implemented dry run

Jakob Maier · Jakob Maier · commit c488dd95715a · 2021-09-08T14:40:22.000+02:00
diff --git a/examples/vuln_batch_remediation.py b/examples/vuln_batch_remediation.py
@@ -85,7 +85,8 @@
 def load_remediation_input(remediation_file):
     with open(remediation_file, mode='r', encoding="utf-8") as infile:
         reader = csv.reader(infile)
-        return {rows[0]:[rows[1],rows[2]] for rows in reader}
+        #return {rows[0]:[rows[1],rows[2]] for rows in reader}
+        return {rows[0]:rows[1:] for rows in reader}
 
 def remediation_is_valid(vuln, remediation_data):
     vulnerability_name = vuln['vulnerabilityWithRemediation']['vulnerabilityName']
@@ -130,21 +131,26 @@ def set_vulnerablity_remediation(hub, vuln, remediation_status, remediation_comm
     response = hub.execute_put(url, data=update)
     return response
 
-def process_vulnerabilities(hub, vulnerable_components, remediation_data=None, exclusion_data=None):
+def process_vulnerabilities(hub, vulnerable_components, remediation_data=None, exclusion_data=None, dry_run=False):
+
+    if (dry_run):
+        print(f"Opening dry run output file: {dry_run}")
+        csv_file = open(dry_run, mode='w', newline='', encoding='utf-8')
+        csv_writer = csv.writer(csv_file, delimiter=',', quotechar='"', quoting=csv.QUOTE_MINIMAL)
+
     count = 0
     print('"Component Name","Component Version","CVE","Reason","Remeidation Status","HTTP response code"')
 
     for vuln in vulnerable_components['items']:
         if vuln['vulnerabilityWithRemediation']['remediationStatus'] == "NEW":
+            remediation_action = None 
+            exclusion_action = None
+
             if (remediation_data):
                 remediation_action = remediation_is_valid(vuln, remediation_data)
-            else:
-                remediation_action = None
 
             if (exclusion_data):
                 exclusion_action = origin_is_excluded(vuln, exclusion_data)
-            else:
-                exclusion_action = None
 
             # If vuln has both a remdiation action and an origin exclusion action, set remdiation status
             # to the remdiation action.  Append the exclusion action's comment to the overall comment.
@@ -157,15 +163,20 @@ def process_vulnerabilities(hub, vulnerable_components, remediation_data=None, e
                 reason = 'origin-exclusion'
 
             if (remediation_action):
-                resp = set_vulnerablity_remediation(hub, vuln, remediation_action[0],remediation_action[1])
-                count += 1
+                if (dry_run):
+                    remediation_action.insert(0, vuln['vulnerabilityWithRemediation']['vulnerabilityName'])
+                    csv_writer.writerow(remediation_action)
+                else:
+                    resp = set_vulnerablity_remediation(hub, vuln, remediation_action[0],remediation_action[1])
+                    count += 1
+                
                 print ('\"{}\",\"{}\",\"{}\",\"{}\",\"{}\",\"{}\"'.
                     format(vuln['componentName'], vuln['componentVersionName'],
                     vuln['vulnerabilityWithRemediation']['vulnerabilityName'],
-                    reason, remediation_action[0], resp.status_code))
+                    reason, remediation_action[0],  resp.status_code if not dry_run else ""))
                
 
-    print (f'Remediated {count} vulnerabilities.')
+    print (f'Remediated {count} vulnerabilities. {"(dry run)" if dry_run else ""}')
 
 def main(argv=None): # IGNORE:C0111
     '''Command line options.'''
@@ -178,7 +189,7 @@ def main(argv=None): # IGNORE:C0111
     program_name = os.path.basename(sys.argv[0])
     program_version = "v%s" % __version__
     program_build_date = str(__updated__)
-    program_version_message = '%%(prog)s %s (%s)' % (program_version, program_build_date)
+    program_version_message = '%s %s (%s)' % (program_name, program_version, program_build_date)
     program_shortdesc = __import__('__main__').__doc__.split("\n")[1]
     program_license = '''%s
 
@@ -199,6 +210,7 @@ def main(argv=None): # IGNORE:C0111
         parser = ArgumentParser(description=program_license, formatter_class=RawDescriptionHelpFormatter)
         parser.add_argument("projectname", help="Project nname")
         parser.add_argument("projectversion", help="Project vesrsion")
+        parser.add_argument("--dry-run", dest="dry_run", nargs='?', const="dry_run.csv", help="dry run")
         parser.add_argument("--remediation-list", dest="local_remediation_list", default=None, help="Filename of cve remediation list csv file")
         parser.add_argument("--origin-exclusion-list", dest="local_origin_exclusion_list", default=None, help="Filename of origin exclusion list csv file")
         parser.add_argument("--no-process-cve-remediation-list", dest='process_cve_remediation_list', action='store_false', help="Disable processing CVE-Remediation-list")
@@ -216,7 +228,11 @@ def main(argv=None): # IGNORE:C0111
         local_origin_exclusion_file = args.local_origin_exclusion_list
         process_cve_remediation = args.process_cve_remediation_list
         process_origin_exclulsion = args.process_origin_exclusion_list
-       
+        #dry_run = args.dry_run
+        #dry_run_output = args.dry_run_output
+        dry_run = args.dry_run
+        print(args.dry_run)
+
         message = f"{program_version_message}\n\n Project: {projectname}\n Version: {projectversion}\n Process origin exclusion list: {process_origin_exclulsion}\n Process CVE remediation list: {process_cve_remediation}"
         print (message)
         
@@ -258,7 +274,7 @@ def main(argv=None): # IGNORE:C0111
         # Retrieve the vulnerabiltites for the project version
         vulnerable_components = hub.get_vulnerable_bom_components(version)
 
-        process_vulnerabilities(hub, vulnerable_components, remediation_data, exclusion_data)
+        process_vulnerabilities(hub, vulnerable_components, remediation_data, exclusion_data, dry_run)
         
         return 0
     except Exception:
