[Git][security-tracker-team/security-tracker][master] 2 commits: tracker_service: link to cve.org
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Jun 7 16:03:56 BST 2023
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbe57011 by Emilio Pozuelo Monfort at 2023-06-07T17:03:03+02:00
tracker_service: link to cve.org
See commit 5eccf413.
Related to #16
- - - - -
a3178f08 by Emilio Pozuelo Monfort at 2023-06-07T17:03:03+02:00
Remove bin/updatelist
This script is superseeded by bin/update-xrefs and
bin/process-cve-records.
Fixes #24
- - - - -
3 changed files:
- bin/tracker_service.py
- − bin/update
- − bin/updatelist
Changes:
=====================================
bin/tracker_service.py
=====================================
@@ -235,7 +235,7 @@ by Debian's security team located in the security-tracker Git """,
""". The data represented here is derived from: """,
A("https://www.debian.org/security/#DSAS", "DSAs"),
""" issued by the Security Team; issues tracked in the """,
- A("https://cve.mitre.org/cve/", "CVE database"),
+ A("https://cve.org/", "CVE database"),
""", issues tracked in the """,
A("https://nvd.nist.gov/", "National Vulnerability Database"),
""" (NVD), maintained by NIST; and security issues
=====================================
bin/update deleted
=====================================
@@ -1,22 +0,0 @@
-#!/bin/sh
-set -e
-
-SCRIPT=$(readlink -f "$0")
-BASEDIR=$(dirname "$SCRIPT")
-
-if [ ! -d CVE ]; then
- echo "run in data subdirectory" >&2
- exit 1
-fi
-
-cd CVE
-rm -f allitems.html
-# wget disabled since fetching allitems.html.gz via wget fails since 2015-04-09 from
-# cve.mitre.org, add workaround with curl until solved
-# wget --quiet https://cve.mitre.org/data/downloads/allitems.html.gz
-# Note: ~/.curlrc on soriano contains:
-# capath=/etc/ssl/ca-global
-curl -s -o allitems.html.gz https://cve.mitre.org/data/downloads/allitems.html.gz
-gunzip allitems.html.gz
-$BASEDIR/updatelist allitems.html ../DSA/list ../DTSA/list ../DLA/list list > list.new
-mv -f list.new list
=====================================
bin/updatelist deleted
=====================================
@@ -1,164 +0,0 @@
-#!/usr/bin/perl
-my $html=shift;
-my $dsa_list=shift;
-my $dtsa_list=shift;
-my $dla_list=shift;
-my $our_list=shift;
-
-my %cves;
-
-sub read_dsa {
- my $list=shift;
-
- open (DSA, "<$list") || die "$list: $!\n";
- my $dsa;
- while (<DSA>) {
- if (/^\[/) {
- ($dsa)=m/(DT?SA-.*?|DLA-.*?) /;
- }
- if (/\{\s*(CVE)/) {
- my ($cvelist)=m/\{(.*)\}/;
- foreach my $cve (split ' ', $cvelist) {
- next unless $cve=~/^CVE-\d+/;
- $cves{$cve}{cve}=$cve;
- push @{$cves{$cve}{xref}}, $dsa;
- }
- }
- }
- close DSA;
-}
-read_dsa($dsa_list);
-read_dsa($dtsa_list);
-read_dsa($dla_list);
-
-my %listedcves;
-
-open (HTML, "<$html") || die "$html: $!\n";
-my $cve;
-while (<HTML>) {
- if (m!<b>Name:\s+(CVE-\d+-\d+)</b>!) {
- $cve=$1;
- $cves{$cve}{cve}=$cve;
- $listedcves{$cve}=1;
- }
- if (m!\*\*\s+RESERVED\s+\*\*!) {
- $cves{$cve}{reserved}=1;
-
- }
- if (m!\*\*\s+REJECT\s+\*\*!) {
- $cves{$cve}{rejected}=1;
- }
