debian How to check Debian CVE status using python script

Check current status of Debian Common Vulnerabilities and Exposures using simple python script and Security Bug Tracker.

Python script

I have used regular shell script at first, but it was too complicated after a while, as parsing HTML code using sed is a really bad idea. I have switched to Python using Beautiful Soup library, so the whole idea could be simplified.

#!/usr/bin/python
# check security updates in specific distribution for provided CVE status

# imports
import sys, getopt
import urllib2
from bs4 import BeautifulSoup

# help function
def help():
  print 'check security updates in specific distribution for provided CVE status'
  print
  print 'check_cve.py -c <required_cve> -d <optional_distribution>'
  print

def main(argv):
  # cve and distribution
  cve          = ""
  distribution = ""

  try:
    opts, args = getopt.getopt(argv,"hd:c:",["distribution=","cve="])
  except getopt.GetoptError:
    help()
    sys.exit(3)
  for opt, arg in opts:
    if opt == '-h':
      help()
      sys.exit()
    elif opt in ("-d", "--distribution"):
      distribution = arg
    elif opt in ("-c", "--cve"):
      cve = arg

  # exit if cve is not provided
  if len(cve) == 0:
    help()
    sys.exit(2)

  # make request
  uri = "https://security-tracker.debian.org/tracker/" + cve
  request = urllib2.Request(uri)
  try:
    request_handle = urllib2.urlopen(request)
  except urllib2.HTTPError, error:
    print "HTTP error on" + " " + uri + " " + "code" + " " + str(error.code)
    exit(4)
  except urllib2.URLError, error:
    print "URL error on" + " " + uri + " " + "reason" + " " + str(error.reason)
    exit(5)

  # read and parse html
  html   = request_handle.read()
  soup   = BeautifulSoup(html,"html.parser")
  table  = soup.find_all("table")[1] # get second table
  source = (((table.select('tr')[1]).select('td')[0]).getText()).replace(" (PTS)","")
  output = 0
  for row in table:
    columns      = row.select('td')
    parsed_array = []
    for column in columns:
      parsed_array.append(column.text)
    if(len(parsed_array) == 4):  
      if len(distribution) != 0:
	if distribution in parsed_array[1]:
          print "Source package " + source +  " (version " +  parsed_array[2] + ")"  + " is "+ parsed_array[3] + " (" + cve + ")" +" in " + parsed_array[1]
          output = 1
      else:
        print "Source package " + source +  " (version " +  parsed_array[2] + ")" + " is "+ parsed_array[3] + " (" + cve + ")" + " in " + parsed_array[1]
        output = 1
  if output == 0:
    print "matching data not provided"

if __name__ == "__main__":
  main(sys.argv[1:])

Sample usage

Display usage information.

$ python check_cve.py
check security updates in specific distribution for provided CVE status

check_cve.py -c <required_cve> -d <optional_distribution>

Display CVE-2016-8655 status for Debian Jessie.

$ python check_cve.py -d jessie -c CVE-2016-8655
Source package linux (version 3.16.36-1+deb8u1) is vulnerable (CVE-2016-8655) in jessie
Source package linux (version 3.16.36-1+deb8u2) is vulnerable (CVE-2016-8655) in jessie (security)

Display CVE-2016-8614 status.

$ python check_cve.py -c CVE-2016-8614
Source package ansible (version 1.7.2+dfsg-2) is vulnerable (CVE-2016-8614) in jessie
Source package ansible (version 2.2.0.0-1) is fixed (CVE-2016-8614) in stretch, sid

It is as simple as that.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to create stunnel with systemd? stunnel
Viewed 298 times since Thu, Jan 16, 2020
Tips to Solve Linux & Unix Systems Hard Disk Problems
Viewed 100 times since Fri, May 15, 2020
Top 10 darmowych i publicznych serwerów DNS
Viewed 819 times since Tue, May 22, 2018
RHCS6: Reduce a Global Filesystem 2 (GFS2)
Viewed 569 times since Sun, Jun 3, 2018
What is OS Watcher Utility and How to use it for Database Troubleshooting ?
Viewed 2777 times since Thu, Jun 21, 2018
3 Ways to Check Linux Kernel Version in Command Line
Viewed 664 times since Fri, Apr 19, 2019
RHCS6: Mirror/unmirror a GFS2 volume
Viewed 639 times since Sun, Jun 3, 2018
HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples
Viewed 827 times since Fri, Nov 30, 2018
Linux: how to monitor the nofile limit
Viewed 598 times since Wed, Jul 25, 2018
How to manage Linux password expiry with the chage command
Viewed 493 times since Tue, Sep 11, 2018