intel · Purvanshsingh · Jan 12, 2020 · Jan 12, 2020
diff --git a/cve_bin_tool/NVDAutoUpdate.py b/cve_bin_tool/NVDAutoUpdate.py
@@ -15,6 +15,7 @@
 import shutil
 import sys
 from collections import namedtuple
+from .log import LOGGER
 
 # python 2 compatibility
 try:
@@ -126,21 +127,20 @@ def download_cves(filename, output, json_zip, kargs, year, quiet):
         file_handle.close()
         if not quiet:
             if year in filename:
-                print("Updated current year file " + filename)
+                LOGGER.debug("Updated current year file " + filename)
                 # check only 2019 for now (old files not updated)
                 if check_cve_zip(2019):
                     if not quiet:
-                        print("Verified 2019 zipfile against published sha256 sum")
+                        LOGGER.debug("Verified 2019 zipfile against published sha256 sum")
                 else:
-                    print(
-                        "Error: failed to verify zipfile against published sha256 sum",
-                        file=sys.stderr,
+                    LOGGER.error(
+                        "Error: failed to verify zipfile against published sha256 sum"
                     )
             else:
-                print("Creating new file " + filename)
+                LOGGER.debug("Creating new file " + filename)
     else:
         if not quiet:
-            print("Previous year file: " + filename + " already exists")
+            LOGGER.debug("Previous year file: " + filename + " already exists")
 
 
 def check_cve_zip(year):
@@ -175,7 +175,7 @@ def check_cve_zip(year):
 def init_database(dbname, quiet):
     """ Create new database if needed """
     if not quiet and (not os.path.isfile(dbname)):
-        print("Database file does not exist. Initializing it")
+        LOGGER.debug("Database file does not exist. Initializing it")
     conn = sqlite3.connect(dbname)
     db_cursor = conn.cursor()
     db_cursor.execute(CREATE_SYNTAX)
@@ -314,7 +314,7 @@ def extract_data(nvddir):
 
             jsonfile.close()
         except Exception as exception:
-            print("Exception in extract_data: " + str(exception))
+            LOGGER.error("Exception in extract_data: " + str(exception))
 
     return (
         cve_number,
@@ -377,7 +377,7 @@ def store_cve_data(
                 ),
             )
         except Exception as exception:
-            print("Exception in store_cve_data: " + str(exception))
+            LOGGER.error("Exception in store_cve_data: " + str(exception))
     lastrowid = cur.lastrowid
     conn.commit()
     return lastrowid
@@ -391,7 +391,7 @@ def display_data(conn):
     )  # No xml2, xerces, libnss
     rows = cur.fetchall()
     for row in rows:
-        print(row)
+        LOGGER.info(row)
 
 
 def get_cvelist_if_stale(nvddir, dbname, quiet):
@@ -406,7 +406,7 @@ def get_cvelist_if_stale(nvddir, dbname, quiet):
         - datetime.datetime.fromtimestamp(os.path.getmtime(latest_zipfile))
     ) > datetime.timedelta(hours=24):
         if not quiet:
-            print("Updating CVE data. This will take a few minutes.")
+            LOGGER.debug("Updating CVE data. This will take a few minutes.")
         get_cvelist(nvddir, dbname, quiet)
 
     if not os.path.isfile(dbname):
@@ -433,12 +433,12 @@ def get_cvelist_if_stale(nvddir, dbname, quiet):
         conn.close()
 
     elif not quiet:
-        print(
+        LOGGER.debug(
             "Last Update: "
             + datetime.date.fromtimestamp(os.path.getmtime(dbname)).isoformat()
         )
-        print("Local database has been updated in the past 24h.")
-        print('New data not downloaded.  Use "-u now" to force an update')
+        LOGGER.debug("Local database has been updated in the past 24h.")
+        LOGGER.debug('New data not downloaded.  Use "-u now" to force an update')
 
 
 class NVDSQLite(object):

diff --git a/cve_bin_tool/checkers/kerberos.py b/cve_bin_tool/checkers/kerberos.py
@@ -8,6 +8,7 @@
 """
 import re
 from ..util import regex_find
+from ..log import LOGGER
 
 
 def guess_krb5_version_from_content(lines):
@@ -28,7 +29,7 @@ def guess_krb5_version_from_content(lines):
     for line in lines:
         match = pattern1.search(line)
         if match:
-            print(match.group(0))
+            LOGGER.debug(match.group(0))
             new_guess2 = match.group(0).strip()
             if len(new_guess2) > len(new_guess):
                 new_guess = new_guess2

diff --git a/cve_bin_tool/checkers/libcurl.py b/cve_bin_tool/checkers/libcurl.py
@@ -7,7 +7,7 @@
 https://curl.haxx.se/docs/security.html
 http://www.cvedetails.com/vulnerability-list/vendor_id-12682/Haxx.html
 
