enabled typed check

mathse · mathse · commit 04bf3c9d1d75 · 2018-01-15T22:14:12.000+01:00
diff --git a/check_cve.py b/check_cve.py
@@ -21,21 +21,31 @@
     cve_data = json.load(open("%s/%s" % (dir, cve_file)))
     cve = cve_file.replace(".json","")
     cve_name = cve_data['name']
-    try:
-        cve_info = cve_data['os'][osname]['info_url']
-        cve_query = cve_data['os'][osname]['query_command']
-        cve_package_name = cve_data['os'][osname]['package_name']
-        cve_fixed_version = cve_data['os'][osname]['versions'][osreleasemajor]['fixed_version']
-        current_version = os.popen(cve_query % cve_package_name).read().replace("\n","")
+    cve_type = cve_data['type']
+
+    if cve_type == 'script':
+        cve_script = cve_data['script']
         known += 1
-        if current_version:
-            if LooseVersion(current_version) < LooseVersion(cve_fixed_version):
-                affected += 1
-                msg_list.append("system is affected by %s (%s) - please patch %s (more info %s)" % (cve_name, cve, cve_package_name, cve_info))
-
-    except:
-        unknown += 1
-        msg_list.append("no definition found for %s and %s (%s)" % (osname, cve_name, cve))
+        if int(os.popen(cve_script).read().replace("\n","")) != 0:
+            affected += 1
+            msg_list.append("system is affected by %s (%s)" % (cve_name, cve))
+
+    if cve_type == 'package':
+        try:
+            cve_info = cve_data['os'][osname]['info_url']
+            cve_query = cve_data['os'][osname]['query_command']
+            cve_package_name = cve_data['os'][osname]['package_name']
+            cve_fixed_version = cve_data['os'][osname]['versions'][osreleasemajor]['fixed_version']
+            current_version = os.popen(cve_query % cve_package_name).read().replace("\n","")
+            known += 1
+            if current_version:
+                if LooseVersion(current_version) < LooseVersion(cve_fixed_version):
+                    affected += 1
+                    msg_list.append("system is affected by %s (%s) - please patch %s (more info %s)" % (cve_name, cve, cve_package_name, cve_info))
+        except:
+            unknown += 1
+            msg_list.append("no definition found for %s and %s (%s)" % (osname, cve_name, cve))
+
 
 if affected > 0:
     exit_code = 2
diff --git a/cve/2017-5754.json b/cve/2017-5754.json
@@ -1,5 +1,6 @@
 {
     "name": "meltdown",
+    "type": "package",
     "os": {
         "Ubuntu": {
             "info_url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown",

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "meltdown",`
	`3`	`+ "type": "package",`
`3`	`4`	`"os": {`
`4`	`5`	`"Ubuntu": {`
`5`	`6`	`"info_url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown",`