[isar-cip-core,1/3] scripts/run-cve-checks.sh: Extract suite from dpkg status file name

Commit Message

Sai.Sathujoda@toshiba-tsip.com Aug. 12, 2024, 7:03 a.m. UTC

From: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>

cve_checker.py script in debian-cve-checker repository expects relevant
suite as input which is needed for debsecan tool to list vulnerabilities
of that suite.

Signed-off-by: sai ashrith sathujoda <sai.sathujoda@toshiba-tsip.com>
---
 scripts/run-cve-checks.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch

diff --git a/scripts/run-cve-checks.sh b/scripts/run-cve-checks.sh
index 9cebc90..12fd74e 100755
--- a/scripts/run-cve-checks.sh
+++ b/scripts/run-cve-checks.sh
@@ -32,7 +32,8 @@  aws s3 cp --no-progress --recursive s3://download.cip-project.org/cip-core/cve-c
 mkdir cve-reports
 for file in *.dpkg_status; do
 	echo "Checking $file"
-	cve_checker.py --status "$file" --output ./cve-reports/"${file%.dpkg_status}".csv
+	suite=$(echo "${file%.dpkg_status}" | awk -F- '{print $NF}')
+	cve_checker.py --suite "$suite" --status "$file" --output ./cve-reports/"${file%.dpkg_status}".csv
 done
 
 # Synchronize the CVE reports to AWS (it will delete old reports)