-RSS feed: http://www.cvedetails.com/vulnerability-feed.php?vendor_id=12682&product_id=0&version_id=0&orderby=3&cvssscoremin=0
+RSS feed: http://www.cvedetails.com/vulnerability-feed.php?vendor_id=12682&prFoduct_id=0&version_id=0&orderby=3&cvssscoremin=0
 
 Note: Some of the "first vulnerable in" data may not be entered correctly.
 """

diff --git a/cve_bin_tool/checkers/sqlite.py b/cve_bin_tool/checkers/sqlite.py
@@ -18,7 +18,7 @@
 import re
 from cve_bin_tool.VersionSignature import VersionSignatureDb
 from ..util import regex_find
-
+from ..log import LOGGER
 
 def guess_version(lines, version_map):
     """Guesses the sqlite version from the file contents.
@@ -108,7 +108,7 @@ def get_version_map():
     try:
         response = request.urlopen(changeurl)
     except error.URLError as err:
-        print("Could not fetch " + changeurl + ", " + err)
+        LOGGER.error("Could not fetch " + changeurl + ", " + err)
     lines = response.readlines()
 
     version_pattern = re.compile(r"<h3>\d{4}-\d{2}-\d{2} \((\d+\.\d+[.\d]*)\)</h3>")

diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -29,7 +29,7 @@
 from .strings import Strings
 from .file import is_binary
 from .NVDAutoUpdate import NVDSQLite
-from .log import LOGGER
+from log import LOGGER
 
 try:
     import queue
@@ -106,13 +106,13 @@ def remove_skiplist(self, skips=None, quiet=False):
             if skipme in self.checkers:
                 del self.checkers[skipme]
                 if not quiet:
-                    print("Skipping checker: {}".format(skipme))
+                    self.logger.debug("Skipping checker: {}".format(skipme))
             else:
                 if not quiet:
-                    print("Checker {} is not a valid checker name".format(skipme))
+                    self.logger.error("Checker {} is not a valid checker name".format(skipme))
 
     def print_checkers(self):
-        print("Checkers: {}".format(", ".join(self.checkers.keys())))
+        self.logger.debug("Checkers: {}".format(", ".join(self.checkers.keys())))
 
     def get_cves(self, vendor_package_pairs, vers):
         """Returns a list of cves affecting a given version of a piece of software
@@ -192,10 +192,10 @@ def scan_file(self, filename):
                     self.files_with_cve = self.files_with_cve + 1
                 self.all_cves[modulename][version] = found_cves
                 if self.verbose:
-                    print(filename, result["is_or_contains"], modulename, version)
+                    self.logger.info( "% %s %s %s") % (filename, result["is_or_contains"], modulename, version)
                     if found_cves.keys():
-                        print("Known CVEs in version " + str(version))
-                        print(", ".join(found_cves.keys()))
+                        self.logger.info("Known CVEs in version " + str(version))
+                        self.logger.info(", ".join(found_cves.keys()))
 
         self.logger.debug("Done scanning file: %r", filename)
         return self.all_cves
@@ -242,7 +242,7 @@ def scan_and_or_extract_file(scanner, ectx, walker, should_extract, filepath):
     # Attempt to extract the file and scan the contents
     if ectx.can_extract(filepath):
         if not should_extract:
-            print("%s is an archive. Pass " % (filepath,) + "-x option to auto-extract")
+            LOGGER.warning("%s is an archive. Pass " % (filepath,) + "-x option to auto-extract")
             return
         for filename in walker([ectx.extract(filepath)]):
             scan_and_or_extract_file(scanner, ectx, walker, should_extract, filename)
@@ -253,7 +253,7 @@ def extract_file(ectx, walker, should_extract, filepath, file_list):
     if ectx.can_extract(filepath):
         if not should_extract:
             file_list.append(filepath)
-            print("%s is an archive. Pass " % (filepath,) + "-x option to auto-extract")
+            LOGGER.warning("%s is an archive. Pass " % (filepath,) + "-x option to auto-extract")
             return
         for filename in walker([ectx.extract(filepath)]):
             extract_file(ectx, walker, should_extract, filename, file_list)
@@ -362,10 +362,10 @@ def main(argv=None, outfile=sys.stdout):
                           to use it on other operating systems.
                           **********************************************
                           """
-        print(warning_nolinux)
+        LOGGER.warning(warning_nolinux)
 
     if not os.path.isfile(args.directory) and not os.path.isdir(args.directory):
-        print("Error: directory/file invalid")
+        LOGGER.error("Error: directory/file invalid")
         parser.print_usage()
         return -1
 
