Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new feature --ignore #38

Merged
merged 1 commit into from
Sep 4, 2022
Merged

Add new feature --ignore #38

merged 1 commit into from
Sep 4, 2022

Conversation

0rphan
Copy link
Contributor

@0rphan 0rphan commented Aug 3, 2022

  • --ignore is used to ignore all CVE ids found a provided file.

This feature would be really usefull for automations or scripts using cvehound due to the fact that passing a file is easier than concatenate a string

@0rphan
Add new feature --ignore
eaaf88f 
* --ignore is used to ignore all CVE ids found a provided file.
evdenis
evdenis requested changes Aug 20, 2022
View reviewed changes
Copy link
Owner

@evdenis evdenis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! Thank you for the pull request. Sorry for the delay with a review. The pull request looks good to me. Small nitpicks down below

cvehound/__main__.py
@@ -70,6 +71,8 @@ def main(args=sys.argv[1:]):
help="don't use files hint from cocci rules")
parser.add_argument('--metadata', metavar='PATH',
help="Path to non-standard location of kernel_cves.json.gz")
parser.add_argument('--ignore', nargs='?', const='-',
help="Ignore CVEs from file (seperated by new line)")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/seperated/separated/

cvehound/__main__.py
@@ -170,6 +173,17 @@ def main(args=sys.argv[1:]):
print('Unknown CVE:', cve, file=sys.stderr)
sys.exit(1)

if args['ignore']:
with open(args['ignore'], 'r', encoding='utf-8') as ignore_file:
cve_id = re.compile(r'^CVE-\d{4}-\d{4,7}')
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can use already compiled cve_id pattern. This line seems excessive.

cvehound/__main__.py
@@ -28,6 +28,7 @@ def check_config(config):
'report',
'all_files',
'metadata',
'ignore',
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can use already existing --exclude for this. Just check is it a CVE-id or file with CVE-ids.

@evdenis evdenis merged commit acd02e6 into evdenis:master Sep 4, 2022
@evdenis
Copy link
Owner

evdenis commented Sep 4, 2022

Thanks! I merged the branch. I'll add some small changes in follow up commits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evdenis evdenis evdenis requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0rphan @evdenis