Merge branch 'master' into py2

cve_bin_tool/csv2cve.py

@@ -170,5 +170,52 @@ def main(argv=None, outfile=None):
     csv2cve.generate_output(outfile)
 
 
+def csv2cve(filename):
+    # Parse the csv file
+    LOGGER.debug(f"opening file: {filename}")
+    cveoutput = []
+
+    with open(filename) as csvfile:
+        csvdata = csv.DictReader(csvfile, delimiter=",")  # "," is default anyhow
+
+        if csvdata is None or csvdata.fieldnames is None:
+            LOGGER.error("Error: invalid CSV")
+            return ERR_BADCSV
+
+        required_columns = {"vendor", "product", "version"}
+        csv_columns = set(csvdata.fieldnames)
+        missing_columns = required_columns - csv_columns
+        if missing_columns != set():
+            LOGGER.error(f"Error: no {missing_columns} columns found")
+            return ERR_MISSINGCOLUMN
+
+        # Initialize the NVD database
+        cvedb = CVEDB()
+        cvedb.get_cvelist_if_stale()
+
+        # Go row by row and look for CVEs
+        for row in csvdata:
+            LOGGER.info(
+                f'CVES for {row["vendor"]} {row["product"]}, version {row["version"]}'
+            )
+            cves = cvedb.get_cves(row["vendor"], row["product"], row["version"])
+            if cves:
+                s = map(
+                    lambda key: " ".join(
+                        [row["vendor"], row["product"], row["version"], key, cves[key]]
+                    ),
+                    sorted(cves.keys()),
+                )
+                LOGGER.info("\n".join(s))
+                cveoutput.append(cves)
+            else:
+                LOGGER.debug("No CVEs found. Is the vendor/product info correct?")
+            LOGGER.debug("")
+
+        # close down the NVD database
+        cvedb.close()
+        return cveoutput
+
+
 if __name__ == "__main__":
     sys.exit(main())