yocto-autobuilder-helper/scripts/cve-report.py

#!/usr/bin/env python3

import os, sys
import json

jsonfile = sys.argv[1]

#ignored_recipes = ("linux-yocto", "db", "db-native")
ignored_recipes = []

with open(jsonfile) as f:
    cvedata = json.load(f)

cves = dict()

for recipe in cvedata['package']:
    if recipe['name'] in ignored_recipes:
        continue
    if 'issue' not in recipe:
        continue
    for i in recipe['issue']:
        if i['status'] == "Unpatched":
            if i["id"] in cves:
                cves[i["id"]] += ":" + recipe['name']
            else:
                cves[i["id"]] = recipe['name']

recipe_counts = {}

for cve, name in cves.items():
    if name not in recipe_counts:
        recipe_counts[name] = {'count': 1, 'cves': [f"https://web.nvd.nist.gov/view/vuln/detail?vulnId={cve}"]}
    else:
        recipe_counts[name]['count'] += 1
        recipe_counts[name]['cves'].append(f"https://web.nvd.nist.gov/view/vuln/detail?vulnId={cve}")

formatted_data = {}
for name, info in sorted(recipe_counts.items(), key=lambda x:x[1]['count'], reverse= True):
    formatted_data[f"{name}: {info['count']}"] = info['cves']

print("CVE counts by recipes:")
for name, cves in formatted_data.items():
    print("")
    print(name)
    for cve in cves:
        print(f"  {cve}")