Revert "Merge remote-tracking branch 'upstream/master' into egg"

This reverts commit 3632d45.
intel · May 18, 2020 · c6191ad · c6191ad
1 parent 3632d45
commit c6191ad
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 1,220 deletions.
diff --git a/README.md b/README.md
@@ -134,9 +134,7 @@ On windows systems, you may need:
 * `7z`
 * `Expand`
 
-Windows has `ar` and `Expand` installed in default, but `7z` in particular might need to be installed. 
-If you wan to run our test-suite or scan a zstd compressed file, We recommend installing this [7-zip-zstd](https://github.com/mcmilk/7-Zip-zstd) 
-fork of 7zip. We are currently using `7z` for extracting `jar`, `apk`, `msi`, `exe` and `rpm` files.
+Windows has `ar` and `Expand` installed in default, but `7z` in particular might need to be installed.  (7z is used only for rpm extraction, which is used heavily in our test suite, but if you're not scanning rpm files on windows you may be able to do without.)
 
 CSV2CVE
 -------

diff --git a/cve_bin_tool/OutputEngine.py b/cve_bin_tool/OutputEngine.py
@@ -2,11 +2,7 @@
 import json
 import os
 import sys
-import pygal
-import webbrowser
-
 from datetime import datetime
-from jinja2 import Environment, FileSystemLoader
 
 from .log import LOGGER
 
@@ -42,8 +38,6 @@ def output_cves(self, outfile, output_type=None):
             self.output_json(outfile)
         elif output_type == "csv":
             self.output_csv(outfile)
-        # elif output_type == "html":  # for now just generate dummy data
-        #    self.output_html()
         else:  # console, or anything else that is unrecognised
             self.output_console(outfile)
 
@@ -191,55 +185,3 @@ def output_file(self, output_type="csv"):
         # call to output_cves
         with open(self.filename, "w") as f:
             self.output_cves(f, output_type)
-
-    def output_html(self):
-        """Returns a HTML report for CVE's
-        """
-        # Example Code ---  this will only generate dummy data
-
-        root = os.path.dirname(os.path.abspath(__file__))
-        templates_dir = os.path.join(root, "html/templates")
-        env = Environment(loader=FileSystemLoader(templates_dir))
-        template = env.get_template("base.html")
-
-        # configration file
-        config = pygal.Config()
-        config.disable_xml_declaration = True
-        config.legend_at_bottom = True
-        config.legend_at_bottom_columns = 5
-        config.human_readable = True
-
-        cve_bar = pygal.Bar(config, title="Product CVEs")
-        cve_bar.add("Python 3.6.9", 4)
-        cve_bar.add("Python 3.7.1", 3)
-        cve_bar.add("Python 3.8.0", 6)
-        cve_bar.add("curl 1.2", 2)
-        cve_bar.add("curl 1.3", 8)
-        cve_bar.add("curl 1.4", 5)
-        cve_bar.add("curl 1.5", 2)
-        cve_bar.add("libxml 2.6.7", 1)
-
-        product_pie = pygal.Pie(config, inner_radius=0.4, show_legend=False, margin=-10)
-        product_pie.add("Vulnarable", [{"value": 7, "color": "red"}])
-        product_pie.add("No Known Vulnarability", [{"value": 12, "color": "green"}])
-
-        python_pie = pygal.Pie(
-            config, inner_radius=0.4, show_legend=True, title="Severity Analysis"
-        )
-        python_pie.add("CRITICAL", [{"value": 5, "color": "red"}])
-        python_pie.add("HIGH", [{"value": 2, "color": "orange"}])
-        python_pie.add("MEDIUM", [{"value": 1, "color": "yellow"}])
-        python_pie.add("LOW", [{"value": 3, "color": "green"}])
-
-        filename = os.path.join(root, "html/Example", "example.html")
-        with open(filename, "w") as fh:
-            fh.write(
-                template.render(
-                    date=datetime.datetime.now().strftime("%d %b %Y"),
-                    graph_cves=cve_bar.render(),
-                    graph_products=product_pie.render(),
-                    severity=python_pie.render(),
-                )
-            )
-
-        webbrowser.open_new_tab("html/Example/example.html")
diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py
@@ -33,7 +33,6 @@
     "openswan",
     "openvpn",
     "png",
-    "polarssl_fedora",
     "postgresql",
     "rsyslog",
     "sqlite",

diff --git a/cve_bin_tool/checkers/polarssl_fedora.py b/cve_bin_tool/checkers/polarssl_fedora.py
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -346,7 +346,7 @@ def main(argv=None):
         "-f",
         "--format",
         action="store",
-        choices=["csv", "json", "console", "html"],
+        choices=["csv", "json", "console"],
         default="console",
         help="update output format (default: console)",
     )

diff --git a/cve_bin_tool/extractor.py b/cve_bin_tool/extractor.py
@@ -54,7 +54,7 @@ def __init__(self, logger=None):
             self.extract_file_rpm: [".rpm"],
             self.extract_file_deb: [".deb", ".ipk"],
             self.extract_file_cab: [".cab"],
-            self.extract_file_zip: [".exe", ".zip", ".jar", ".apk", ".msi"],
+            self.extract_file_zip: [".exe", ".zip", ".jar", ".apk"],
         }
 
     def can_extract(self, filename):
@@ -67,11 +67,11 @@ def can_extract(self, filename):
     @classmethod
     def extract_file_tar(cls, filename, extraction_path):
         """ Extract tar files """
-        try:
+        if not inpath("tar"):
+            """ Acutally MinGW provides tar, so this might never get called """
             shutil.unpack_archive(filename, extraction_path)
-            return 0
-        except Exception:
-            return 1
+        else:
+            return subprocess.call(["tar", "-C", extraction_path, "-xf", filename])
 
     @classmethod
     def extract_file_rpm(cls, filename, extraction_path):
@@ -111,12 +111,15 @@ def extract_file_deb(cls, filename, extraction_path):
             result = subprocess.call(["ar", "x", filename], cwd=extraction_path)
             if result != 0:
                 return result
-            datafile = glob.glob(os.path.join(extraction_path, "data.tar.*"))[0]
-            try:
-                shutil.unpack_archive(datafile, extraction_path)
-            except Exception:
-                return 1
-            return 0
+            if not inpath("tar"):
+                shutil.unpack_archive(filename, extraction_path)
+            else:
+                datafile = glob.glob(os.path.join(extraction_path, "data.tar.*"))[0]
+                # flag a is not supported while using x
+                result = subprocess.call(
+                    ["tar", "-C", extraction_path, "-xf", datafile]
+                )
+                return result
 
     @classmethod
     def extract_file_cab(cls, filename, extraction_path):
@@ -132,17 +135,12 @@ def extract_file_cab(cls, filename, extraction_path):
     @classmethod
     def extract_file_zip(cls, filename, extraction_path):
         """ Extract zip files """
-        if inpath("unzip"):
+        if not inpath("unzip"):
+            shutil.unpack_archive(filename, extraction_path)
+        else:
             return subprocess.call(
                 ["unzip", "-qq", "-n", "-d", extraction_path, filename]
             )
-        elif inpath("7z"):
-            return subprocess.call(f'7z x {filename} -o"{extraction_path}"')
-        else:
-            try:
-                shutil.unpack_archive(filename, extraction_path)
-            except Exception:
-                return 1
 
 
 class TempDirExtractorContext(BaseExtractor):

diff --git a/cve_bin_tool/html/Example/example.html b/cve_bin_tool/html/Example/example.html
diff --git a/cve_bin_tool/html/css/style.css b/cve_bin_tool/html/css/style.css