\n| python<\/td>\n | 3.8.10<\/td>\n | CVE-2021-3177<\/td>\n | LOW<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 3.7<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\u901a\u904e\u9019\u7a2e\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u8f15\u9b06\u6383\u63cf\u5c08\u6848\u4e2d\u7684 CVE \u6f0f\u6d1e\u4e26\u751f\u6210\u6613\u65bc\u95b1\u8b80\u7684 Excel \u5831\u8868\u3002<\/p>\n Q3: \u53ef\u4ee5\u624b\u52d5\u7dad\u8b77 remarks \u8207 comments \u6b04\u4f4d\u4e26\u66f4\u65b0<\/h2>\n\u70ba\u4e86\u624b\u52d5\u7dad\u8b77 remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\u4e26\u66f4\u65b0 CVE \u5831\u544a\uff0c\u6211\u5011\u53ef\u4ee5\u64f4\u5c55\u4e4b\u524d\u7684\u8173\u672c\uff0c\u4f7f\u5176\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a<\/p>\n\n- \u52a0\u8f09\u73fe\u6709\u7684 CVE \u5831\u544a<\/strong> \uff08\u5982\u679c\u5b58\u5728\uff09\u3002<\/li>\n
- \u5141\u8a31\u7528\u6236\u624b\u52d5\u8f38\u5165\u6216\u66f4\u65b0
remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d<\/strong> \u3002<\/li>\n- \u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a<\/strong> \u3002<\/li>\n<\/ol>\n
\u4ee5\u4e0b\u662f\u5be6\u73fe\u6b65\u9a5f\uff1a<\/p>\n
\n1. \u5b89\u88dd\u5fc5\u8981\u7684\u5957\u4ef6<\/h3>\n\u78ba\u4fdd\u5df2\u5b89\u88dd\u4ee5\u4e0b\u5957\u4ef6\uff1a<\/p>\n pip install openpyxl<\/code><\/pre>\n
\n2. \u64f4\u5c55\u8173\u672c\u4ee5\u652f\u6301\u624b\u52d5\u7dad\u8b77<\/h3>\n\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684 Python \u8173\u672c\uff0c\u652f\u6301\u52a0\u8f09\u73fe\u6709\u5831\u544a\u3001\u624b\u52d5\u66f4\u65b0 remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\uff0c\u4e26\u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a\uff1a<\/p>\nimport json\nfrom openpyxl import Workbook, load_workbook\n\ndef load_existing_report(file_path):\n \"\"\"\n \u52a0\u8f09\u73fe\u6709\u7684 Excel \u5831\u544a\u3002\n \"\"\"\n try:\n wb = load_workbook(file_path)\n ws = wb.active\n data = []\n\n # \u8b80\u53d6\u6578\u64da\n for row in ws.iter_rows(min_row=2, values_only=True): # \u8df3\u904e\u8868\u982d\n data.append({\n \"\u7522\u54c1\": row[0],\n \"\u7248\u672c\": row[1],\n \"CVE ID\": row[2],\n \"\u56b4\u91cd\u6027\": row[3],\n \"\u63cf\u8ff0\": row[4],\n \"CVSS \u5206\u6578\": row[5],\n \"Remarks\": row[6] if len(row) > 6 else \"\",\n \"Comments\": row[7] if len(row) > 7 else \"\"\n })\n return data\n except FileNotFoundError:\n print(\"\u672a\u627e\u5230\u73fe\u6709\u5831\u544a\uff0c\u5c07\u5275\u5efa\u65b0\u5831\u544a\u3002\")\n return None\n\ndef update_remarks_and_comments(data):\n \"\"\"\n \u624b\u52d5\u66f4\u65b0 remarks \u548c comments \u6b04\u4f4d\u3002\n \"\"\"\n for i, entry in enumerate(data):\n print(f\"\\nCVE ID: {entry['CVE ID']}\")\n print(f\"\u7522\u54c1: {entry['\u7522\u54c1']}, \u7248\u672c: {entry['\u7248\u672c']}\")\n print(f\"\u7576\u524d Remarks: {entry.get('Remarks', '')}\")\n print(f\"\u7576\u524d Comments: {entry.get('Comments', '')}\")\n\n remarks = input(\"\u8f38\u5165\u65b0\u7684 Remarks\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n comments = input(\"\u8f38\u5165\u65b0\u7684 Comments\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n\n if remarks:\n entry[\"Remarks\"] = remarks\n if comments:\n entry[\"Comments\"] = comments\n\n return data\n\ndef save_to_excel(data, output_file=\"cve_report_updated.xlsx\"):\n \"\"\"\n \u5c07\u66f4\u65b0\u5f8c\u7684\u6578\u64da\u4fdd\u5b58\u70ba Excel \u6587\u4ef6\u3002\n \"\"\"\n wb = Workbook()\n ws = wb.active\n ws.title = \"CVE \u5831\u544a\"\n\n # \u6dfb\u52a0\u8868\u982d\n headers = [\"\u7522\u54c1\", \"\u7248\u672c\", \"CVE ID\", \"\u56b4\u91cd\u6027\", \"\u63cf\u8ff0\", \"CVSS \u5206\u6578\", \"Remarks\", \"Comments\"]\n ws.append(headers)\n\n # \u6dfb\u52a0\u6578\u64da\n for entry in data:\n ws.append([\n entry[\"\u7522\u54c1\"],\n entry[\"\u7248\u672c\"],\n entry[\"CVE ID\"],\n entry[\"\u56b4\u91cd\u6027\"],\n entry[\"\u63cf\u8ff0\"],\n entry[\"CVSS \u5206\u6578\"],\n entry.get(\"Remarks\", \"\"),\n entry.get(\"Comments\", \"\")\n ])\n\n # \u4fdd\u5b58\u6587\u4ef6\n wb.save(output_file)\n