StarlingX

cve_policy_filter.py: Failed to execute the filter with the latest vulsscan result in the StarlingX target

Bug #2059996 reported by Zhixiong Chi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Zhixiong Chi

Bug Description

Brief Description
-----------------
It will be failed to execute this script with the following command:
$python3 cve_policy_filter.py localhost.json(vulsscan result file) master_Xxx_XX_2024 cvssv3

The calltrace is as follows:

Traceback (most recent call last):
  File "cve_policy_filter.py", line 388, in <module>
    main()
  File "cve_policy_filter.py", line 379, in main
    cvssv3_parse_n_report(cves,title,data)
  File "cve_policy_filter.py", line 262, in cvssv3_parse_n_report
    raise NVDLengthException(nvdlength)
Warning: NVD length: 2, not 1, Please check again!
__main__.NVDLengthException: <exception str() failed>

Severity
--------
Major

Steps to Reproduce
------------------
$git clone https://github.com/vulsio/vulsctl.git
$cd vulsctl/install-host
$sudo ./install.sh
$sudo ./update-all.sh
$vuls scan
$sudo vuls report -format-json -results-dir=/run/vulsctl/install-host/results -refresh-cve
$ls sudo ls results/current/
localhost.json localhost.txt
Copy localhost.json to the directory cve_support of tools repo
$python3 cve_policy_filter.py localhost.json(vulsscan result file) master_Xxx_XX_2024 cvssv3

Expected Behavior
------------------
Execute successfully without errors and warnings.
Get the CVE report

Actual Behavior
----------------
Failed to execute the script

Reproducibility
---------------
100%

System Configuration
--------------------
N/A

Branch/Pull Time/Commit
-----------------------
Master

Last Pass
---------
Dec/2023
The recent times I just execute the script with the workaround to get the report.
Now I'm going to submit the code review.

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Unit Test

Workaround
----------

Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: New → In Progress
Yue Tao (wrytao)
Changed in starlingx:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/914843

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/914843
Committed: https://opendev.org/starlingx/tools/commit/9cdb43da425bd99ab81b116994df544d727cd3e6
Submitter: "Zuul (22348)"
Branch: master

commit 9cdb43da425bd99ab81b116994df544d727cd3e6
Author: Zhixiong Chi <email address hidden>
Date: Thu Apr 18 18:28:34 2024 +0800

    cve_policy_filter.py: Get the filter data from <email address hidden> item

    Now the latest json format result file includes the several items
    in the set data["scannedCves"][cve_id]["cveContents"]["nvd"], so
    the original usage is not available to filter CVE info anymore.

    So it's time to drop the exception which is to raise this condition
    that the length is greater than 1. It will be failed to throw the
    exception. We are going to use the condition '<email address hidden>'
    to get the accurate CVE information instead.

    Another update is to expand the function find_lp_assigned with
    adding new condition to find the CVE id in the description section
    of the LP page. As the length of title is limited, if one page is
    used to track many CVE issues, the length may be not enough to
    record all CVE ID items.

    Closes-Bug: 2059996

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Ia7dfee5db53baaa82a8e6dd9d5dde8a31da5bcc2

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
tags: added: stx.too
tags: added: stx.10.0 stx.tools
removed: stx.too
Ghada Khalil (gkhalil)
tags: added: stx.security
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.