- if (m!Description:\s*</b><p>\s*(.*)</p>! &&
- ! m!\*\*\s+RESERVED\s+\*\*! && ! m!\*\*\s+REJECT\s+\*\*!) {
- my $desc;
- $desc=$1;
- if (! length $desc) {
- $desc=<HTML>;
- chomp $desc;
- }
- # truncate length of description text added to lists
- $desc = substr( $desc, 0, 70 );
- $cves{$cve}{description}="($desc ...)";
- }
-}
-close HTML;
-
-my $stopped=0;
-my @out;
-
-sub docve {
- my $cve=shift;
-
- push @out, "$cve".(length $cves{$cve}{description} ? " ".$cves{$cve}{description} : "")."\n";
- if ($cves{$cve}{reserved}) {
- push @out, "\tRESERVED\n";
- }
- if ($cves{$cve}{rejected}) {
- push @out, "\tREJECTED\n";
- }
- if (scalar @{$cves{$cve}{xref}} > 0) {
- push @out, "\t{".join(" ", @{$cves{$cve}{xref}})."}\n";
- }
- if ($cves{$cve}{notes}) {
- foreach (@{$cves{$cve}{notes}}) {
- if (length(@{$cves{$cve}{notes}}) == 1 &&
- $cves{$cve}{rejected} && m/(?:TODO: check$|to be rejected)/) {
- next;
- }
- push @out, "\t$_\n";
- }
- }
- if (! $cves{$cve}{reserved} && ! $cves{$cve}{rejected} &&
- ! $cves{$cve}{notes} &&
- ! $stopped) {
- if ($cve =~ /^CVE-199|^CVE-200[012]/) {
- push @out, "\tNOT-FOR-US: Data pre-dating the Security Tracker\n";
- }
- else {
- push @out, "\tTODO: check\n";
- }
- }
-
- delete $cves{$cve};
-}
-
-open (IN, "<$our_list") || die "$our_list: $!\n";
-my $cve;
-while (<IN>) {
- chomp;
- if (/^(CVE-(?:[0-9]+|[A-Z]+)-(?:[0-9]+|[A-Z]+))\s*(.*)/) {
- my $desc=$2;
- docve($cve) if $cve;
- $cve=$1;
- if (length $desc && $desc !~ /^\(.*\)$/ &&
- (! exists $cves{$cve}{description} ||
- ! length $cves{$cve}{description})) {
- $cves{$cve}{description}=$desc;
- }
- }
- elsif (/^\s+(RESERVED|REJECTED)\s*$/) {
- # skip it
- }
- elsif (/^\s+NOTE: covered by DT?SA.*/) {
- # skip it (old form)
- }
- elsif (/^\s+{\s*(.+?)\s*}/) {
- my @xrefs=split('\s+', $1);
- push @{$cves{$cve}{xref}}, grep(!/^(?:DT?SA|DLA)/, @xrefs);
- }
- elsif (/^\s+(.*)/ && $cve) {
- push @{$cves{$cve}{notes}}, $1;
- }
- elsif (/^STOP/) {
- docve($cve) if $cve;
- push @out, "$_\n";
- $stopped=1;
- $cve='';
- }
- else {
- docve($cve) if $cve;
- push @out, "$_\n" if length $_;
- $cve='';
- }
-}
-close IN;
-docve($cve) if $cve;
-
-foreach my $cve (reverse sort { $cves{$a}{cve} cmp $cves{$b}{cve} } keys %cves) {
- next unless $listedcves{$cve};
- print $cve.(length $cves{$cve}{description} ? " ".$cves{$cve}{description} : "")."\n";
- if ($cves{$cve}{reserved}) {
- print "\tRESERVED\n";
- }
- if ($cves{$cve}{rejected}) {
- print "\tREJECTED\n";
- }
- if (scalar @{$cves{$cve}{xref}} > 0) {
- print "\t{".join(" ", @{$cves{$cve}{xref}})."}\n";
- }
- if (!$cves{$cve}{reserved} || $cves{$cve}{rejected} ) {
- print "\tTODO: check\n";
- }
-}
-
-print @out;
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b87fc72be34bef5e4144ce5e0f6e77dfac3229a...a3178f08b0dd1884f10d1b9166584d5e34ca01b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7b87fc72be34bef5e4144ce5e0f6e77dfac3229a...a3178f08b0dd1884f10d1b9166584d5e34ca01b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230607/7655fc0e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list