debian How to check Debian CVE status using python script

Check current status of Debian Common Vulnerabilities and Exposures using simple python script and Security Bug Tracker.

Python script

I have used regular shell script at first, but it was too complicated after a while, as parsing HTML code using sed is a really bad idea. I have switched to Python using Beautiful Soup library, so the whole idea could be simplified.

#!/usr/bin/python
# check security updates in specific distribution for provided CVE status

# imports
import sys, getopt
import urllib2
from bs4 import BeautifulSoup

# help function
def help():
  print 'check security updates in specific distribution for provided CVE status'
  print
  print 'check_cve.py -c <required_cve> -d <optional_distribution>'
  print

def main(argv):
  # cve and distribution
  cve          = ""
  distribution = ""

  try:
    opts, args = getopt.getopt(argv,"hd:c:",["distribution=","cve="])
  except getopt.GetoptError:
    help()
    sys.exit(3)
  for opt, arg in opts:
    if opt == '-h':
      help()
      sys.exit()
    elif opt in ("-d", "--distribution"):
      distribution = arg
    elif opt in ("-c", "--cve"):
      cve = arg

  # exit if cve is not provided
  if len(cve) == 0:
    help()
    sys.exit(2)

  # make request
  uri = "https://security-tracker.debian.org/tracker/" + cve
  request = urllib2.Request(uri)
  try:
    request_handle = urllib2.urlopen(request)
  except urllib2.HTTPError, error:
    print "HTTP error on" + " " + uri + " " + "code" + " " + str(error.code)
    exit(4)
  except urllib2.URLError, error:
    print "URL error on" + " " + uri + " " + "reason" + " " + str(error.reason)
    exit(5)

  # read and parse html
  html   = request_handle.read()
  soup   = BeautifulSoup(html,"html.parser")
  table  = soup.find_all("table")[1] # get second table
  source = (((table.select('tr')[1]).select('td')[0]).getText()).replace(" (PTS)","")
  output = 0
  for row in table:
    columns      = row.select('td')
    parsed_array = []
    for column in columns:
      parsed_array.append(column.text)
    if(len(parsed_array) == 4):  
      if len(distribution) != 0:
	if distribution in parsed_array[1]:
          print "Source package " + source +  " (version " +  parsed_array[2] + ")"  + " is "+ parsed_array[3] + " (" + cve + ")" +" in " + parsed_array[1]
          output = 1
      else:
        print "Source package " + source +  " (version " +  parsed_array[2] + ")" + " is "+ parsed_array[3] + " (" + cve + ")" + " in " + parsed_array[1]
        output = 1
  if output == 0:
    print "matching data not provided"

if __name__ == "__main__":
  main(sys.argv[1:])

Sample usage

Display usage information.

$ python check_cve.py
check security updates in specific distribution for provided CVE status

check_cve.py -c <required_cve> -d <optional_distribution>

Display CVE-2016-8655 status for Debian Jessie.

$ python check_cve.py -d jessie -c CVE-2016-8655
Source package linux (version 3.16.36-1+deb8u1) is vulnerable (CVE-2016-8655) in jessie
Source package linux (version 3.16.36-1+deb8u2) is vulnerable (CVE-2016-8655) in jessie (security)

Display CVE-2016-8614 status.

$ python check_cve.py -c CVE-2016-8614
Source package ansible (version 1.7.2+dfsg-2) is vulnerable (CVE-2016-8614) in jessie
Source package ansible (version 2.2.0.0-1) is fixed (CVE-2016-8614) in stretch, sid

It is as simple as that.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to create stunnel with systemd? stunnel
Viewed 10178 times since Thu, Jan 16, 2020
RHEL: Scan and configure new SAN (fibre channel) LUNs
Viewed 8333 times since Sun, May 27, 2018
RHEL: Crash kernel dumps configuration and analysis on RHEL 6
Viewed 5023 times since Sat, Jun 2, 2018
Monitoring bezpieczeństwa Linux: integracja auditd + OSSEC cz. I
Viewed 2631 times since Fri, Apr 5, 2019
debian Install a newer kernel in Debian 9 (stretch) stable
Viewed 1956 times since Sun, Sep 23, 2018
Linux Chage Command to Set Password Aging for User
Viewed 2616 times since Tue, Sep 11, 2018
YUM CRON Enabling automatic updates in Centos 7 and RHEL 7
Viewed 12104 times since Fri, Oct 26, 2018
Linux Proxy Server Settings – Set Proxy For Command Line
Viewed 3876 times since Mon, Feb 18, 2019
Create a Linux Swap File
Viewed 3198 times since Fri, Jun 8, 2018
Jak znaleźć najszybszy publiczny serwer DNS w Polsce?
Viewed 3353 times since Mon, May 21, 2018