github.com/verrazzano/verrazzano@v1.7.1/ci/scripts/generate_html_report.py

github.com/verrazzano/verrazzano@v1.7.1/ci/scripts/generate_html_report.py (about)

     1  # Copyright (c) 2022, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  #
     4  
     5  import sys
     6  from os.path import exists
     7  
     8  
     9  def get_vulnerability_url(id):
    10      if (id.lower().startswith("cve")) :
    11          return 'https://nvd.nist.gov/' + 'vuln/detail/'+ id
    12      elif (id.lower().startswith("elsa")):
    13          return 'https://linux.oracle.com/errata/'+ id + '.html'
    14      elif (id.lower().startswith("ghsa")):
    15          return 'https://github.com/advisories/' + id
    16      elif (id.lower().startswith("go")):
    17          return 'https://osv.dev/' + 'vulnerability/' + id
    18      else:
    19          return id
    20  
    21  
    22  def get_vulnerability_anchor(id):
    23      return '<a href="' + get_vulnerability_url(id) + '" target="_blank">'+id+'</a>'
    24  
    25  
    26  def write_table_header(headers, html_file):
    27      heading = "<thead>\n" + "<tr>\n"
    28      for header in headers:
    29          heading += "<th>\n" + header + "</th>\n"
    30      heading += "</tr>\n </thead>\n"
    31      html_file.write(heading)
    32  
    33  
    34  def write_table_body(csv_file_path, html_file):
    35      if not exists(csv_file_path):
    36          print("[WARN] CSV file '%s' does not exist" % csv_file_path)
    37          return
    38      csv_file = open(csv_file_path, 'r')
    39      body = "<tbody>\n"
    40      lineCount = 0
    41      while True:
    42          csv_line = csv_file.readline()
    43          if not csv_line:
    44              break
    45          row_data = csv_line.split(',')
    46          body += "<tr>\n"
    47          body += "<td>\n" + get_vulnerability_anchor(row_data[6]) + "\n</td>\n"
    48          body += "<td>" + row_data[5] + "</td>\n"
    49          body += "<td>" + row_data[7] + "</td>\n"
    50          body += "<td>" + row_data[8] + "</td>\n"
    51          body += "</tr>\n"
    52          lineCount += 1
    53      print("Processed %d lines" % lineCount)
    54      body += "</tbody>\n"
    55      html_file.write(body)
    56  
    57  
    58  def write_csv_to_html(headers, csv_file_path, html_dir):
    59      if not exists(html_dir):
    60          print("[WARN] Directory to write html report '%s' does not exist" % html_dir)
    61          return
    62      html_file_path = html_dir + "/consolidated-scan-report.html"
    63      html_file = open(html_file_path, 'w')
    64      html_file.write("<table>\n")
    65      write_table_header(headers, html_file)
    66      write_table_body(csv_file_path, html_file)
    67      html_file.write("</table>\n")
    68      html_file.close()
    69  
    70  # headers for table
    71  headers = ["Vulnerability", "Scan Tool", "Severity", "Artifact"]
    72  csv_file_path=""
    73  html_report_path=""
    74  
    75  if len(sys.argv) < 2:
    76     print("Missing argument for csv file")
    77     exit(1)
    78  else:
    79      csv_file_path = sys.argv[1]
    80  
    81  if len(sys.argv) < 3:
    82      print("Missing argument for html file")
    83      exit(1)
    84  else:
    85      html_report_path = sys.argv[2]
    86  
    87  write_csv_to_html(headers, csv_file_path, html_report_path)
    88