[Git][security-tracker-team/security-tracker][master] 2 commits: tracker_service: link to cve.org

Wed Jun 7 16:03:56 BST 2023


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbe57011 by Emilio Pozuelo Monfort at 2023-06-07T17:03:03+02:00
tracker_service: link to cve.org

See commit 5eccf413.

Related to #16

- - - - -
a3178f08 by Emilio Pozuelo Monfort at 2023-06-07T17:03:03+02:00
Remove bin/updatelist

This script is superseeded by bin/update-xrefs and
bin/process-cve-records.

Fixes #24

- - - - -


3 changed files:

- bin/tracker_service.py
- − bin/update
- − bin/updatelist


Changes:

=====================================
bin/tracker_service.py
=====================================
@@ -235,7 +235,7 @@ by Debian's security team located in the security-tracker Git """,
             """.  The data represented here is derived from: """,
             A("https://www.debian.org/security/#DSAS", "DSAs"),
             """ issued by the Security Team; issues tracked in the """,
-            A("https://cve.mitre.org/cve/", "CVE database"),
+            A("https://cve.org/", "CVE database"),
             """, issues tracked in the """,
             A("https://nvd.nist.gov/", "National Vulnerability Database"),
             """ (NVD), maintained by NIST; and security issues


=====================================
bin/update deleted
=====================================
@@ -1,22 +0,0 @@
-#!/bin/sh
-set -e
-
-SCRIPT=$(readlink -f "$0")
-BASEDIR=$(dirname "$SCRIPT")
-
-if [ ! -d CVE ]; then
-	echo "run in data subdirectory" >&2
-	exit 1
-fi
-
-cd CVE
-rm -f allitems.html
-# wget disabled since fetching allitems.html.gz via wget fails since 2015-04-09 from
-# cve.mitre.org, add workaround with curl until solved
-# wget --quiet https://cve.mitre.org/data/downloads/allitems.html.gz
-# Note: ~/.curlrc on soriano contains:
-# capath=/etc/ssl/ca-global
-curl -s -o allitems.html.gz https://cve.mitre.org/data/downloads/allitems.html.gz
-gunzip allitems.html.gz
-$BASEDIR/updatelist allitems.html ../DSA/list ../DTSA/list ../DLA/list list > list.new
-mv -f list.new list


