diff options
| author | Petter Reinholdtsen <pere@debian.org> | 2011-01-29 21:44:49 +0000 |
|---|---|---|
| committer | Petter Reinholdtsen <pere@debian.org> | 2011-01-29 21:44:49 +0000 |
| commit | 18950c4ae383d69bdf568b380283608e10e0ae21 (patch) | |
| tree | c08af9f73c28936ef9fae638eb88f051a27ab8bc /bin/compare-nvd-cve | |
| parent | 3f673cd26bf5d23d88897fe6b1d9536470f8f7b1 (diff) | |
Map CPE aliases to the first in the alias list.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16005 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/compare-nvd-cve')
| -rwxr-xr-x | bin/compare-nvd-cve | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/bin/compare-nvd-cve b/bin/compare-nvd-cve index a74a0074da..5a27ccccdb 100755 --- a/bin/compare-nvd-cve +++ b/bin/compare-nvd-cve @@ -13,10 +13,39 @@ use vars qw($debug %cpemap %cperevmap %cvemap %reportedmissing); $| = 1; -open(my $fh, "<", "data/CPE/list") || die; +my %cpealiases; +open (my $fh, "<", "data/CPE/aliases") || die; +my $lastcpe = ""; +while (<$fh>) { + chomp; + unless ($_) { + $lastcpe = ""; + next; + } + if ($lastcpe) { + $cpealiases{$_} = $lastcpe; + } else { + $cpealiases{$_} = $_; + $lastcpe = $_; + } +} +close ($fh); + +sub cpe_expand_alias { + my $cpe = shift; + my $retval = $cpe; + if (defined $cpe && exists $cpealiases{$cpe}) { + $retval = $cpealiases{$cpe}; + } + return $retval; +} + +open($fh, "<", "data/CPE/list") || die; while (<$fh>) { chomp; my ($binpkg, $cpe) = split(/;/); + $cpe = cpe_expand_alias($cpe); +# $cpe = "unknown-$binpkg" unless $cpe; if ($cpe) { $cpemap{$binpkg} = $cpe; $cperevmap{$cpe} = $binpkg; @@ -60,7 +89,7 @@ for my $cvelist my %info; my @debiancpe = get_debian_cpe($cve); for my $cpe (@debiancpe) { - $info{$cpe} = 1; + $info{cpe_expand_alias($cpe)} = 1; } my @products; @@ -72,10 +101,10 @@ for my $cvelist } } for my $cpe (@products) { - if (exists $info{cpe_product($cpe)}) { - $info{cpe_product($cpe)} += 2; + if (exists $info{cpe_expand_alias(cpe_product($cpe))}) { + $info{cpe_expand_alias(cpe_product($cpe))} += 2; } else { - $info{cpe_product($cpe)} = 2; + $info{cpe_expand_alias(cpe_product($cpe))} = 2; } } for my $cpe (sort keys %info) { @@ -86,7 +115,6 @@ for my $cvelist print STDERR "warning: $cve in Debian refer to $cpe, while NVD do not (found $cpelist).\n" } elsif (2 == $info{$cpe}) { if (exists $cperevmap{$cpe}) { - my $binpkg = $cperevmap{$cpe}; print STDERR "warning: $cve in NVD is not refering to $cpe found in Debian.\n" } @@ -100,7 +128,7 @@ for my $cvelist for my $missing (sort { $reportedmissing{$a} <=> $reportedmissing{$b} } keys %reportedmissing) { my $count = $reportedmissing{$missing}; - print STDERR "error: $cve: missing CPE ID for $missing ($count)\n"; + print STDERR "error: missing CPE ID for $missing ($count)\n"; } sub get_debian_cpe { |