Using the cvelib validation routines

DIVD-NL · May 23, 2024 · b3f03d1 · b3f03d1
1 parent 931ca53
commit b3f03d1
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5,470 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -108,7 +108,7 @@ git config --global --add safe.directory $PWD
 echo "*** Checking CVE records ***"
 rm -f /tmp/cve_check.log && touch /tmp/cve_check.log
 CVE_CHECK_FAILED=0
-CMD="/run/cve_check.py --path $CVE_PATH $IGNORE_CHECKS $MIN_RESERVED $RESERVE $RESERVATIONS_TOO $DO_RESERVATIONS $DO_MISSING $VERBOSE_FLAG --schema /run/schemas --log /tmp/cve_check.log"
+CMD="/run/cve_check.py --path $CVE_PATH $IGNORE_CHECKS $MIN_RESERVED $RESERVE $RESERVATIONS_TOO $DO_RESERVATIONS $DO_MISSING $VERBOSE_FLAG --log /tmp/cve_check.log"
 echo "Running: $CMD"
 $CMD || CVE_CHECK_FAILED=1
 

diff --git a/program/cve_check.py b/program/cve_check.py
@@ -9,6 +9,7 @@
 import datetime
 import sys
 from cvelib.cve_api import CveApi
+from cvelib.cve_api import CveRecord
 
 # General checks
 
@@ -119,23 +120,14 @@ def file_valid_json1(file,json_data,args,type) :
         results.append("Error loading JSON: {}".format(err))
 
     if len(results) == 0 and type == "cve":
-        schema_file = "{}/cve_{}.json".format(args.schema,json_data["dataVersion"])
-        if not os.path.exists(schema_file):
-            print("There is no schema file for data version '{}' in directory '{}', expected file is '{}'".format(json_data["dataVersion"], args.schema, schema_file), file=sys.stderr)
-            exit(255)
-        else:
-            schema = json.load(open(schema_file))
-        v = Draft7Validator(schema)
-        errors = sorted(v.iter_errors(json_data), key=lambda e: e.message)
-        #errors = sorted(v.iter_errors(json_data), key=str)
-        if errors:
-            error_str = "Schema validation of CVE record failed. The reason is likely one or more of those listed below:"
-            for error in errors:
-                for suberror in sorted(error.context, key=lambda e: e.schema_path) :
-                    error_str = "{}\n{} : {}".format(error_str, suberror.json_path, suberror.message)
-
-            #errors_str = "\n".join(e.message for e in errors)
-            results.append(error_str)
+        if "containers" in json_data and "cna" in json_data["containers"]:
+            try:
+                CveRecord.validate(json_data["containers"]["cna"])
+            except Exception as e:
+                error_str="Schema validation of CVE record failed."
+                for error in e.errors:
+                    error_str = "{}\n{}\n\n---".format(error_str,error)
+                results.append(error_str)
 
     # return results
     if len(results) == 0: