#!/usr/bin/env python3 import os, sys import json jsonfile = sys.argv[1] #ignored_recipes = ("linux-yocto", "db", "db-native") ignored_recipes = [] with open(jsonfile) as f: cvedata = json.load(f) cves = dict() recipe_counts = {} for recipe in cvedata['package']: if recipe['name'] in ignored_recipes: continue if 'issue' not in recipe: continue for i in recipe['issue']: if i['status'] == "Unpatched": if i["id"] in cves: cves[i["id"]] += ":" + recipe['name'] else: cves[i["id"]] = recipe['name'] print("Found %d unpatched CVEs" % len(cves)) for cve in sorted(cves.keys()): print("%s: %s https://web.nvd.nist.gov/view/vuln/detail?vulnId=%s *" % (cve, cves[cve], cve)) for cve in cves: recipename = cves[cve] if recipename in recipe_counts: recipe_counts[recipename] += 1 else: recipe_counts[recipename] = 1 print("\n") print("Summary of CVE counts by recipes:\n") for recipe, count in sorted(recipe_counts.items(), key=lambda x: x[1], reverse=True): print(" %s: %s" % (recipe, count))