Merge pull request #115 from jbiers/include-cve-status

k8s-ci-robot · web-flow · commit 6f2202c98687 · 2024-06-26T20:10:48.000-07:00
Include CVE status in JSON feed
diff --git a/sig-security-tooling/cve-feed/hack/fetch-official-cve-feed.py b/sig-security-tooling/cve-feed/hack/fetch-official-cve-feed.py
@@ -18,6 +18,18 @@
 import requests
 from datetime import datetime
 
+def getCVEStatus(state, state_reason):
+    if state == "open":
+        if state_reason == "reopened":
+            return "unknown"
+        return "open"
+    
+    if state == "closed":
+        if state_reason == "not_planned":
+            return "unfixed"
+        if state_reason == "completed":
+            return "fixed"
+
 url = 'https://api.github.com/search/issues?q=is:issue+label:official-cve-feed+\
 repo:kubernetes/kubernetes&per_page=100'
 
@@ -67,6 +79,7 @@
     cve['_kubernetes_io']['issue_number'] = item['number']
     cve['content_text'] = item['body']
     cve['date_published'] = item['created_at']
+    cve['status'] = getCVEStatus(item['state'], item['state_reason'])
     # This is because some CVEs were titled "CVE-XXXX-XXXX - Something" instead of
     # "CVE-XXXX-XXXX: Something" on GitHub (see https://github.com/kubernetes/kubernetes/issues/60813).
     title = item['title'].replace(' -', ':')
