debian How to check Debian CVE status using python script

Check current status of Debian Common Vulnerabilities and Exposures using simple python script and Security Bug Tracker.

Python script

I have used regular shell script at first, but it was too complicated after a while, as parsing HTML code using sed is a really bad idea. I have switched to Python using Beautiful Soup library, so the whole idea could be simplified.

#!/usr/bin/python
# check security updates in specific distribution for provided CVE status

# imports
import sys, getopt
import urllib2
from bs4 import BeautifulSoup

# help function
def help():
  print 'check security updates in specific distribution for provided CVE status'
  print
  print 'check_cve.py -c <required_cve> -d <optional_distribution>'
  print

def main(argv):
  # cve and distribution
  cve          = ""
  distribution = ""

  try:
    opts, args = getopt.getopt(argv,"hd:c:",["distribution=","cve="])
  except getopt.GetoptError:
    help()
    sys.exit(3)
  for opt, arg in opts:
    if opt == '-h':
      help()
      sys.exit()
    elif opt in ("-d", "--distribution"):
      distribution = arg
    elif opt in ("-c", "--cve"):
      cve = arg

  # exit if cve is not provided
  if len(cve) == 0:
    help()
    sys.exit(2)

  # make request
  uri = "https://security-tracker.debian.org/tracker/" + cve
  request = urllib2.Request(uri)
  try:
    request_handle = urllib2.urlopen(request)
  except urllib2.HTTPError, error:
    print "HTTP error on" + " " + uri + " " + "code" + " " + str(error.code)
    exit(4)
  except urllib2.URLError, error:
    print "URL error on" + " " + uri + " " + "reason" + " " + str(error.reason)
    exit(5)

  # read and parse html
  html   = request_handle.read()
  soup   = BeautifulSoup(html,"html.parser")
  table  = soup.find_all("table")[1] # get second table
  source = (((table.select('tr')[1]).select('td')[0]).getText()).replace(" (PTS)","")
  output = 0
  for row in table:
    columns      = row.select('td')
    parsed_array = []
    for column in columns:
      parsed_array.append(column.text)
    if(len(parsed_array) == 4):  
      if len(distribution) != 0:
	if distribution in parsed_array[1]:
          print "Source package " + source +  " (version " +  parsed_array[2] + ")"  + " is "+ parsed_array[3] + " (" + cve + ")" +" in " + parsed_array[1]
          output = 1
      else:
        print "Source package " + source +  " (version " +  parsed_array[2] + ")" + " is "+ parsed_array[3] + " (" + cve + ")" + " in " + parsed_array[1]
        output = 1
  if output == 0:
    print "matching data not provided"

if __name__ == "__main__":
  main(sys.argv[1:])

Sample usage

Display usage information.

$ python check_cve.py
check security updates in specific distribution for provided CVE status

check_cve.py -c <required_cve> -d <optional_distribution>

Display CVE-2016-8655 status for Debian Jessie.

$ python check_cve.py -d jessie -c CVE-2016-8655
Source package linux (version 3.16.36-1+deb8u1) is vulnerable (CVE-2016-8655) in jessie
Source package linux (version 3.16.36-1+deb8u2) is vulnerable (CVE-2016-8655) in jessie (security)

Display CVE-2016-8614 status.

$ python check_cve.py -c CVE-2016-8614
Source package ansible (version 1.7.2+dfsg-2) is vulnerable (CVE-2016-8614) in jessie
Source package ansible (version 2.2.0.0-1) is fixed (CVE-2016-8614) in stretch, sid

It is as simple as that.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Using IOzone for Linux disk performance analysis
Viewed 4116 times since Wed, Jul 25, 2018
Tropienie pożeracza dysku
Viewed 1113 times since Thu, May 24, 2018
LVM: Extend an existing Volume Group by adding a new disk
Viewed 889 times since Sat, Jun 2, 2018
Applescript: Run or Call a Shell Script
Viewed 2477 times since Tue, Aug 6, 2019
Jak znaleźć najszybszy publiczny serwer DNS w Polsce?
Viewed 1377 times since Mon, May 21, 2018
LVM: Extend an existing Logical Volume / Filesystem
Viewed 1143 times since Sat, Jun 2, 2018
How to convert RAW image to VDI and otherwise
Viewed 2412 times since Wed, Oct 3, 2018
RHEL: Crash kernel dumps configuration and analysis on RHEL 5
Viewed 1627 times since Sat, Jun 2, 2018
15 Linux Yum Command Examples – Install, Uninstall, Update Packages
Viewed 1445 times since Thu, Oct 25, 2018
Extending Linux LVM partitions - scripts
Viewed 3439 times since Sun, May 20, 2018