-#! /usr/bin/python
+#! /usr/bin/python3
#
# Convert our XML file to a JSON file as accepted by Mitre for CNA purposes
# as per https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
#
from xml.dom import minidom
-import HTMLParser
+import html
import simplejson as json
import codecs
import re
(options, args) = parser.parse_args()
if not options.input:
- print "needs input file"
+ print("needs input file")
parser.print_help()
exit();
if options.schema:
try:
- response = urllib.urlopen(options.schema)
+ response = urllib.request.urlopen(options.schema)
except:
- print "Problem opening schema: try downloading it manually then specify it using --schema option: %s" % options.schema
+ print(f'Problem opening schema: try downloading it manually then specify it using --schema option: {options.schema}')
exit()
schema_doc = json.loads(response.read())
if desc:
desc += " "
desc += re.sub('<[^<]+?>', '', d.toxml().strip())
- desc = HTMLParser.HTMLParser().unescape(desc)
+ desc = html.unescape(desc)
problemtype = "(undefined)"
if issue.getElementsByTagName('problemtype'):
problemtype = issue.getElementsByTagName('problemtype')[0].childNodes[0].nodeValue.strip()
vv = list()
for affects in issue.getElementsByTagName('fixed'): # OpenSSL and httpd since April 2018 does it this way
- text = "Fixed in %s %s (Affected %s)" %(cfg.config['product_name'],affects.getAttribute('version'),cfg.merge_affects(issue,affects.getAttribute("base")))
+ text = f'Fixed in {cfg.config["product_name"]} {affects.getAttribute("version")} (Affected {cfg.merge_affects(issue,affects.getAttribute("base"))})'
# Let's condense into a list form since the format of this field is 'free text' at the moment, not machine readable (as per mail with George Theall)
vv.append({"version_value":text})
# Mitre want the fixed/affected versions in the text too
# if issue.getAttribute('fixed'): # httpd used to do it this way
# base = ".".join(issue.getAttribute("fixed").split('.')[:-1])+"."
-# text = "Fixed in %s %s (Affected %s)" %(cfg.config['product_name'],issue.getAttribute('fixed'),cfg.merge_affects(issue,base))
+# text = f'Fixed in {cfg.config["product_name"]} {cfg.merge_affects(issue,base)}'
# vv.append({"version_value":text})
# # Mitre want the fixed/affected versions in the text too
# desc += " "+text+"."
f = codecs.open(options.outputdir+"/"+fn, 'w', 'utf-8')
f.write(json.dumps(issue, sort_keys=True, indent=4, separators=(',',': ')))
- print "wrote %s" %(options.outputdir+"/"+fn)
+ print(f'wrote {options.outputdir+"/"+fn}')
f.close()
try:
validate(issue, schema_doc)
- print "%s passed validation" % (fn)
+ print(f'{fn} passed validation')
except jsonschema.exceptions.ValidationError as incorrect:
v = Draft4Validator(schema_doc)
errors = sorted(v.iter_errors(issue), key=lambda e: e.path)
for error in errors:
- print "%s did not pass validation: %s" % (fn,str(error.message))
+ print(f'{fn} did not pass validation: {str(error.message)}')
except NameError:
- print "%s skipping validation, no schema defined" %(fn)
+ print(f'{fn} skipping validation, no schema defined')