From 3139487e6f0a5db206290d992eb04ff52bdd31ca Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 22 Mar 2021 15:27:13 -0400
Subject: [PATCH] nope - that's ultimate only
---
.gitlab-ci.yml | 3 --
ci-tools/vulnix-to-clair | 97 ----------------------------------------
2 files changed, 100 deletions(-)
delete mode 100755 ci-tools/vulnix-to-clair
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e4250454..fda20828 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,10 +12,7 @@ vulnerability-scan:
stage: "test"
script:
- "ci-tools/vulnerability-scan security-report.json"
- - "ci-tools/vulnix-to-clair <security-report.json >clair-security-report.json"
artifacts:
- reports:
- container_scanning: "clair-security-report.json"
paths:
- "security-report.json"
expose_as: "security report"
diff --git a/ci-tools/vulnix-to-clair b/ci-tools/vulnix-to-clair
deleted file mode 100755
index 1ee6b8e3..00000000
--- a/ci-tools/vulnix-to-clair
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/env python3
-
-# Input is like:
-# [
-# {
-# "name": "avahi-0.7",
-# "pname": "avahi",
-# "version": "0.7",
-# "derivation": "/nix/store/p06dfxm12cbnzp4v0s28s97qwyirkqcy-avahi-0.7.drv",
-# "affected_by": [
-# "CVE-2021-26720"
-# ],
-# "whitelisted": [],
-# "cvssv3_basescore": {
-# "CVE-2021-26720": 7.8
-# }
-# },
-# ]
-#
-# Output is like:
-#
-# {
-# "image": "image",
-# "vulnerabilities": [
-# {
-# "featurename": "apt",
-# "featureversion": "1.4.8",
-# "vulnerability": "CVE-2019-3462",
-# "namespace": "debian:9",
-# "description": "TEST",
-# "link": "https://security-tracker.debian.org/tracker/CVE-2019-3462",
-# "severity": "Critical",
-# "fixedby": "1.4.9"
-# },
-# {
-# "featurename": "libxslt",
-# "featureversion": "1.1.29-2.1",
-# "vulnerability": "CVE-2017-16997",
-# "namespace": "debian:9",
-# "description": "TEST",
-# "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997",
-# "severity": "Critical",
-# "fixedby": "2.24-11+deb9u4"
-# }
-# ]
-# }
-
-from json import load, dump
-from sys import stdin, stdout
-
-def main():
- report = load(stdin)
- dump(clair_format(report), stdout)
-
-def clair_format(vulnerabilities):
- return {
- "image": "<none>",
- "vulnerabilities": list(
- clair_vulnerability(vulnix_vulnerability, affected_by)
- for vulnix_vulnerability
- in vulnerabilities
- for affected_by
- in vulnix_vulnerability["affected_by"]
- ),
- }
-
-def clair_vulnerability(vulnix_vuln, affected_by):
- basescore = vulnix_vuln["cvssv3_basescore"][affected_by]
- adjusted = int(round(basescore))
- return {
- "featurename": vulnix_vuln["pname"],
- "featureversion": vulnix_vuln["version"],
- "vulnerability": affected_by,
- "namespace": vulnix_vuln["derivation"],
- "description": "",
- "link": "https://nvd.nist.gov/vuln/detail/{}".format(affected_by),
- "severity": SEVERITIES[adjusted],
- "fixedby": "",
- }
-
-# Approximations only
-SEVERITIES = [
- "Low",
- "Low",
- "Low",
- "Low",
- "Medium",
- "Medium",
- "High",
- "High",
- "High",
- "Critical",
- "Critical"
-]
-
-if __name__ == '__main__':
- main()
--
GitLab