=====================================
bin/updatelist deleted
=====================================
@@ -1,164 +0,0 @@
-#!/usr/bin/perl
-my $html=shift;
-my $dsa_list=shift;
-my $dtsa_list=shift;
-my $dla_list=shift;
-my $our_list=shift;
-
-my %cves;
-
-sub read_dsa {
-	my $list=shift;
-	
-	open (DSA, "<$list") || die "$list: $!\n";
-	my $dsa;
-	while (<DSA>) {
-		if (/^\[/) {
-			($dsa)=m/(DT?SA-.*?|DLA-.*?) /;
-		}
-		if (/\{\s*(CVE)/) {
-			my ($cvelist)=m/\{(.*)\}/;
-			foreach my $cve (split ' ', $cvelist) {
-				next unless $cve=~/^CVE-\d+/;
-				$cves{$cve}{cve}=$cve;
-				push @{$cves{$cve}{xref}}, $dsa;
-			}
-		}
-	}
-	close DSA;
-}
-read_dsa($dsa_list);
-read_dsa($dtsa_list);
-read_dsa($dla_list);
-
-my %listedcves;
-
-open (HTML, "<$html") || die "$html: $!\n";
-my $cve;
-while (<HTML>) {
-	if (m!<b>Name:\s+(CVE-\d+-\d+)</b>!) {
-		$cve=$1;
-		$cves{$cve}{cve}=$cve;
-		$listedcves{$cve}=1;
-	}
-	if (m!\*\*\s+RESERVED\s+\*\*!) {
-		$cves{$cve}{reserved}=1;
-			
-	}
-	if (m!\*\*\s+REJECT\s+\*\*!) {
-		$cves{$cve}{rejected}=1;
-	}
-	if (m!Description:\s*</b><p>\s*(.*)</p>! &&
-		! m!\*\*\s+RESERVED\s+\*\*! && ! m!\*\*\s+REJECT\s+\*\*!) {
-		my $desc;
-		$desc=$1;
-		if (! length $desc) {
-			$desc=<HTML>;
-			chomp $desc;
-		}
-		# truncate length of description text added to lists
-		$desc = substr( $desc, 0, 70 );
-		$cves{$cve}{description}="($desc ...)";
-	}
-}
-close HTML;
-
-my $stopped=0;
-my @out;
-
-sub docve {
-	my $cve=shift;	
-	
-	push @out, "$cve".(length $cves{$cve}{description} ? " ".$cves{$cve}{description} : "")."\n";
-	if ($cves{$cve}{reserved}) {
-		push @out, "\tRESERVED\n";
-	}
-	if ($cves{$cve}{rejected}) {
-		push @out, "\tREJECTED\n";
-	}
-	if (scalar @{$cves{$cve}{xref}} > 0) {
-		push @out, "\t{".join(" ", @{$cves{$cve}{xref}})."}\n";
-	}
-	if ($cves{$cve}{notes}) {
-		foreach (@{$cves{$cve}{notes}}) {
-			if (length(@{$cves{$cve}{notes}}) == 1 &&
-				$cves{$cve}{rejected} && m/(?:TODO: check$|to be rejected)/) {
-			    next;
-			}
-			push @out, "\t$_\n";
-		}
-	}
-	if (! $cves{$cve}{reserved} && ! $cves{$cve}{rejected} &&
-	    ! $cves{$cve}{notes} &&
-	    ! $stopped) {
-	    	if ($cve =~ /^CVE-199|^CVE-200[012]/) {
-		    push @out, "\tNOT-FOR-US: Data pre-dating the Security Tracker\n";
-		}
-		else {
-		    push @out, "\tTODO: check\n";
-		}
-	}
-		
-	delete $cves{$cve};
-}
-
-open (IN, "<$our_list") || die "$our_list: $!\n";
-my $cve;
-while (<IN>) {
-	chomp;
-	if (/^(CVE-(?:[0-9]+|[A-Z]+)-(?:[0-9]+|[A-Z]+))\s*(.*)/) {
-		my $desc=$2;
-		docve($cve) if $cve;
-		$cve=$1;
-		if (length $desc && $desc !~ /^\(.*\)$/ &&
-		    (! exists $cves{$cve}{description} ||
-		     ! length $cves{$cve}{description})) {
-			$cves{$cve}{description}=$desc;
-		}
-	}
-	elsif (/^\s+(RESERVED|REJECTED)\s*$/) {
-		# skip it
-	}
-	elsif (/^\s+NOTE: covered by DT?SA.*/) {
-		# skip it (old form)
-	}
-	elsif (/^\s+{\s*(.+?)\s*}/) {
-		my @xrefs=split('\s+', $1);
-		push @{$cves{$cve}{xref}}, grep(!/^(?:DT?SA|DLA)/, @xrefs);
-	}
-	elsif (/^\s+(.*)/ && $cve) {
-		push @{$cves{$cve}{notes}}, $1;
-	}
-	elsif (/^STOP/) {
-		docve($cve) if $cve;
-		push @out, "$_\n";
-		$stopped=1;
-		$cve='';
-	}
-	else {
-		docve($cve) if $cve;
-		push @out, "$_\n" if length $_;
-		$cve='';
-	}
-}
-close IN;
-docve($cve) if $cve;
-
-foreach my $cve (reverse sort { $cves{$a}{cve} cmp $cves{$b}{cve} } keys %cves) {
-	next unless $listedcves{$cve};
-	print $cve.(length $cves{$cve}{description} ? " ".$cves{$cve}{description} : "")."\n";
-	if ($cves{$cve}{reserved}) {
-		print "\tRESERVED\n";
-	}
-	if ($cves{$cve}{rejected}) {
-		print "\tREJECTED\n";
-	}
-	if (scalar @{$cves{$cve}{xref}} > 0) {
-		print "\t{".join(" ", @{$cves{$cve}{xref}})."}\n";
-	}
-	if (!$cves{$cve}{reserved} || $cves{$cve}{rejected} ) {
-		print "\tTODO: check\n";
-	}
-}
-
-print @out;



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b87fc72be34bef5e4144ce5e0f6e77dfac3229a...a3178f08b0dd1884f10d1b9166584d5e34ca01b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b87fc72be34bef5e4144ce5e0f6e77dfac3229a...a3178f08b0dd1884f10d1b9166584d5e34ca01b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230607/7655fc0e/attachment-0001.htm>
