[Git][security-tracker-team/security-tracker][master] An alternative triage script that works if the json sync is not working.

Ola Lundqvist opal at debian.org
Sun Feb 10 15:55:59 GMT 2019


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cec172d5 by Ola Lundqvist at 2019-02-10T15:55:32Z
An alternative triage script that works if the json sync is not working.

- - - - -


1 changed file:

- + bin/lts-alt-cve-triage.sh


Changes:

=====================================
bin/lts-alt-cve-triage.sh
=====================================
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Requires:
+# wget, html2text
+
+WDB="https://deb.freexian.com/extended-lts/tracker/status/release/oldstable"
+ENF="data/dla-needed.txt"
+OPF=$(tempfile)
+
+echo "Fetching tracker db from $WDB"
+wget -O "$OPF" -q "$WDB"
+html2text "$OPF" | grep "?$" | while read A B O ; do
+    if echo $A | grep -q -E "^(CVE|TEMP)-" ; then
+	CVE=$A
+    else
+	PACKAGE=$A
+	CVE=$B
+    fi
+
+    # Sanitize package name for e.g. foo_(non-free)
+    PACKAGE=${PACKAGE%%_*}
+
+    if echo "$PACKAGE" | grep -q '^[-a-zA-Z0-9_][-a-zA-Z0-9_.]*$' ; then
+	if [ -n "$CVE" ] ; then
+	    if grep -q "^$PACKAGE[[:space:]](" $ENF ; then
+		echo "Supported $PACKAGE $CVE (Claimed)"
+	    elif grep -q "^$PACKAGE$" $ENF ; then
+		echo "Supported $PACKAGE $CVE (Not claimed)"
+	    else
+		echo "Supported $PACKAGE $CVE (Triage needed)"
+	    fi
+	else
+	    echo "Empty CVE for $PACKAGE"
+	fi
+    else
+	echo "Unknown characters in package name $PACKAGE."
+    fi
+done
+rm -f "$OPF"



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec172d51bc647f5a51554bc3ffd882883650e52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cec172d51bc647f5a51554bc3ffd882883650e52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190210/10b9e6c8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list