@@ -379,7 +379,7 @@ def main(argv=None, outfile=sys.stdout):
 
     if args.update == "now":
         if not args.quiet:
-            print("Removing all cached CVE data.")
+            LOGGER.debug("Removing all cached CVE data.")
         NVDSQLite.clear_cached_data()
 
     # Single-thread mode
@@ -389,7 +389,7 @@ def main(argv=None, outfile=sys.stdout):
         # Update CVE database
         if args.update != "never":
             if not args.quiet:
-                print("Checking if CVE data needs an update.")
+                LOGGER.debug("Checking if CVE data needs an update.")
             nvd.get_cvelist_if_stale()
         with nvd:
             extractor = Extractor()
@@ -410,21 +410,21 @@ def main(argv=None, outfile=sys.stdout):
                     )
 
             if not args.quiet:
-                print("")
-                print("Overall CVE summary: ")
-                print(
+                LOGGER.info("")
+                LOGGER.info("Overall CVE summary: ")
+                LOGGER.info(
                     "There are",
                     scanner.files_with_cve,
                     "files with known CVEs detected",
                 )
             if (not args.quiet) and scanner.files_with_cve > 0:
                 affected_string = ", ".join(
                     map(
-                        lambda module_version: " ".join(str(module_version)),
+                        lambda module_version: "".join(str(module_version)),
                         scanner.affected(),
                     )
                 )
-                print("Known CVEs in %s:" % (affected_string,))
+                LOGGER.info("Known CVEs in %s:" % (affected_string,))
                 output_cves(outfile, scanner.all_cves, include_details=args.verbose)
 
             # Use the number of files with known cves as error code

diff --git a/cve_bin_tool/csv2cve.py b/cve_bin_tool/csv2cve.py
@@ -7,6 +7,7 @@
 
 from .cli import Scanner
 from .NVDAutoUpdate import NVDSQLite
+from .log import LOGGER
 
 ERR_BADCSV = -1
 ERR_MISSINGCOLUMN = -2
@@ -43,20 +44,20 @@ def main(argv=None, outfile=None):
 
 def csv2cve(filename):
     # Parse the csv file
-    print("opening file: {}".format(filename))
+    LOGGER.debug("opening file: {}".format(filename))
     cveoutput = []
 
     with open(filename) as csvfile:
         csvdata = csv.DictReader(csvfile, delimiter=",")  # "," is default anyhow
 
         if csvdata is None or csvdata.fieldnames is None:
-            print("Error: invalid CSV", file=sys.stderr)
+            LOGGER.error("Error: invalid CSV")
             return ERR_BADCSV
 
         required_columns = ["vendor", "package", "version"]
         for column in required_columns:
             if column not in csvdata.fieldnames:
-                print("Error: no {} column found".format(column), file=sys.stderr)
+                LOGGER.error("Error: no {} column found".format(column))
                 return ERR_MISSINGCOLUMN
 
         # Initialize the NVD database
@@ -69,19 +70,19 @@ def csv2cve(filename):
 
         # Go row by row and look for CVEs
         for row in csvdata:
-            print(
+            LOGGER.info(
                 "CVES for {} {}, version {}".format(
                     row["vendor"], row["package"], row["version"]
                 )
             )
             vpkg_pair = [[row["vendor"], row["package"]]]
             cves = scanner.get_cves(vpkg_pair, row["version"])
             if cves:
-                print("\n".join(sorted(cves.keys())))
+                LOGGER.info("\n".join(sorted(cves.keys())))
                 cveoutput.append(cves.keys())
             else:
-                print("No CVEs found. Is the vendor/package info correct?")
-            print("")
+                LOGGER.debug("No CVEs found. Is the vendor/package info correct?")
+            LOGGER.debug("")
 
         # close down the NVD database
         nvd.close()

diff --git a/cve_bin_tool/log.py b/cve_bin_tool/log.py
@@ -1,4 +1,18 @@
 """Logging"""
+import sys
 import logging
+formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s")
+# stdout handler
+stdout_handler = logging.StreamHandler(sys.stdout)
+stdout_handler.setLevel(logging.DEBUG)
+stdout_handler.setFormatter(formatter)
+# Stderr handler
+stderr_handler = logging.StreamHandler(sys.stderr)
+stderr_handler.setLevel(logging.ERROR)
+stderr_handler.setFormatter(formatter)
+# Adding handler
+root = logging.getLogger()
+root.addHandler(stdout_handler)
+root.addHandler(stderr_handler)
 
 LOGGER = logging.getLogger(__package__)
diff --git a/md b/md