print(f\"\u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5df2\u4fdd\u5b58\u5230 {output_file}\")\n\ndef main():\n # \u52a0\u8f09\u73fe\u6709\u5831\u544a\n report_file = input(\"\u8acb\u8f38\u5165\u73fe\u6709\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff08\u7559\u7a7a\u4ee5\u5275\u5efa\u65b0\u5831\u544a\uff09: \").strip()\n if report_file:\n data = load_existing_report(report_file)\n else:\n data = []\n\n if not data:\n print(\"\u672a\u52a0\u8f09\u5230\u6578\u64da\uff0c\u8acb\u624b\u52d5\u8f38\u5165 CVE \u6578\u64da\u3002\")\n data = []\n\n while True:\n entry = {\n \"\u7522\u54c1\": input(\"\u7522\u54c1: \"),\n \"\u7248\u672c\": input(\"\u7248\u672c: \"),\n \"CVE ID\": input(\"CVE ID: \"),\n \"\u56b4\u91cd\u6027\": input(\"\u56b4\u91cd\u6027: \"),\n \"\u63cf\u8ff0\": input(\"\u63cf\u8ff0: \"),\n \"CVSS \u5206\u6578\": input(\"CVSS \u5206\u6578: \"),\n \"Remarks\": input(\"Remarks: \"),\n \"Comments\": input(\"Comments: \")\n }\n data.append(entry)\n\n if input(\"\u662f\u5426\u7e7c\u7e8c\u6dfb\u52a0\uff1f(y\/n): \").strip().lower() != 'y':\n break\n\n # \u66f4\u65b0 remarks \u548c comments\n data = update_remarks_and_comments(data)\n\n # \u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a\n save_to_excel(data)\n\nif __name__ == \"__main__\":\n main()<\/code><\/pre>\n
\n3. \u904b\u884c\u8173\u672c<\/h3>\n\n- \u5c07\u4e0a\u8ff0\u4ee3\u78bc\u4fdd\u5b58\u70ba
cve_report_updater.py<\/code>\u3002<\/li>\n- \n
\u904b\u884c\u8173\u672c\uff1a
\nbash<\/p>\n \u590d\u5236<\/p>\n python cve_report_updater.py<\/code><\/pre>\n<\/li>\n- \u5982\u679c\u5b58\u5728\u73fe\u6709\u5831\u544a\uff0c\u8f38\u5165\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff1b\u5426\u5247\uff0c\u53ef\u4ee5\u624b\u52d5\u8f38\u5165 CVE \u6578\u64da\u3002<\/li>\n
- \u8173\u672c\u6703\u63d0\u793a\u4f60\u70ba\u6bcf\u500b CVE \u8f38\u5165\u6216\u66f4\u65b0
remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\u3002<\/li>\n- \u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5c07\u4fdd\u5b58\u70ba
cve_report_updated.xlsx<\/code>\u3002<\/li>\n<\/ol>\n
\n4. \u793a\u4f8b\u8f38\u51fa<\/h3>\n\u751f\u6210\u7684 Excel \u6587\u4ef6\u53ef\u80fd\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n \n\n\n| \u7522\u54c1<\/th>\n | \u7248\u672c<\/th>\n | CVE ID<\/th>\n | \u56b4\u91cd\u6027<\/th>\n | \u63cf\u8ff0<\/th>\n | CVSS \u5206\u6578<\/th>\n | Remarks<\/th>\n | Comments<\/th>\n<\/tr>\n<\/thead>\n | \n\n| openssl<\/td>\n | 1.1.1k<\/td>\n | CVE-2021-3450<\/td>\n | HIGH<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 9.8<\/td>\n | \u9700\u8981\u7acb\u5373\u4fee\u5fa9<\/td>\n | \u5f71\u97ff\u751f\u7522\u74b0\u5883<\/td>\n<\/tr>\n | \n| curl<\/td>\n | 7.64.0<\/td>\n | CVE-2021-22947<\/td>\n | MEDIUM<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 6.5<\/td>\n | \u4f4e\u98a8\u96aa<\/td>\n | \u5df2\u5b89\u6392\u4fee\u5fa9<\/td>\n<\/tr>\n | \n| python<\/td>\n | 3.8.10<\/td>\n | CVE-2021-3177<\/td>\n | LOW<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 3.7<\/td>\n | \u7121\u9700\u7acb\u5373\u8655\u7406<\/td>\n | \u50c5\u5f71\u97ff\u6e2c\u8a66\u74b0\u5883<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n5. \u9032\u4e00\u6b65\u64f4\u5c55<\/h3>\n\n- \u6279\u91cf\u66f4\u65b0<\/strong> \uff1a\u5141\u8a31\u7528\u6236\u901a\u904e CSV \u6216 JSON \u6587\u4ef6\u6279\u91cf\u66f4\u65b0
remarks<\/code> \u548c comments<\/code>\u3002<\/li>\n- \u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u70ba\u6bcf\u6b21\u66f4\u65b0\u5275\u5efa\u6b77\u53f2\u8a18\u9304\uff0c\u4ee5\u4fbf\u8ffd\u8e64\u66f4\u6539\u3002<\/li>\n
- \u5716\u5f62\u754c\u9762<\/strong> \uff1a\u4f7f\u7528
tkinter<\/code> \u6216 PyQt<\/code> \u5275\u5efa\u5716\u5f62\u754c\u9762\uff0c\u4f7f\u64cd\u4f5c\u66f4\u53cb\u597d\u3002<\/li>\n<\/ul>\n\u901a\u904e\u9019\u7a2e\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u8f15\u9b06\u7dad\u8b77 CVE \u5831\u544a\u4e2d\u7684 remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\uff0c\u4e26\u78ba\u4fdd\u5831\u544a\u5167\u5bb9\u59cb\u7d42\u6700\u65b0\u3002<\/p>\nQ4: \u9700\u8981\u80fd\u7dad\u8b77\u5e76\u6dfb\u52a0\u65b0\u6383\u63cf\u7684 CVE\u9805\u76ee<\/h2>\n\u70ba\u4e86\u5be6\u73fe\u65e2\u80fd\u7dad\u8b77\u73fe\u6709\u7684 CVE \u9805\u76ee\uff08\u66f4\u65b0 remarks<\/code> \u548c comments<\/code>\uff09\uff0c\u53c8\u80fd\u6dfb\u52a0\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee\uff0c\u6211\u5011\u53ef\u4ee5\u64f4\u5c55\u4e4b\u524d\u7684\u8173\u672c\u3002\u4ee5\u4e0b\u662f\u5be6\u73fe\u6b65\u9a5f\uff1a<\/p>\n
