|
44 | 44 | parser.add_argument("-s", "--save_dt", |
45 | 45 | action='store_true', |
46 | 46 | help="If set, the date/time will be saved to a file named '.last_run' in the current directory which can be used later with the -n option to see vulnerabilities published since the last run.") |
| 47 | +parser.add_argument("-l", "--limit", |
| 48 | + default=9999, |
| 49 | + help="Set limit on number of vulnerabilitties to retrieve (default 9999)") |
| 50 | +parser.add_argument("-nd", "--nodetails", |
| 51 | + action='store_true', |
| 52 | + help="If set, disables retrieving details for each vulnerability to reduce execution time") |
47 | 53 | args = parser.parse_args() |
48 | 54 |
|
| 55 | + |
49 | 56 | if args.newer_than: |
50 | 57 | newer_than = timestring.Date(args.newer_than).date |
51 | 58 | else: |
|
66 | 73 | version = hub.get_version_by_name(project, args.version) |
67 | 74 | version_id = object_id(version) |
68 | 75 |
|
69 | | -vulnerable_components_url = hub.get_link(version, "vulnerable-components") + "?limit=9999" |
| 76 | +vulnerablity_limit = "?limit={}".format(args.limit) |
| 77 | + |
| 78 | +vulnerable_components_url = hub.get_link(version, "vulnerable-components") + vulnerablity_limit |
70 | 79 | custom_headers = {'Accept':'application/vnd.blackducksoftware.bill-of-materials-6+json'} |
71 | 80 | response = hub.execute_get(vulnerable_components_url, custom_headers=custom_headers) |
72 | 81 | vulnerable_bom_components = response.json().get('items', []) |
73 | 82 |
|
74 | 83 | bdsa_records = set() |
75 | 84 | cve_records = set() |
76 | 85 |
|
77 | | -for i, vuln in enumerate(vulnerable_bom_components): |
78 | | - source = vuln['vulnerabilityWithRemediation']['source'] |
79 | | - vuln_name = vuln['vulnerabilityWithRemediation']['vulnerabilityName'] |
80 | 86 |
|
81 | | - # Retrieve additional details about the vulnerability |
82 | | - # |
| 87 | +if args.nodetails==False: |
| 88 | + for i, vuln in enumerate(vulnerable_bom_components): |
| 89 | + source = vuln['vulnerabilityWithRemediation']['source'] |
| 90 | + vuln_name = vuln['vulnerabilityWithRemediation']['vulnerabilityName'] |
83 | 91 |
|
84 | | - update_guidance_url = vuln['componentVersion'] + "/upgrade-guidance" |
85 | | - update_guidance_results = hub.execute_get(update_guidance_url).json() |
86 | | - vuln['update_guidance'] = update_guidance_results |
| 92 | + # Retrieve additional details about the vulnerability |
| 93 | + # |
87 | 94 |
|
88 | | - logging.debug("Retrieving additional details regarding vuln {}, i={}".format(vuln_name, i)) |
89 | | - vuln_url = hub.get_apibase() + "/vulnerabilities/{}".format(vuln_name) |
90 | | - vuln_details_response = hub.execute_get(vuln_url, custom_headers={'Accept': 'application/json'}) |
91 | | - vuln_details = vuln_details_response.json() |
| 95 | + update_guidance_url = vuln['componentVersion'] + "/upgrade-guidance" |
| 96 | + update_guidance_results = hub.execute_get(update_guidance_url).json() |
| 97 | + vuln['update_guidance'] = update_guidance_results |
92 | 98 |
|
93 | | - vuln['additional_vuln_info'] = vuln_details |
| 99 | + logging.debug("Retrieving additional details regarding vuln {}, i={}".format(vuln_name, i)) |
| 100 | + vuln_url = hub.get_apibase() + "/vulnerabilities/{}".format(vuln_name) |
| 101 | + vuln_details_response = hub.execute_get(vuln_url, custom_headers={'Accept': 'application/json'}) |
| 102 | + vuln_details = vuln_details_response.json() |
94 | 103 |
|
95 | | - if source == 'BDSA': |
96 | | - bdsa_records.add(vuln_name) |
| 104 | + vuln['additional_vuln_info'] = vuln_details |
97 | 105 |
|
98 | | - # get related vulnerability info, i.e. CVE |
99 | | - # note: not all BDSA records will have a corresponding CVE record |
100 | | - cve_url = hub.get_link(vuln_details, "related-vulnerability") |
101 | | - if cve_url: |
102 | | - cve_details_response = hub.execute_get(cve_url, custom_headers={'Accept': 'application/json'}) |
103 | | - cve_details = cve_details_response.json() |
104 | | - vuln['related_vulnerability'] = cve_details |
105 | | - cve_records.add(cve_details['name']) |
106 | | - elif source == "NVD": |
107 | | - cve_records.add(vuln_name) |
108 | | - else: |
109 | | - logging.warning(f"source {source} was not recognized") |
| 106 | + if source == 'BDSA': |
| 107 | + bdsa_records.add(vuln_name) |
| 108 | + |
| 109 | + # get related vulnerability info, i.e. CVE |
| 110 | + # note: not all BDSA records will have a corresponding CVE record |
| 111 | + cve_url = hub.get_link(vuln_details, "related-vulnerability") |
| 112 | + if cve_url: |
| 113 | + cve_details_response = hub.execute_get(cve_url, custom_headers={'Accept': 'application/json'}) |
| 114 | + cve_details = cve_details_response.json() |
| 115 | + vuln['related_vulnerability'] = cve_details |
| 116 | + cve_records.add(cve_details['name']) |
| 117 | + elif source == "NVD": |
| 118 | + cve_records.add(vuln_name) |
| 119 | + else: |
| 120 | + logging.warning(f"source {source} was not recognized") |
110 | 121 |
|
111 | 122 | if vulnerable_bom_components: |
112 | 123 | vulnerable_bom_components = sorted( |
|
142 | 153 | 'by_remediation_status': remediation_counts |
143 | 154 | } |
144 | 155 |
|
145 | | - |
146 | | -everything = { |
147 | | - 'counts': counts, |
148 | | - 'vulnerabilities': vulnerable_bom_components, |
149 | | - 'bdsa_records': list(bdsa_records), |
150 | | - 'cve_records': list(cve_records), |
151 | | -} |
| 156 | +if args.nodetails==False: |
| 157 | + everything = { |
| 158 | + 'counts': counts, |
| 159 | + 'vulnerabilities': vulnerable_bom_components, |
| 160 | + 'bdsa_records': list(bdsa_records), |
| 161 | + 'cve_records': list(cve_records), |
| 162 | + } |
| 163 | +else: |
| 164 | + everything = { |
| 165 | + 'counts': counts, |
| 166 | + 'vulnerabilities': vulnerable_bom_components, |
| 167 | + } |
152 | 168 |
|
153 | 169 | print(json.dumps(everything)) |
154 | 170 |
|
0 commit comments