[Git][security-tracker-team/security-tracker][master] 3 commits: check-external: update: Gather CVE from the Red Hat Security Data API endpoint

Mon Nov 20 19:28:32 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5086819 by Salvatore Bonaccorso at 2023-11-20T17:43:06+01:00
check-external: update: Gather CVE from the Red Hat Security Data API endpoint

As the bugzilla query cannot reliably deliver CVE information anymore
and the metadata export has been discontinued switch to gather the
Red Hat known CVEs from the Red Hat Security Data API endpoint instread.

Link: https://www.redhat.com/en/blog/future-red-hat-security-data
Link: https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
cb931c6f by Salvatore Bonaccorso at 2023-11-20T17:43:06+01:00
check-external: update: Disable fetching from Red Hat Bugzilla

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
d108da5a by Salvatore Bonaccorso at 2023-11-20T19:28:21+00:00
Merge branch 'external-check-redhat-security-api' into 'master'

check-external: update: Gather CVE from the Red Hat Security Data API endpoint

See merge request security-tracker-team/security-tracker!153
- - - - -


1 changed file:

- check-external/update.sh


Changes:

=====================================
check-external/update.sh
=====================================
@@ -45,13 +45,16 @@ check_list() {
 # This should be better done via a rewrite and using python-bugzilla
 # but it is sufficient for now to get some additional CVE information
 # from Red Hat source
-wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0'
+# Fetching from RedHat bugzilla via query is unreliable, thus disabled
+# on 2023-11-16 for the time beeing.
+# wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0'
 # Some extra data is readily available as an xml file (until 2023-11-08)
 # discontinued as per https://www.redhat.com/en/blog/future-red-hat-security-data
 # last archived version: https://access.redhat.com/security/data/archive/cve-metadata-from-bugzilla_20231108.xml
-#wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml
-#cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml |
-cat redhat-bugzilla.html |
+# Gather data from Red Hat Security Data API instead
+# https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index
+curl -s https://access.redhat.com/hydra/rest/securitydata/cve.json?per_page=1000000 | jq -r '.[] | .CVE' > redhat-security-data-api.list
+cat redhat-security-data-api.list |
 perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' | sort -u > cve.list
 check_list cve.list
 



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/098d53342e7ef4e730ad1f1dd5701c138ddfb13d...d108da5aff5e83cf6060b395267ef7328f2b8c4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/098d53342e7ef4e730ad1f1dd5701c138ddfb13d...d108da5aff5e83cf6060b395267ef7328f2b8c4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/32ee6b29/attachment-0001.htm>
