[Secure-testing-commits] r47337 - / bin

[Petter Reinholdtsen]

Author: pere
Date: 2016-12-22 11:23:31 +0000 (Thu, 22 Dec 2016)
New Revision: 47337

Modified:
   Makefile
   bin/compare-nvd-cve
Log:
Document how to run bin/compare-nvd-cve.

Modified: Makefile
===================================================================
--- Makefile	2016-12-22 10:50:38 UTC (rev 47336)
+++ Makefile	2016-12-22 11:23:31 UTC (rev 47337)
@@ -247,4 +247,15 @@
 	done
 	python bin/update-nvd data/nvd/nvdcve-*.xml
 
+# Experimental code to compare the Debian and NVD CVE databases using
+# CPE values as common key.
+update-compare-nvd:
+	mkdir -p data/nvd2
+	for x in $$(seq 2002 $$(date +%Y)) ; do \
+	  name=nvdcve-2.0-$$x.xml.gz; \
+	  wget -q -Odata/nvd2/$$name https://static.nvd.nist.gov/feeds/xml/cve/$$name || true ; \
+	  gzip -f -d data/nvd2/$$name || true; \
+	done
+	bin/compare-nvd-cve 2> compare-nvd-cve.log
+
 update-all: update-nvd update-lists update-packages update-oldstable update-stable update-security update-testing-security update-packages update-backports all

Modified: bin/compare-nvd-cve
===================================================================
--- bin/compare-nvd-cve	2016-12-22 10:50:38 UTC (rev 47336)
+++ bin/compare-nvd-cve	2016-12-22 11:23:31 UTC (rev 47337)
@@ -45,10 +45,15 @@
 close $fh;
 
 #
-# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml
+# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
 #
 for my $cvelist
     (
+     "nvdcve-2.0-2016.xml",
+     "nvdcve-2.0-2015.xml",
+     "nvdcve-2.0-2014.xml",
+     "nvdcve-2.0-2013.xml",
+     "nvdcve-2.0-2012.xml",
      "nvdcve-2.0-2011.xml",
      "nvdcve-2.0-2010.xml",
      "nvdcve-2.0-2009.xml",
@@ -57,9 +62,11 @@
      "nvdcve-2.0-2006.xml",
      "nvdcve-2.0-2005.xml",
      "nvdcve-2.0-2004.xml",
+     "nvdcve-2.0-2003.xml",
+     "nvdcve-2.0-2002.xml",
     ) {
     print STDERR "Loading $cvelist\n" if $debug;
-    my $ref = XMLin("../../" . $cvelist);
+    my $ref = XMLin("data/nvd2/" . $cvelist);
     for my $cve (sort {$b cmp $a} keys %{$ref->{entry}}) {
         print STDERR "Checking $cve\n" if $debug;
         my $entry = $ref->{entry}->{$cve};