|
49 | 49 | all_bom_component_vulns = [] |
50 | 50 |
|
51 | 51 | for bom_component_vuln in bd.get_resource('vulnerable-components', version): |
52 | | - vuln_name = bom_component_vuln['vulnerabilityWithRemediation']['vulnerabilityName'] |
53 | | - vuln_source = bom_component_vuln['vulnerabilityWithRemediation']['source'] |
| 52 | + vulnerabilities = bd.get_resource('vulnerabilities', bom_component_vuln) |
54 | 53 | upgrade_guidance = bd.get_json(f"{bom_component_vuln['componentVersion']}/upgrade-guidance") |
55 | 54 | bom_component_vuln['upgrade_guidance'] = upgrade_guidance |
| 55 | + all_bom_component_vulns.append(bom_component_vuln) |
| 56 | + #for vuln in vulnerabilities: |
| 57 | + #pprint(vuln) |
| 58 | + #vuln_name = vuln['name'] |
| 59 | + #vuln_source = vuln['source'] |
56 | 60 |
|
57 | | - vuln_details = bd.get_json(f"/api/vulnerabilities/{vuln_name}") |
58 | | - bom_component_vuln['vulnerability_details'] = vuln_details |
| 61 | + #vuln_details = bd.get_json(f"/api/vulnerabilities/{vuln_name}") |
| 62 | + #bom_component_vuln['vulnerability_details'] = vuln_details |
59 | 63 |
|
60 | | - if 'related-vulnerability' in bd.list_resources(vuln_details): |
61 | | - related_vuln = bd.get_resource("related-vulnerability", vuln_details, items=False) |
62 | | - else: |
63 | | - related_vuln = None |
64 | | - bom_component_vuln['related_vulnerability'] = related_vuln |
65 | | - all_bom_component_vulns.append(bom_component_vuln) |
| 64 | + #if 'related-vulnerability' in bd.list_resources(vuln_details): |
| 65 | + # related_vuln = bd.get_resource("related-vulnerability", vuln_details, items=False) |
| 66 | + #else: |
| 67 | + # related_vuln = None |
| 68 | + #bom_component_vuln['related_vulnerability'] = related_vuln |
66 | 69 |
|
67 | 70 | if args.csv_file: |
68 | 71 | '''Note: See the BD API doc and in particular .../api-doc/public.html#_bom_vulnerability_endpoints |
|
73 | 76 | with open(args.csv_file, 'w') as csv_f: |
74 | 77 | field_names = [ |
75 | 78 | 'Vulnerability Name', |
76 | | - 'Vulnerability Description', |
| 79 | + #'Vulnerability Description', |
77 | 80 | 'Remediation Status', |
78 | 81 | 'Component', |
79 | 82 | 'Component Version', |
80 | | - 'Exploit Available', |
81 | | - 'Workaround Available', |
82 | | - 'Solution Available', |
| 83 | + #'Exploit Available', |
| 84 | + #'Workaround Available', |
| 85 | + #'Solution Available', |
83 | 86 | 'Upgrade Guidance - short term', |
84 | 87 | 'Upgrade Guidance - long term', |
85 | 88 | ] |
86 | 89 | writer = csv.DictWriter(csv_f, fieldnames = field_names) |
87 | 90 | writer.writeheader() |
88 | 91 | for comp_vuln in all_bom_component_vulns: |
89 | 92 | row_data = { |
90 | | - 'Vulnerability Name': comp_vuln['vulnerabilityWithRemediation']['vulnerabilityName'], |
91 | | - 'Vulnerability Description': comp_vuln['vulnerabilityWithRemediation']['description'], |
92 | | - 'Remediation Status': comp_vuln['vulnerabilityWithRemediation']['remediationStatus'], |
| 93 | + 'Vulnerability Name': comp_vuln['vulnerability']['vulnerabilityId'], |
| 94 | + #'Vulnerability Description': comp_vuln['vulnerabilityWithRemediation']['description'], |
| 95 | + 'Remediation Status': comp_vuln['vulnerability']['remediationStatus'], |
93 | 96 | 'Component': comp_vuln['componentName'], |
94 | 97 | 'Component Version': comp_vuln['componentVersionName'], |
95 | | - 'Exploit Available': comp_vuln['vulnerability_details'].get('exploitPublishDate', 'None available'), |
96 | | - 'Workaround Available': comp_vuln['vulnerability_details'].get('workaround', 'None available'), |
97 | | - 'Solution Available': comp_vuln['vulnerability_details'].get('solution', 'None available'), |
| 98 | + #'Exploit Available': comp_vuln['vulnerability_details'].get('exploitPublishDate', 'None available'), |
| 99 | + #'Workaround Available': comp_vuln['vulnerability_details'].get('workaround', 'None available'), |
| 100 | + #'Solution Available': comp_vuln['vulnerability_details'].get('solution', 'None available'), |
98 | 101 | 'Upgrade Guidance - short term': comp_vuln['upgrade_guidance'].get('shortTerm', 'None available'), |
99 | 102 | 'Upgrade Guidance - long term': comp_vuln['upgrade_guidance'].get('longTerm', 'None available') |
100 | 103 | } |
|
0 commit comments