yocto-autobuilder-helper/scripts/cve-report.py

#!/usr/bin/env python3

import os, sys
import json

jsonfile = sys.argv[1]

#ignored_recipes = ("linux-yocto", "db", "db-native")
ignored_recipes = []

with open(jsonfile) as f:
    cvedata = json.load(f)

cves = dict()
recipe_counts = {}

for recipe in cvedata['package']:
    if recipe['name'] in ignored_recipes:
        continue
    if 'issue' not in recipe:
        continue
    for i in recipe['issue']:
        if i['status'] == "Unpatched":
            if i["id"] in cves:
                cves[i["id"]] += ":" + recipe['name']
            else:
                 cves[i["id"]] = recipe['name']

print("Found %d unpatched CVEs" % len(cves))
for cve in sorted(cves.keys()):
    print("%s: %s https://web.nvd.nist.gov/view/vuln/detail?vulnId=%s *" % (cve, cves[cve], cve))

for cve in cves:
    recipename = cves[cve]
    if recipename in recipe_counts:
        recipe_counts[recipename] += 1
    else:
        recipe_counts[recipename] = 1


print("\n")
print("Summary of CVE counts by recipes:\n")
for recipe, count in sorted(recipe_counts.items(), key=lambda x: x[1], reverse=True):
    print("  %s: %s" % (recipe, count))