[1]) < limit: |
184 | 778 | return | 782 | return |
185 | @@ -1398,12 +1402,12 @@ CVEKnownList += [cve for cve in os.listdir(destdir + "/retired/") if cve.startsw | |||
186 | 1398 | (ActiveList, EmbargoList) = cve_lib.get_cve_list() | 1402 | (ActiveList, EmbargoList) = cve_lib.get_cve_list() |
187 | 1399 | CVEKnownList += [cve for cve in ActiveList if cve not in EmbargoList] | 1403 | CVEKnownList += [cve for cve in ActiveList if cve not in EmbargoList] |
188 | 1400 | 1404 | ||
190 | 1401 | if not opt.refresh and not opt.mistriaged and not opt.score_refresh: | 1405 | if not args.refresh and not args.mistriaged and not args.score_refresh: |
191 | 1402 | CVEIgnoreList += CVEKnownList | 1406 | CVEIgnoreList += CVEKnownList |
192 | 1403 | 1407 | ||
194 | 1404 | if opt.known: | 1408 | if args.known: |
195 | 1405 | cvelist = CVEIgnoreList | 1409 | cvelist = CVEIgnoreList |
197 | 1406 | if opt.skip_nfu: | 1410 | if args.skip_nfu: |
198 | 1407 | cvelist = CVEKnownList | 1411 | cvelist = CVEKnownList |
199 | 1408 | for cve in sorted(cvelist): | 1412 | for cve in sorted(cvelist): |
200 | 1409 | print(cve) | 1413 | print(cve) |
201 | @@ -1416,9 +1420,9 @@ parser.setContentHandler(handler) | |||
202 | 1416 | # if has specified to triage only specific CVEs, check these are not | 1420 | # if has specified to triage only specific CVEs, check these are not |
203 | 1417 | # ignored | 1421 | # ignored |
204 | 1418 | specific_cves = None | 1422 | specific_cves = None |
206 | 1419 | if opt.cve: | 1423 | if args.cve: |
207 | 1420 | specific_cves = set() | 1424 | specific_cves = set() |
209 | 1421 | for cve in opt.cve.split(","): | 1425 | for cve in args.cve.split(","): |
210 | 1422 | # ignore empty CVE | 1426 | # ignore empty CVE |
211 | 1423 | if cve.strip() == "": | 1427 | if cve.strip() == "": |
212 | 1424 | continue | 1428 | continue |
213 | @@ -1429,28 +1433,26 @@ if opt.cve: | |||
214 | 1429 | specific_cves.add(cve) | 1433 | specific_cves.add(cve) |
215 | 1430 | 1434 | ||
216 | 1431 | untriaged_json = "" | 1435 | untriaged_json = "" |
220 | 1432 | if opt.untriaged: | 1436 | if args.untriaged: |
221 | 1433 | untriaged_json = read_locate_cves_output(opt.untriaged) | 1437 | untriaged_json = read_locate_cves_output(args.untriaged) |
222 | 1434 | args.append(untriaged_json) | 1438 | args.uris.append(untriaged_json) |
223 | 1435 | 1439 | ||
227 | 1436 | if opt.mbox: | 1440 | if args.mbox: |
228 | 1437 | untriaged_json = read_mbox_file(opt.mbox) | 1441 | untriaged_json = read_mbox_file(args.mbox) |
229 | 1438 | args.append(untriaged_json) | 1442 | args.uris.append(untriaged_json) |
230 | 1439 | 1443 | ||
231 | 1440 | rhel8oval_import_json = "" | 1444 | rhel8oval_import_json = "" |
235 | 1441 | if opt.rhel8oval: | 1445 | if args.rhel8oval: |
236 | 1442 | untriaged_json = read_rhel8oval_file(opt.rhel8oval) | 1446 | untriaged_json = read_rhel8oval_file(args.rhel8oval) |
237 | 1443 | args.append(untriaged_json) | 1447 | args.uris.append(untriaged_json) |
238 | 1444 | 1448 | ||
239 | 1445 | debian_import_json = "" | 1449 | debian_import_json = "" |
241 | 1446 | if (opt.import_missing_debian or opt.mistriaged) and handler.debian is not None: | 1450 | if (args.import_missing_debian or args.mistriaged) and handler.debian is not None: |
242 | 1447 | debian_import_json = import_debian(handler) | 1451 | debian_import_json = import_debian(handler) |
244 | 1448 | args.append(debian_import_json) | 1452 | args.uris.append(debian_import_json) |
245 | 1449 | 1453 | ||
246 | 1450 | if len(args) == 0: | ||
247 | 1451 | args.append("https://cve.mitre.org/cve/downloads/allitems.xml") | ||
248 | 1452 | 1454 | ||
250 | 1453 | for uri in args: | 1455 | for uri in args.uris: |
251 | 1454 | print('Loading %s ...' % (uri), file=sys.stderr) | 1456 | print('Loading %s ...' % (uri), file=sys.stderr) |
252 | 1455 | if '://' in uri: | 1457 | if '://' in uri: |
253 | 1456 | readable = urllib.request.urlopen(uri) | 1458 | readable = urllib.request.urlopen(uri) |
254 | @@ -1487,7 +1489,7 @@ def refresh_cves(cve_refresh_list, full_refresh=True): | |||
255 | 1487 | public = handler.cve_data[cve]['public'] | 1489 | public = handler.cve_data[cve]['public'] |
