From 7ea88150d28da138c71a64be3339190402b3068c Mon Sep 17 00:00:00 2001
From: "Rodrigo M. Duarte" <rodrigo.duarte@ossystems.com.br>
Date: Wed, 3 Jul 2024 17:08:52 -0300
Subject: [PATCH] cve-filter: Add variables to set the SCORE Cut off values

Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
(cherry picked from commit f2a3f41f9ccbfa5855c45cf77d2c36a93b1efc0b)
---
 classes/cve-filter.bbclass  | 16 ++++++++++++++++
 lib/ossystems/cve_filter.py | 10 +++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/classes/cve-filter.bbclass b/classes/cve-filter.bbclass
index 9fe915a..75eb1e5 100644
--- a/classes/cve-filter.bbclass
+++ b/classes/cve-filter.bbclass
@@ -37,6 +37,12 @@
 # Example: "CVE-2017-6264 CVE-2023-1234"
 # Default: empty
 
+# CVE_FILTER_SCOREV2_CUTTOFF and CVE_FILTER_SCOREV3_CUTTOFF:
+# Set the value of cut off CVE Score to SCOREV2 and V3. CVEs below the value
+# set here will no be considered.
+# Example: "9"
+# Default: "0"
+
 # Set the PATH to find the old CVE Json list
 CVE_FILTER_PREVIOUS_FILE ??= ""
 CVE_FILTER_PREVIOUS_VERSION ??= "0.0.0"
@@ -51,6 +57,10 @@ CVE_FILTER_MARKDOWN_FILE = "${IMGDEPLOYDIR}/${CVE_FILTER_MARKDOWN_FILE_NAME}"
 # List of CVE should be ignored Eg: CVE-2023-1234
 CVE_FILTER_IGNORED_CVES ??= ""
 
+# Cut off score V2 and V3 value
+CVE_FILTER_SCOREV2_CUTOFF ??= "0"
+CVE_FILTER_SCOREV3_CUTOFF ??= "0"
+
 inherit python3native
 
 python do_cve_filter (){
@@ -59,6 +69,8 @@ python do_cve_filter (){
     previousFile = d.getVar("CVE_FILTER_PREVIOUS_FILE")
     previousVersion = d.getVar("CVE_FILTER_PREVIOUS_VERSION")
     cveIgnoreList = d.getVar("CVE_FILTER_IGNORED_CVES").split()
+    scoreV2CutOff = int(d.getVar("CVE_FILTER_SCOREV2_CUTOFF"))
+    scoreV3CutOff = int(d.getVar("CVE_FILTER_SCOREV3_CUTOFF"))
 
     cve_prev = Cve()
     cve_prev.setMarkdonFileName(d.getVar("CVE_FILTER_MARKDOWN_FILE"))
@@ -67,6 +79,8 @@ python do_cve_filter (){
     if previousFile:
         cve_prev.loadCVEfile(previousFile)
         cve_prev.setCVEVersion(previousVersion)
+        cve_prev.setScoreV2CutOff(scoreV2CutOff)
+        cve_prev.setScoreV3CutOff(scoreV3CutOff)
         cve_prev.setIgnoreCVEList(cveIgnoreList)
         cve_prev.loadCVEData()
     else:
@@ -74,6 +88,8 @@ python do_cve_filter (){
 
     cve_curr.loadCVEfile(d.getVar("CVE_FILTER_CURRENT_FILE"))
     cve_curr.setCVEVersion(d.getVar("CVE_FILTER_CURRENT_VERSION"))
+    cve_curr.setScoreV2CutOff(scoreV2CutOff)
+    cve_curr.setScoreV3CutOff(scoreV3CutOff)
     cve_curr.setIgnoreCVEList(cveIgnoreList)
     cve_curr.loadCVEData()
     cve_prev.compareCVes(cve_curr)
diff --git a/lib/ossystems/cve_filter.py b/lib/ossystems/cve_filter.py
index 878f306..6ea3b34 100644
--- a/lib/ossystems/cve_filter.py
+++ b/lib/ossystems/cve_filter.py
@@ -81,6 +81,8 @@ def __init__(self):
         self.__printIssues = []
         self.__ignored_cves = []
         self.__version = 0
+        self.__scoreV2cf = 0
+        self.__scoreV3cf = 0
 
     # def __del__ (self):
     #    self.__cveJsonFile.close()
@@ -112,6 +114,12 @@ def setIgnoreCVEList(self, listcve):
     def setCVEVersion(self, version=0):
         self.__version = version
 
+    def setScoreV2CutOff(self, score):
+        self.__scoreV2cf = score
+
+    def setScoreV3CutOff(self, score):
+        self.__scoreV3cf = score
+
     def getCVEPackages(self):
         return self.__packages
 
@@ -126,7 +134,7 @@ def loadCVEData(self):
             p = Package(pack["name"], pack["version"])
             entry = False
             for id in pack["issue"]:
-                if (float(id["scorev2"]) >= 9 or float(id["scorev3"]) >= 9) and id[
+                if (float(id["scorev2"]) >= self.__scoreV2cf or float(id["scorev3"]) >= self.__scoreV3cf) and id[
                     "status"
                 ] != "Ignored":
                     if not (id["id"] in self.__ignored_cves):