diff options
| author | Petter Reinholdtsen <pere@debian.org> | 2011-01-29 21:44:49 +0000 |
|---|---|---|
| committer | Petter Reinholdtsen <pere@debian.org> | 2011-01-29 21:44:49 +0000 |
| commit | 18950c4ae383d69bdf568b380283608e10e0ae21 (patch) | |
| tree | c08af9f73c28936ef9fae638eb88f051a27ab8bc | |
| parent | 3f673cd26bf5d23d88897fe6b1d9536470f8f7b1 (diff) | |
Map CPE aliases to the first in the alias list.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16005 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rwxr-xr-x | bin/compare-nvd-cve | 42 | ||||
| -rw-r--r-- | data/CPE/aliases | 16 |
2 files changed, 43 insertions, 15 deletions
diff --git a/bin/compare-nvd-cve b/bin/compare-nvd-cve index a74a0074da..5a27ccccdb 100755 --- a/bin/compare-nvd-cve +++ b/bin/compare-nvd-cve @@ -13,10 +13,39 @@ use vars qw($debug %cpemap %cperevmap %cvemap %reportedmissing); $| = 1; -open(my $fh, "<", "data/CPE/list") || die; +my %cpealiases; +open (my $fh, "<", "data/CPE/aliases") || die; +my $lastcpe = ""; +while (<$fh>) { + chomp; + unless ($_) { + $lastcpe = ""; + next; + } + if ($lastcpe) { + $cpealiases{$_} = $lastcpe; + } else { + $cpealiases{$_} = $_; + $lastcpe = $_; + } +} +close ($fh); + +sub cpe_expand_alias { + my $cpe = shift; + my $retval = $cpe; + if (defined $cpe && exists $cpealiases{$cpe}) { + $retval = $cpealiases{$cpe}; + } + return $retval; +} + +open($fh, "<", "data/CPE/list") || die; while (<$fh>) { chomp; my ($binpkg, $cpe) = split(/;/); + $cpe = cpe_expand_alias($cpe); +# $cpe = "unknown-$binpkg" unless $cpe; if ($cpe) { $cpemap{$binpkg} = $cpe; $cperevmap{$cpe} = $binpkg; @@ -60,7 +89,7 @@ for my $cvelist my %info; my @debiancpe = get_debian_cpe($cve); for my $cpe (@debiancpe) { - $info{$cpe} = 1; + $info{cpe_expand_alias($cpe)} = 1; } my @products; @@ -72,10 +101,10 @@ for my $cvelist } } for my $cpe (@products) { - if (exists $info{cpe_product($cpe)}) { - $info{cpe_product($cpe)} += 2; + if (exists $info{cpe_expand_alias(cpe_product($cpe))}) { + $info{cpe_expand_alias(cpe_product($cpe))} += 2; } else { - $info{cpe_product($cpe)} = 2; + $info{cpe_expand_alias(cpe_product($cpe))} = 2; } } for my $cpe (sort keys %info) { @@ -86,7 +115,6 @@ for my $cvelist print STDERR "warning: $cve in Debian refer to $cpe, while NVD do not (found $cpelist).\n" } elsif (2 == $info{$cpe}) { if (exists $cperevmap{$cpe}) { - my $binpkg = $cperevmap{$cpe}; print STDERR "warning: $cve in NVD is not refering to $cpe found in Debian.\n" } @@ -100,7 +128,7 @@ for my $cvelist for my $missing (sort { $reportedmissing{$a} <=> $reportedmissing{$b} } keys %reportedmissing) { my $count = $reportedmissing{$missing}; - print STDERR "error: $cve: missing CPE ID for $missing ($count)\n"; + print STDERR "error: missing CPE ID for $missing ($count)\n"; } sub get_debian_cpe { diff --git a/data/CPE/aliases b/data/CPE/aliases index 4d9157b0bf..12ae06a67e 100644 --- a/data/CPE/aliases +++ b/data/CPE/aliases @@ -8,19 +8,19 @@ cpe:/a:asterisk:open_source cpe:/a:asterisk:p_b_x cpe:/a:digium:asterisk +cpe:/a:clamav:clamav cpe:/a:cclamav:clamav cpe:/a:clam_anti-virus:clamav -cpe:/a:clamav:clamav cpe:/a:clamavs:clamav -cpe:/a:kernel:linux_kernel cpe:/a:linux:kernel +cpe:/a:kernel:linux_kernel cpe:/o:kernel:linux cpe:/o:linux:kernel cpe:/o:linux:linux_kernel -cpe:/a:eric_raymond:fetchmail cpe:/a:fetchmail:fetchmail +cpe:/a:eric_raymond:fetchmail cpe:/a:x:x.org cpe:/a:x:x11 @@ -31,8 +31,8 @@ cpe:/a:ssmtp:ssmtp cpe:/a:silc:silc_toolkit cpe:/a:silcnet:silc_toolkit -cpe:/a:icdevgroup:interchange cpe:/a:interchange_development_group:interchange +cpe:/a:icdevgroup:interchange cpe:/a:w3:amaya cpe:/a:w3c:amaya_web_browser @@ -43,15 +43,15 @@ cpe:/a:python_software_foundation:python cpe:/a:sixapart:movable_type cpe:/a:sixapart:movabletype -cpe:/a:apple:cups cpe:/a:cups:cups +cpe:/a:apple:cups -cpe:/a:foolabs:xpdf cpe:/a:xpdf:xpdf +cpe:/a:foolabs:xpdf +cpe:/a:xensource:xen cpe:/a:citrix:xen cpe:/a:xen:xen -cpe:/a:xensource:xen cpe:/a:xensource_inc:xen cpe:/a:videolan:vlc @@ -63,8 +63,8 @@ cpe:/a:sarg:squid_analysis_report_generator cpe:/a:arb_project:arb-common cpe:/a:lehrstuhl_fur_mikrobiologie:arb -cpe:/a:artifex:gpl_ghostscript cpe:/a:ghostscript:ghostscript +cpe:/a:artifex:gpl_ghostscript cpe:/a:gimp:gimp cpe:/a:gnu:gimp |