What did I do this week?
I have started working on input engine this week. Currently, we only have csv2cve which accepts csv file of vendor, product and version as input and produces list of CVEs as output. Currently, csv2cve is separate module with separate command line entry point. I have created a module called input_engine that can process data from any input format (currently csv and json).User can now add remarks field in csv or json which can have any value from following values ( Here, values in parenthesis are aliases for that specific type. )
- NewFound (1, n, N)
- Unexplored (2, u, U)
- Mitigated, (3, m, M)
- Confirmed (4, c, C)
- Ignored (5, i, I)
I have added --input-file(-i) option in the cli.py to specify input file which input_engine parses and create intermediate data structure that will be used by output_engine to display data according to remarks. Output will be displayed in the same order as priority given to the remarks. I have also created a dummy csv2cve which just calls cli.py with -i option as argument specified in csv2cve. Here, is example usage of -i as input file to produce CVE:
cve-bin-tool -i=test.csv and User can also use -i to supplement remarks data while scanning directory so that output will be sorted according to remarks. Here is example usage for that:
cve-bin-tool -i=test.csv /path/to/scan.
I have also added test cases for input_engine and removed old test cases of the csv2cve.
What am I doing this week?
I have exams this week from today to 9th July. So, I won't be able to do much during this week but I will spend my weekend improving input_engine like giving more fine-grained control to provide remarks and custom severity.
Have I got stuck anywhere?
No, I didn't get stuck anywhere this week :)