debian How to check Debian CVE status using python script

Check current status of Debian Common Vulnerabilities and Exposures using simple python script and Security Bug Tracker.

Python script

I have used regular shell script at first, but it was too complicated after a while, as parsing HTML code using sed is a really bad idea. I have switched to Python using Beautiful Soup library, so the whole idea could be simplified.

#!/usr/bin/python
# check security updates in specific distribution for provided CVE status

# imports
import sys, getopt
import urllib2
from bs4 import BeautifulSoup

# help function
def help():
  print 'check security updates in specific distribution for provided CVE status'
  print
  print 'check_cve.py -c <required_cve> -d <optional_distribution>'
  print

def main(argv):
  # cve and distribution
  cve          = ""
  distribution = ""

  try:
    opts, args = getopt.getopt(argv,"hd:c:",["distribution=","cve="])
  except getopt.GetoptError:
    help()
    sys.exit(3)
  for opt, arg in opts:
    if opt == '-h':
      help()
      sys.exit()
    elif opt in ("-d", "--distribution"):
      distribution = arg
    elif opt in ("-c", "--cve"):
      cve = arg

  # exit if cve is not provided
  if len(cve) == 0:
    help()
    sys.exit(2)

  # make request
  uri = "https://security-tracker.debian.org/tracker/" + cve
  request = urllib2.Request(uri)
  try:
    request_handle = urllib2.urlopen(request)
  except urllib2.HTTPError, error:
    print "HTTP error on" + " " + uri + " " + "code" + " " + str(error.code)
    exit(4)
  except urllib2.URLError, error:
    print "URL error on" + " " + uri + " " + "reason" + " " + str(error.reason)
    exit(5)

  # read and parse html
  html   = request_handle.read()
  soup   = BeautifulSoup(html,"html.parser")
  table  = soup.find_all("table")[1] # get second table
  source = (((table.select('tr')[1]).select('td')[0]).getText()).replace(" (PTS)","")
  output = 0
  for row in table:
    columns      = row.select('td')
    parsed_array = []
    for column in columns:
      parsed_array.append(column.text)
    if(len(parsed_array) == 4):  
      if len(distribution) != 0:
	if distribution in parsed_array[1]:
          print "Source package " + source +  " (version " +  parsed_array[2] + ")"  + " is "+ parsed_array[3] + " (" + cve + ")" +" in " + parsed_array[1]
          output = 1
      else:
        print "Source package " + source +  " (version " +  parsed_array[2] + ")" + " is "+ parsed_array[3] + " (" + cve + ")" + " in " + parsed_array[1]
        output = 1
  if output == 0:
    print "matching data not provided"

if __name__ == "__main__":
  main(sys.argv[1:])

Sample usage

Display usage information.

$ python check_cve.py
check security updates in specific distribution for provided CVE status

check_cve.py -c <required_cve> -d <optional_distribution>

Display CVE-2016-8655 status for Debian Jessie.

$ python check_cve.py -d jessie -c CVE-2016-8655
Source package linux (version 3.16.36-1+deb8u1) is vulnerable (CVE-2016-8655) in jessie
Source package linux (version 3.16.36-1+deb8u2) is vulnerable (CVE-2016-8655) in jessie (security)

Display CVE-2016-8614 status.

$ python check_cve.py -c CVE-2016-8614
Source package ansible (version 1.7.2+dfsg-2) is vulnerable (CVE-2016-8614) in jessie
Source package ansible (version 2.2.0.0-1) is fixed (CVE-2016-8614) in stretch, sid

It is as simple as that.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE
Viewed 1496 times since Mon, Aug 6, 2018
What Is /dev/shm And Its Practical Usage
Viewed 580 times since Tue, Mar 12, 2019
How To Ping Specific Port Number
Viewed 162 times since Mon, Jun 1, 2020
LUKS List available methods of encryption for LUKS
Viewed 501 times since Fri, Jul 13, 2018
red hat 7 tmpfiles service
Viewed 419 times since Thu, Oct 11, 2018
18 Quick ‘lsof’ command examples for Linux Geeks
Viewed 681 times since Sun, Jun 30, 2019
6 easy steps to setup offline two factor authentication in Linux
Viewed 215 times since Mon, Apr 6, 2020
RHEL: Handling SCSI disks
Viewed 1010 times since Sun, May 27, 2018
logrotate How log rotation works with logrotate
Viewed 751 times since Sun, Jan 12, 2020
RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’
Viewed 898 times since Sat, Jun 2, 2018