\n1. \u529f\u80fd\u9700\u6c42<\/h3>\n\n- \u52a0\u8f09\u73fe\u6709\u5831\u544a<\/strong> \uff1a\u5982\u679c\u5b58\u5728\u73fe\u6709\u7684 Excel \u5831\u544a\uff0c\u52a0\u8f09\u4e26\u986f\u793a\u73fe\u6709\u7684 CVE \u9805\u76ee\u3002<\/li>\n
- \u6dfb\u52a0\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee<\/strong> \uff1a\u5f9e
cve-bin-tool<\/code> \u6383\u63cf\u7d50\u679c\u4e2d\u6dfb\u52a0\u65b0\u7684 CVE \u9805\u76ee\u3002<\/li>\n- \u7dad\u8b77\u73fe\u6709\u9805\u76ee<\/strong> \uff1a\u5141\u8a31\u7528\u6236\u66f4\u65b0\u73fe\u6709\u9805\u76ee\u7684
remarks<\/code> \u548c comments<\/code>\u3002<\/li>\n- \u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a<\/strong> \uff1a\u5c07\u66f4\u65b0\u5f8c\u7684\u6578\u64da\u4fdd\u5b58\u70ba\u65b0\u7684 Excel \u6587\u4ef6\u3002<\/li>\n<\/ul>\n
\n2. \u5b89\u88dd\u5fc5\u8981\u7684\u5957\u4ef6<\/h3>\n\u78ba\u4fdd\u5df2\u5b89\u88dd\u4ee5\u4e0b\u5957\u4ef6\uff1a<\/p>\n pip install openpyxl cve-bin-tool<\/code><\/pre>\n
\n3. \u5b8c\u6574\u8173\u672c<\/h3>\n\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684 Python \u8173\u672c\uff0c\u652f\u6301\u52a0\u8f09\u73fe\u6709\u5831\u544a\u3001\u6dfb\u52a0\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee\uff0c\u4e26\u7dad\u8b77\u73fe\u6709\u9805\u76ee\uff1a<\/p>\n import subprocess\nimport json\nfrom openpyxl import Workbook, load_workbook\n\ndef load_existing_report(file_path):\n \"\"\"\n \u52a0\u8f09\u73fe\u6709\u7684 Excel \u5831\u544a\u3002\n \"\"\"\n try:\n wb = load_workbook(file_path)\n ws = wb.active\n data = []\n\n # \u8b80\u53d6\u6578\u64da\n for row in ws.iter_rows(min_row=2, values_only=True): # \u8df3\u904e\u8868\u982d\n data.append({\n \"\u7522\u54c1\": row[0],\n \"\u7248\u672c\": row[1],\n \"CVE ID\": row[2],\n \"\u56b4\u91cd\u6027\": row[3],\n \"\u63cf\u8ff0\": row[4],\n \"CVSS \u5206\u6578\": row[5],\n \"Remarks\": row[6] if len(row) > 6 else \"\",\n \"Comments\": row[7] if len(row) > 7 else \"\"\n })\n return data\n except FileNotFoundError:\n print(\"\u672a\u627e\u5230\u73fe\u6709\u5831\u544a\uff0c\u5c07\u5275\u5efa\u65b0\u5831\u544a\u3002\")\n return []\n\ndef scan_project_with_cve_bin_tool(project_path):\n \"\"\"\n \u4f7f\u7528 cve-bin-tool \u6383\u63cf\u5c08\u6848\uff0c\u4e26\u8fd4\u56de JSON \u683c\u5f0f\u7684\u6383\u63cf\u7d50\u679c\u3002\n \"\"\"\n try:\n # \u57f7\u884c cve-bin-tool \u6383\u63cf\n result = subprocess.run(\n [\"cve-bin-tool\", \"-q\", \"-f\", \"json\", project_path],\n capture_output=True,\n text=True\n )\n if result.returncode == 0:\n # \u89e3\u6790 JSON \u8f38\u51fa\n return json.loads(result.stdout)\n else:\n print(\"\u6383\u63cf\u5931\u6557:\", result.stderr)\n return None\n except Exception as e:\n print(\"\u767c\u751f\u932f\u8aa4:\", str(e))\n return None\n\ndef merge_new_cves(existing_data, new_cves):\n \"\"\"\n \u5c07\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee\u5408\u4f75\u5230\u73fe\u6709\u6578\u64da\u4e2d\u3002\n \"\"\"\n existing_cve_ids = {entry[\"CVE ID\"] for entry in existing_data}\n\n for cve in new_cves:\n cve_id = cve.get(\"cve_number\")\n if cve_id not in existing_cve_ids:\n existing_data.append({\n \"\u7522\u54c1\": cve.get(\"product\", \"\"),\n \"\u7248\u672c\": cve.get(\"version\", \"\"),\n \"CVE ID\": cve_id,\n \"\u56b4\u91cd\u6027\": cve.get(\"severity\", \"\"),\n \"\u63cf\u8ff0\": cve.get(\"description\", \"\"),\n \"CVSS \u5206\u6578\": cve.get(\"CVSS_version\", {}).get(\"score\", \"\"),\n \"Remarks\": \"\",\n \"Comments\": \"\"\n })\n print(f\"\u5df2\u6dfb\u52a0\u65b0 CVE: {cve_id}\")\n else:\n print(f\"CVE {cve_id} \u5df2\u5b58\u5728\uff0c\u8df3\u904e\u6dfb\u52a0\u3002\")\n\n return existing_data\n\ndef update_remarks_and_comments(data):\n \"\"\"\n \u624b\u52d5\u66f4\u65b0 remarks \u548c comments \u6b04\u4f4d\u3002\n \"\"\"\n for i, entry in enumerate(data):\n print(f\"\\nCVE ID: {entry['CVE ID']}\")\n print(f\"\u7522\u54c1: {entry['\u7522\u54c1']}, \u7248\u672c: {entry['\u7248\u672c']}\")\n print(f\"\u7576\u524d Remarks: {entry.get('Remarks', '')}\")\n print(f\"\u7576\u524d Comments: {entry.get('Comments', '')}\")\n\n remarks = input(\"\u8f38\u5165\u65b0\u7684 Remarks\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n comments = input(\"\u8f38\u5165\u65b0\u7684 Comments\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n\n if remarks:\n entry[\"Remarks\"] = remarks\n if comments:\n entry[\"Comments\"] = comments\n\n return data\n\ndef save_to_excel(data, output_file=\"cve_report_updated.xlsx\"):\n \"\"\"\n \u5c07\u66f4\u65b0\u5f8c\u7684\u6578\u64da\u4fdd\u5b58\u70ba Excel \u6587\u4ef6\u3002\n \"\"\"\n wb = Workbook()\n ws = wb.active\n ws.title = \"CVE \u5831\u544a\"\n\n # \u6dfb\u52a0\u8868\u982d\n headers = [\"\u7522\u54c1\", \"\u7248\u672c\", \"CVE ID\", \"\u56b4\u91cd\u6027\", \"\u63cf\u8ff0\", \"CVSS \u5206\u6578\", \"Remarks\", \"Comments\"]\n ws.append(headers)\n\n # \u6dfb\u52a0\u6578\u64da\n for entry in data:\n ws.append([\n entry[\"\u7522\u54c1\"],\n entry[\"\u7248\u672c\"],\n entry[\"CVE ID\"],\n entry[\"\u56b4\u91cd\u6027\"],\n entry[\"\u63cf\u8ff0\"],\n entry[\"CVSS \u5206\u6578\"],\n entry.get(\"Remarks\", \"\"),\n entry.get(\"Comments\", \"\")\n ])\n\n # \u4fdd\u5b58\u6587\u4ef6\n wb.save(output_file)\n print(f\"\u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5df2\u4fdd\u5b58\u5230 {output_file}\")\n\ndef main():\n # \u52a0\u8f09\u73fe\u6709\u5831\u544a\n report_file = input(\"\u8acb\u8f38\u5165\u73fe\u6709\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff08\u7559\u7a7a\u4ee5\u5275\u5efa\u65b0\u5831\u544a\uff09: \").strip()\n if report_file:\n data = load_existing_report(report_file)\n else:\n data = []\n\n # \u6383\u63cf\u5c08\u6848\u4ee5\u6dfb\u52a0\u65b0 CVE\n project_path = input(\"\u8acb\u8f38\u5165\u8981\u6383\u63cf\u7684\u5c08\u6848\u8def\u5f91\uff08\u7559\u7a7a\u4ee5\u8df3\u904e\u6383\u63cf\uff09: \").strip()\n if project_path:\n scan_results = scan_project_with_cve_bin_tool(project_path)\n if scan_results:\n data = merge_new_cves(data, scan_results)\n\n # \u66f4\u65b0 remarks \u548c comments\n data = update_remarks_and_comments(data)\n\n # \u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a\n save_to_excel(data)\n\nif __name__ == \"__main__\":\n main()<\/code><\/pre>\n
\n4. \u904b\u884c\u8173\u672c<\/h3>\n\n- \u5c07\u4e0a\u8ff0\u4ee3\u78bc\u4fdd\u5b58\u70ba
cve_report_manager.py<\/code>\u3002<\/li>\n- \n
\u904b\u884c\u8173\u672c\uff1a
\nbash<\/p>\n \u590d\u5236<\/p>\n python cve_report_manager.py<\/code><\/pre>\n<\/li>\n- \u8f38\u5165\u73fe\u6709\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff08\u5982\u679c\u5b58\u5728\uff09\u3002<\/li>\n
- \u8f38\u5165\u8981\u6383\u63cf\u7684\u5c08\u6848\u8def\u5f91\u4ee5\u6dfb\u52a0\u65b0 CVE \u9805\u76ee\uff08\u53ef\u9078\uff09\u3002<\/li>\n
- \u8173\u672c\u6703\u63d0\u793a\u4f60\u70ba\u6bcf\u500b CVE \u8f38\u5165\u6216\u66f4\u65b0
remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\u3002<\/li>\n- \u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5c07\u4fdd\u5b58\u70ba
cve_report_updated.xlsx<\/code>\u3002<\/li>\n<\/ol>\n
\n5. \u793a\u4f8b\u8f38\u51fa<\/h3>\n\u751f\u6210\u7684 Excel \u6587\u4ef6\u53ef\u80fd\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n \n\n\n| \u7522\u54c1<\/th>\n | \u7248\u672c<\/th>\n | CVE ID<\/th>\n | \u56b4\u91cd\u6027<\/th>\n | \u63cf\u8ff0<\/th>\n | CVSS \u5206\u6578<\/th>\n | Remarks<\/th>\n | Comments<\/th>\n<\/tr>\n<\/thead>\n | \n\n| openssl<\/td>\n | 1.1.1k<\/td>\n | CVE-2021-3450<\/td>\n | HIGH<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 9.8<\/td>\n | \u9700\u8981\u7acb\u5373\u4fee\u5fa9<\/td>\n | \u5f71\u97ff\u751f\u7522\u74b0\u5883<\/td>\n<\/tr>\n | \n| curl<\/td>\n | 7.64.0<\/td>\n | CVE-2021-22947<\/td>\n | MEDIUM<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 6.5<\/td>\n | \u4f4e\u98a8\u96aa<\/td>\n | \u5df2\u5b89\u6392\u4fee\u5fa9<\/td>\n<\/tr>\n | \n| python<\/td>\n | 3.8.10<\/td>\n | CVE-2021-3177<\/td>\n | LOW<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 3.7<\/td>\n | \u7121\u9700\u7acb\u5373\u8655\u7406<\/td>\n | \u50c5\u5f71\u97ff\u6e2c\u8a66\u74b0\u5883<\/td>\n<\/tr>\n | \n| libxml2<\/td>\n | 2.9.10<\/td>\n | CVE-2022-29824<\/td>\n | HIGH<\/td>\n | \u65b0\u6383\u63cf\u7684\u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 8.1<\/td>\n | \u5f85\u8a55\u4f30<\/td>\n | \u672a\u8655\u7406<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n6. \u9032\u4e00\u6b65\u64f4\u5c55<\/h3>\n\n- \u81ea\u52d5\u5316\u6383\u63cf<\/strong> \uff1a\u5c07\u6b64\u8173\u672c\u8207 CI\/CD \u5de5\u5177\u96c6\u6210\uff0c\u5b9a\u671f\u6383\u63cf\u5c08\u6848\u4e26\u66f4\u65b0\u5831\u544a\u3002<\/li>\n
- \u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u70ba\u6bcf\u6b21\u66f4\u65b0\u5275\u5efa\u6b77\u53f2\u8a18\u9304\uff0c\u4ee5\u4fbf\u8ffd\u8e64\u66f4\u6539\u3002<\/li>\n
- \u5716\u5f62\u754c\u9762<\/strong> \uff1a\u4f7f\u7528
tkinter<\/code> \u6216 PyQt<\/code> \u5275\u5efa\u5716\u5f62\u754c\u9762\uff0c\u4f7f\u64cd\u4f5c\u66f4\u53cb\u597d\u3002<\/li>\n<\/ul>\n\u901a\u904e\u9019\u7a2e\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u8f15\u9b06\u7dad\u8b77\u73fe\u6709\u7684 CVE \u9805\u76ee\u4e26\u6dfb\u52a0\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee\uff0c\u78ba\u4fdd\u5831\u544a\u5167\u5bb9\u59cb\u7d42\u6700\u65b0\u3002<\/p>\n Q5: \u81ea\u52d5\u6383\u63cf\u8207\u5efa\u7acb\u6b77\u53f2\u8a18\u9304<\/h2>\n\u70ba\u4e86\u5be6\u73fe\u81ea\u52d5\u6383\u63cf\u4e26\u5efa\u7acb\u6b77\u53f2\u8a18\u9304\uff0c\u6211\u5011\u53ef\u4ee5\u64f4\u5c55\u4e4b\u524d\u7684\u8173\u672c\uff0c\u4f7f\u5176\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a<\/p>\n \n- \u81ea\u52d5\u6383\u63cf<\/strong> \uff1a\u5b9a\u671f\u6383\u63cf\u5c08\u6848\u4e26\u5c07\u7d50\u679c\u6dfb\u52a0\u5230\u5831\u544a\u4e2d\u3002<\/li>\n
- \u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u6bcf\u6b21\u6383\u63cf\u6216\u66f4\u65b0\u5f8c\uff0c\u4fdd\u5b58\u4e00\u500b\u5e36\u6709\u6642\u9593\u6233\u7684\u6b77\u53f2\u8a18\u9304\u6587\u4ef6\u3002<\/li>\n
- \u5408\u4f75\u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u5c07\u6b77\u53f2\u8a18\u9304\u5408\u4f75\u5230\u4e3b\u5831\u544a\u4e2d\uff0c\u4ee5\u4fbf\u8ffd\u8e64\u66f4\u6539\u3002<\/li>\n<\/ol>\n
\u4ee5\u4e0b\u662f\u5be6\u73fe\u6b65\u9a5f\uff1a<\/p>\n
\n1. \u529f\u80fd\u9700\u6c42<\/h3>\n\n- \u81ea\u52d5\u6383\u63cf<\/strong> \uff1a\u4f7f\u7528
cve-bin-tool<\/code> \u5b9a\u671f\u6383\u63cf\u5c08\u6848\u3002<\/li>\n- \u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u6bcf\u6b21\u6383\u63cf\u6216\u66f4\u65b0\u5f8c\uff0c\u4fdd\u5b58\u4e00\u500b\u5e36\u6709\u6642\u9593\u6233\u7684\u6b77\u53f2\u8a18\u9304\u6587\u4ef6\u3002<\/li>\n
- \u5408\u4f75\u6b77\u53f2\u8a18\u9304<\/strong> \uff1a\u5c07\u6b77\u53f2\u8a18\u9304\u5408\u4f75\u5230\u4e3b\u5831\u544a\u4e2d\uff0c\u4ee5\u4fbf\u8ffd\u8e64\u66f4\u6539\u3002<\/li>\n<\/ul>\n
\n2. \u5b89\u88dd\u5fc5\u8981\u7684\u5957\u4ef6<\/h3>\n\u78ba\u4fdd\u5df2\u5b89\u88dd\u4ee5\u4e0b\u5957\u4ef6\uff1a<\/p>\n pip install openpyxl cve-bin-tool<\/code><\/pre>\n
\n3. \u5b8c\u6574\u8173\u672c<\/h3>\n\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684 Python \u8173\u672c\uff0c\u652f\u6301\u81ea\u52d5\u6383\u63cf\u3001\u6b77\u53f2\u8a18\u9304\u548c\u5408\u4f75\u529f\u80fd\uff1a<\/p>\n import subprocess\nimport json\nfrom openpyxl import Workbook, load_workbook\nfrom datetime import datetime\nimport os\n\ndef load_existing_report(file_path):\n \"\"\"\n \u52a0\u8f09\u73fe\u6709\u7684 Excel \u5831\u544a\u3002\n \"\"\"\n try:\n wb = load_workbook(file_path)\n ws = wb.active\n data = []\n\n # \u8b80\u53d6\u6578\u64da\n for row in ws.iter_rows(min_row=2, values_only=True): # \u8df3\u904e\u8868\u982d\n data.append({\n \"\u7522\u54c1\": row[0],\n \"\u7248\u672c\": row[1],\n \"CVE ID\": row[2],\n \"\u56b4\u91cd\u6027\": row[3],\n \"\u63cf\u8ff0\": row[4],\n \"CVSS \u5206\u6578\": row[5],\n \"Remarks\": row[6] if len(row) > 6 else \"\",\n \"Comments\": row[7] if len(row) > 7 else \"\",\n \"Last Updated\": row[8] if len(row) > 8 else \"\"\n })\n return data\n except FileNotFoundError:\n print(\"\u672a\u627e\u5230\u73fe\u6709\u5831\u544a\uff0c\u5c07\u5275\u5efa\u65b0\u5831\u544a\u3002\")\n return []\n\ndef scan_project_with_cve_bin_tool(project_path):\n \"\"\"\n \u4f7f\u7528 cve-bin-tool \u6383\u63cf\u5c08\u6848\uff0c\u4e26\u8fd4\u56de JSON \u683c\u5f0f\u7684\u6383\u63cf\u7d50\u679c\u3002\n \"\"\"\n try:\n # \u57f7\u884c cve-bin-tool \u6383\u63cf\n result = subprocess.run(\n [\"cve-bin-tool\", \"-q\", \"-f\", \"json\", project_path],\n capture_output=True,\n text=True\n )\n if result.returncode == 0:\n # \u89e3\u6790 JSON \u8f38\u51fa\n return json.loads(result.stdout)\n else:\n print(\"\u6383\u63cf\u5931\u6557:\", result.stderr)\n return None\n except Exception as e:\n print(\"\u767c\u751f\u932f\u8aa4:\", str(e))\n return None\n\ndef merge_new_cves(existing_data, new_cves):\n \"\"\"\n \u5c07\u65b0\u6383\u63cf\u7684 CVE \u9805\u76ee\u5408\u4f75\u5230\u73fe\u6709\u6578\u64da\u4e2d\u3002\n \"\"\"\n existing_cve_ids = {entry[\"CVE ID\"] for entry in existing_data}\n current_time = datetime.now().strftime(\"%Y-%m-%d %H:%M:%S\")\n\n for cve in new_cves:\n cve_id = cve.get(\"cve_number\")\n if cve_id not in existing_cve_ids:\n existing_data.append({\n \"\u7522\u54c1\": cve.get(\"product\", \"\"),\n \"\u7248\u672c\": cve.get(\"version\", \"\"),\n \"CVE ID\": cve_id,\n \"\u56b4\u91cd\u6027\": cve.get(\"severity\", \"\"),\n \"\u63cf\u8ff0\": cve.get(\"description\", \"\"),\n \"CVSS \u5206\u6578\": cve.get(\"CVSS_version\", {}).get(\"score\", \"\"),\n \"Remarks\": \"\",\n \"Comments\": \"\",\n \"Last Updated\": current_time\n })\n print(f\"\u5df2\u6dfb\u52a0\u65b0 CVE: {cve_id}\")\n else:\n # \u66f4\u65b0\u73fe\u6709\u9805\u76ee\u7684\u6700\u5f8c\u66f4\u65b0\u6642\u9593\n for entry in existing_data:\n if entry[\"CVE ID\"] == cve_id:\n entry[\"Last Updated\"] = current_time\n print(f\"\u5df2\u66f4\u65b0 CVE {cve_id} \u7684\u6700\u5f8c\u66f4\u65b0\u6642\u9593\u3002\")\n\n return existing_data\n\ndef update_remarks_and_comments(data):\n \"\"\"\n \u624b\u52d5\u66f4\u65b0 remarks \u548c comments \u6b04\u4f4d\u3002\n \"\"\"\n for i, entry in enumerate(data):\n print(f\"\\nCVE ID: {entry['CVE ID']}\")\n print(f\"\u7522\u54c1: {entry['\u7522\u54c1']}, \u7248\u672c: {entry['\u7248\u672c']}\")\n print(f\"\u7576\u524d Remarks: {entry.get('Remarks', '')}\")\n print(f\"\u7576\u524d Comments: {entry.get('Comments', '')}\")\n\n remarks = input(\"\u8f38\u5165\u65b0\u7684 Remarks\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n comments = input(\"\u8f38\u5165\u65b0\u7684 Comments\uff08\u7559\u7a7a\u4ee5\u4fdd\u6301\u4e0d\u8b8a\uff09: \").strip()\n\n if remarks:\n entry[\"Remarks\"] = remarks\n if comments:\n entry[\"Comments\"] = comments\n\n return data\n\ndef save_to_excel(data, output_file=\"cve_report_updated.xlsx\"):\n \"\"\"\n \u5c07\u66f4\u65b0\u5f8c\u7684\u6578\u64da\u4fdd\u5b58\u70ba Excel \u6587\u4ef6\u3002\n \"\"\"\n wb = Workbook()\n ws = wb.active\n ws.title = \"CVE \u5831\u544a\"\n\n # \u6dfb\u52a0\u8868\u982d\n headers = [\"\u7522\u54c1\", \"\u7248\u672c\", \"CVE ID\", \"\u56b4\u91cd\u6027\", \"\u63cf\u8ff0\", \"CVSS \u5206\u6578\", \"Remarks\", \"Comments\", \"Last Updated\"]\n ws.append(headers)\n\n # \u6dfb\u52a0\u6578\u64da\n for entry in data:\n ws.append([\n entry[\"\u7522\u54c1\"],\n entry[\"\u7248\u672c\"],\n entry[\"CVE ID\"],\n entry[\"\u56b4\u91cd\u6027\"],\n entry[\"\u63cf\u8ff0\"],\n entry[\"CVSS \u5206\u6578\"],\n entry.get(\"Remarks\", \"\"),\n entry.get(\"Comments\", \"\"),\n entry.get(\"Last Updated\", \"\")\n ])\n\n # \u4fdd\u5b58\u6587\u4ef6\n wb.save(output_file)\n print(f\"\u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5df2\u4fdd\u5b58\u5230 {output_file}\")\n\ndef save_history(data, history_dir=\"history\"):\n \"\"\"\n \u4fdd\u5b58\u6b77\u53f2\u8a18\u9304\u3002\n \"\"\"\n if not os.path.exists(history_dir):\n os.makedirs(history_dir)\n\n timestamp = datetime.now().strftime(\"%Y%m%d_%H%M%S\")\n history_file = os.path.join(history_dir, f\"cve_history_{timestamp}.json\")\n\n with open(history_file, \"w\") as file:\n json.dump(data, file, indent=4)\n print(f\"\u6b77\u53f2\u8a18\u9304\u5df2\u4fdd\u5b58\u5230 {history_file}\")\n\ndef main():\n # \u52a0\u8f09\u73fe\u6709\u5831\u544a\n report_file = input(\"\u8acb\u8f38\u5165\u73fe\u6709\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff08\u7559\u7a7a\u4ee5\u5275\u5efa\u65b0\u5831\u544a\uff09: \").strip()\n if report_file:\n data = load_existing_report(report_file)\n else:\n data = []\n\n # \u6383\u63cf\u5c08\u6848\u4ee5\u6dfb\u52a0\u65b0 CVE\n project_path = input(\"\u8acb\u8f38\u5165\u8981\u6383\u63cf\u7684\u5c08\u6848\u8def\u5f91\uff08\u7559\u7a7a\u4ee5\u8df3\u904e\u6383\u63cf\uff09: \").strip()\n if project_path:\n scan_results = scan_project_with_cve_bin_tool(project_path)\n if scan_results:\n data = merge_new_cves(data, scan_results)\n\n # \u66f4\u65b0 remarks \u548c comments\n data = update_remarks_and_comments(data)\n\n # \u4fdd\u5b58\u66f4\u65b0\u5f8c\u7684\u5831\u544a\n save_to_excel(data)\n\n # \u4fdd\u5b58\u6b77\u53f2\u8a18\u9304\n save_history(data)\n\nif __name__ == \"__main__\":\n main()<\/code><\/pre>\n
\n4. \u904b\u884c\u8173\u672c<\/h3>\n\n- \u5c07\u4e0a\u8ff0\u4ee3\u78bc\u4fdd\u5b58\u70ba
cve_report_manager.py<\/code>\u3002<\/li>\n- \n
\u904b\u884c\u8173\u672c\uff1a
\nbash<\/p>\n \u590d\u5236<\/p>\n python cve_report_manager.py<\/code><\/pre>\n<\/li>\n- \u8f38\u5165\u73fe\u6709\u5831\u544a\u7684\u6587\u4ef6\u8def\u5f91\uff08\u5982\u679c\u5b58\u5728\uff09\u3002<\/li>\n
- \u8f38\u5165\u8981\u6383\u63cf\u7684\u5c08\u6848\u8def\u5f91\u4ee5\u6dfb\u52a0\u65b0 CVE \u9805\u76ee\uff08\u53ef\u9078\uff09\u3002<\/li>\n
- \u8173\u672c\u6703\u63d0\u793a\u4f60\u70ba\u6bcf\u500b CVE \u8f38\u5165\u6216\u66f4\u65b0
remarks<\/code> \u548c comments<\/code> \u6b04\u4f4d\u3002<\/li>\n- \u66f4\u65b0\u5f8c\u7684\u5831\u544a\u5c07\u4fdd\u5b58\u70ba
cve_report_updated.xlsx<\/code>\uff0c\u4e26\u5728 history<\/code> \u76ee\u9304\u4e0b\u4fdd\u5b58\u6b77\u53f2\u8a18\u9304\u3002<\/li>\n<\/ol>\n
\n5. \u793a\u4f8b\u8f38\u51fa<\/h3>\n\u4e3b\u5831\u544a (cve_report_updated.xlsx<\/code>)<\/h4>\n\n\n\n| \u7522\u54c1<\/th>\n | \u7248\u672c<\/th>\n | CVE ID<\/th>\n | \u56b4\u91cd\u6027<\/th>\n | \u63cf\u8ff0<\/th>\n | CVSS \u5206\u6578<\/th>\n | Remarks<\/th>\n | Comments<\/th>\n | Last Updated<\/th>\n<\/tr>\n<\/thead>\n | \n\n| openssl<\/td>\n | 1.1.1k<\/td>\n | CVE-2021-3450<\/td>\n | HIGH<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 9.8<\/td>\n | \u9700\u8981\u7acb\u5373\u4fee\u5fa9<\/td>\n | \u5f71\u97ff\u751f\u7522\u74b0\u5883<\/td>\n | 2023-10-01 12:34:56<\/td>\n<\/tr>\n | \n| curl<\/td>\n | 7.64.0<\/td>\n | CVE-2021-22947<\/td>\n | MEDIUM<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 6.5<\/td>\n | \u4f4e\u98a8\u96aa<\/td>\n | \u5df2\u5b89\u6392\u4fee\u5fa9<\/td>\n | 2023-10-01 12:34:56<\/td>\n<\/tr>\n | \n| python<\/td>\n | 3.8.10<\/td>\n | CVE-2021-3177<\/td>\n | LOW<\/td>\n | \u6f0f\u6d1e\u63cf\u8ff0…<\/td>\n | 3.7<\/td>\n | \u7121\u9700\u7acb\u5373\u8655\u7406<\/td>\n | \u50c5\u5f71\u97ff\u6e2c\u8a66\u74b0\u5883<\/td>\n | 2023-10-01 12:34:56<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\u6b77\u53f2\u8a18\u9304 (history\/cve_history_20231001_123456.json<\/code>)<\/h4>\n[\n {\n \"\u7522\u54c1\": \"openssl\",\n \"\u7248\u672c\": \"1.1.1k\",\n \"CVE ID\": \"CVE-2021-3450\",\n \"\u56b4\u91cd\u6027\": \"HIGH\",\n \"\u63cf\u8ff0\": \"\u6f0f\u6d1e\u63cf\u8ff0...\",\n \"CVSS \u5206\u6578\": \"9.8\",\n \"Remarks\": \"\u9700\u8981\u7acb\u5373\u4fee\u5fa9\",\n \"Comments\": \"\u5f71\u97ff\u751f\u7522\u74b0\u5883\",\n \"Last Updated\": \"2023-10-01 12:34:56\"\n },\n {\n \"\u7522\u54c1\": \"curl\",\n \"\u7248\u672c\": \"7.64.0\",\n \"CVE ID\": \"CVE-2021-22947\",\n \"\u56b4\u91cd\u6027\": \"MEDIUM\",\n \"\u63cf\u8ff0\": \"\u6f0f\u6d1e\u63cf\u8ff0...\",\n \"CVSS \u5206\u6578\": \"6.5\",\n \"Remarks\": \"\u4f4e\u98a8\u96aa\",\n \"Comments\": \"\u5df2\u5b89\u6392\u4fee\u5fa9\",\n \"Last Updated\": \"2023-10-01 12:34:56\"\n }\n]<\/code><\/pre>\n
\n6. \u9032\u4e00\u6b65\u64f4\u5c55<\/h3>\n\n- \u81ea\u52d5\u5316\u5b9a\u671f\u6383\u63cf<\/strong> \uff1a\u4f7f\u7528