256 | 1488 | cvsss = handler.cve_data[cve]['cvss'] | 1490 | cvsss = handler.cve_data[cve]['cvss'] |
257 | 1489 | except: | 1491 | except: |
259 | 1490 | if opt.verbose: | 1492 | if args.verbose: |
260 | 1491 | print('%s not listed in XML' % (cve), file=sys.stderr) | 1493 | print('%s not listed in XML' % (cve), file=sys.stderr) |
261 | 1492 | 1494 | ||
262 | 1493 | # Find the on-disk CVE file | 1495 | # Find the on-disk CVE file |
263 | @@ -1552,17 +1554,17 @@ def refresh_cves(cve_refresh_list, full_refresh=True): | |||
264 | 1552 | print("Refreshed %s" % (cvefile), file=sys.stderr) | 1554 | print("Refreshed %s" % (cvefile), file=sys.stderr) |
265 | 1553 | 1555 | ||
266 | 1554 | 1556 | ||
269 | 1555 | if opt.refresh or opt.score_refresh: | 1557 | if args.refresh or args.score_refresh: |
270 | 1556 | if opt.cve and specific_cves is not set(): | 1558 | if args.cve and specific_cves is not set(): |
271 | 1557 | cve_refresh_list = specific_cves | 1559 | cve_refresh_list = specific_cves |
272 | 1558 | else: | 1560 | else: |
273 | 1559 | cve_refresh_list = CVEKnownList | 1561 | cve_refresh_list = CVEKnownList |
274 | 1560 | 1562 | ||
276 | 1561 | # with OptParse opt.refresh and opt.score_refresh will each | 1563 | # with OptParse args.refresh and args.score_refresh will each |
277 | 1562 | # either be True or None. We want full_refresh to be False when | 1564 | # either be True or None. We want full_refresh to be False when |
279 | 1563 | # opt.score_refresh is True. If both are true, then we'll do a full | 1565 | # args.score_refresh is True. If both are true, then we'll do a full |
280 | 1564 | # refresh since it's a superset of the score only refresh. | 1566 | # refresh since it's a superset of the score only refresh. |
282 | 1565 | full_refresh = opt.refresh or not opt.score_refresh | 1567 | full_refresh = args.refresh or not args.score_refresh |
283 | 1566 | refresh_cves(cve_refresh_list, full_refresh=full_refresh) | 1568 | refresh_cves(cve_refresh_list, full_refresh=full_refresh) |
284 | 1567 | sys.exit(0) | 1569 | sys.exit(0) |
285 | 1568 | 1570 | ||
286 | @@ -1575,13 +1577,13 @@ if experimental: | |||
287 | 1575 | handler.display_command_file_usage(fout, '# ') | 1577 | handler.display_command_file_usage(fout, '# ') |
288 | 1576 | 1578 | ||
289 | 1577 | for cve in new_cves: | 1579 | for cve in new_cves: |
291 | 1578 | if opt.cve and cve not in specific_cves: | 1580 | if args.cve and cve not in specific_cves: |
292 | 1579 | # ignore this cve | 1581 | # ignore this cve |
293 | 1580 | continue | 1582 | continue |
294 | 1581 | # if this got marked as mistriaged, probablistically choose it for | 1583 | # if this got marked as mistriaged, probablistically choose it for |
295 | 1582 | # processing | 1584 | # processing |
296 | 1583 | if mistriaged_hint in handler.cve_data[cve]['desc']: | 1585 | if mistriaged_hint in handler.cve_data[cve]['desc']: |
298 | 1584 | if opt.mistriaged == 0: | 1586 | if args.mistriaged == 0: |
299 | 1585 | # ignore this one | 1587 | # ignore this one |
300 | 1586 | continue | 1588 | continue |
301 | 1587 | else: | 1589 | else: |
302 | @@ -1596,11 +1598,11 @@ for cve in new_cves: | |||
303 | 1596 | if rand > prob: | 1598 | if rand > prob: |
304 | 1597 | continue | 1599 | continue |
305 | 1598 | # selected! | 1600 | # selected! |
307 | 1599 | opt.mistriaged = opt.mistriaged - 1 | 1601 | args.mistriaged = args.mistriaged - 1 |
308 | 1600 | 1602 | ||
309 | 1601 | count += 1 | 1603 | count += 1 |
310 | 1602 | 1604 | ||
312 | 1603 | if opt.report: | 1605 | if args.report: |
313 | 1604 | print(cve) | 1606 | print(cve) |
314 | 1605 | continue | 1607 | continue |
315 | 1606 | 1608 | ||
316 | @@ -1653,6 +1655,6 @@ if experimental: | |||
317 | 1653 | fout.seek(0) | 1655 | fout.seek(0) |
318 | 1654 | handler.process_command_file(fout) | 1656 | handler.process_command_file(fout) |
319 | 1655 | 1657 | ||
321 | 1656 | if not opt.report: | 1658 | if not args.report: |
322 | 1657 | handler.updateTimestamp() | 1659 | handler.updateTimestamp() |
323 | 1658 | handler.printReport() | 1660 | handler.printReport() |
argparse adds features, such as `choices`, I plan to use later