cron<\/code>\uff08Linux\uff09\u6216 Task Scheduler<\/code>\uff08Windows\uff09\u5b9a\u671f\u904b\u884c\u8173\u672c\u3002<\/li>\n- \u90f5\u4ef6\u901a\u77e5<\/strong> \uff1a\u5728\u6383\u63cf\u5b8c\u6210\u5f8c\uff0c\u901a\u904e\u96fb\u5b50\u90f5\u4ef6\u767c\u9001\u5831\u544a\u3002<\/li>\n
- \u5716\u5f62\u754c\u9762<\/strong> \uff1a\u4f7f\u7528
tkinter<\/code> \u6216 PyQt<\/code> \u5275\u5efa\u5716\u5f62\u754c\u9762\uff0c\u4f7f\u64cd\u4f5c\u66f4\u53cb\u597d\u3002<\/li>\n<\/ul>\n\u901a\u904e\u9019\u7a2e\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u5be6\u73fe\u81ea\u52d5\u6383\u63cf\u3001\u7dad\u8b77\u6b77\u53f2\u8a18\u9304\uff0c\u4e26\u78ba\u4fdd CVE \u5831\u544a\u5167\u5bb9\u59cb\u7d42\u6700\u65b0\u3002<\/p>\n Q6: Linux\u4e0b\u81ea\u52d5\u5316\u5b9a\u671f\u6383\u63cf<\/h2>\n\u5728 Linux \u7cfb\u7d71\u4e2d\uff0c\u53ef\u4ee5\u4f7f\u7528 cron<\/code> \u4f86\u5be6\u73fe\u81ea\u52d5\u5316\u5b9a\u671f\u6383\u63cf\u3002cron<\/code> \u662f\u4e00\u500b\u7528\u65bc\u5b9a\u671f\u57f7\u884c\u4efb\u52d9\u7684\u8abf\u5ea6\u5de5\u5177\u3002\u4ee5\u4e0b\u662f\u5be6\u73fe\u6b65\u9a5f\uff1a<\/p>\n
\n1. \u6e96\u5099 Python \u8173\u672c<\/h3>\n\u78ba\u4fdd\u4f60\u5df2\u7d93\u6709\u4e00\u500b\u7528\u65bc\u6383\u63cf\u548c\u751f\u6210 CVE \u5831\u544a\u7684 Python \u8173\u672c\uff08\u4f8b\u5982 cve_report_manager.py<\/code>\uff09\u3002\u5982\u679c\u9084\u6c92\u6709\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u7c21\u5316\u7248\u8173\u672c\uff1a<\/p>\nimport subprocess\nimport json\nfrom datetime import datetime\n\ndef scan_project_with_cve_bin_tool(project_path):\n \"\"\"\n \u4f7f\u7528 cve-bin-tool \u6383\u63cf\u5c08\u6848\uff0c\u4e26\u8fd4\u56de JSON \u683c\u5f0f\u7684\u6383\u63cf\u7d50\u679c\u3002\n \"\"\"\n try:\n result = subprocess.run(\n [\"cve-bin-tool\", \"-q\", \"-f\", \"json\", project_path],\n capture_output=True,\n text=True\n )\n if result.returncode == 0:\n return json.loads(result.stdout)\n else:\n print(\"\u6383\u63cf\u5931\u6557:\", result.stderr)\n return None\n except Exception as e:\n print(\"\u767c\u751f\u932f\u8aa4:\", str(e))\n return None\n\ndef save_report(data, output_dir=\"reports\"):\n \"\"\"\n \u5c07\u6383\u63cf\u7d50\u679c\u4fdd\u5b58\u70ba JSON \u6587\u4ef6\u3002\n \"\"\"\n if not os.path.exists(output_dir):\n os.makedirs(output_dir)\n\n timestamp = datetime.now().strftime(\"%Y%m%d_%H%M%S\")\n report_file = os.path.join(output_dir, f\"cve_report_{timestamp}.json\")\n\n with open(report_file, \"w\") as file:\n json.dump(data, file, indent=4)\n print(f\"\u5831\u544a\u5df2\u4fdd\u5b58\u5230 {report_file}\")\n\ndef main():\n project_path = \"\/path\/to\/your\/project\" # \u66ff\u63db\u70ba\u4f60\u7684\u5c08\u6848\u8def\u5f91\n scan_results = scan_project_with_cve_bin_tool(project_path)\n if scan_results:\n save_report(scan_results)\n\nif __name__ == \"__main__\":\n main()<\/code><\/pre>\n\u5c07\u4e0a\u8ff0\u8173\u672c\u4fdd\u5b58\u70ba cve_report_manager.py<\/code>\uff0c\u4e26\u78ba\u4fdd\u5b83\u53ef\u4ee5\u5728\u547d\u4ee4\u884c\u4e2d\u904b\u884c\u3002<\/p>\n
\n2. \u8a2d\u7f6e cron<\/code> \u4efb\u52d9<\/h3>\n\u6b65\u9a5f 1\uff1a\u7de8\u8f2f crontab<\/code><\/h4>\n\u5728\u7d42\u7aef\u4e2d\u904b\u884c\u4ee5\u4e0b\u547d\u4ee4\u4f86\u7de8\u8f2f\u7576\u524d\u7528\u6236\u7684 cron<\/code> \u4efb\u52d9\uff1a<\/p>\ncrontab -e<\/code><\/pre>\n\u6b65\u9a5f 2\uff1a\u6dfb\u52a0\u5b9a\u671f\u6383\u63cf\u4efb\u52d9<\/h4>\n\u5728\u6253\u958b\u7684 crontab<\/code> \u6587\u4ef6\u4e2d\uff0c\u6dfb\u52a0\u4e00\u884c\u4f86\u5b9a\u7fa9\u5b9a\u671f\u6383\u63cf\u4efb\u52d9\u3002\u4f8b\u5982\uff1a<\/p>\n# \u6bcf\u5929\u51cc\u6668 2 \u9ede\u904b\u884c\u6383\u63cf\u8173\u672c\n0 2 * * * \/usr\/bin\/python3 \/path\/to\/cve_report_manager.py >> \/path\/to\/cve_scan.log 2>&1<\/code><\/pre>\n\n0 2 * * *<\/code>\uff1a\u8868\u793a\u6bcf\u5929\u51cc\u6668 2 \u9ede\u904b\u884c\u3002<\/li>\n\/usr\/bin\/python3<\/code>\uff1aPython \u89e3\u91cb\u5668\u7684\u8def\u5f91\uff08\u53ef\u4ee5\u4f7f\u7528 which python3<\/code> \u4f86\u78ba\u8a8d\u8def\u5f91\uff09\u3002<\/li>\n
|
|
|
|