check-external: update: Gather CVE from the Red Hat Security Data API endpoint

As the bugzilla query cannot reliably deliver CVE information anymore
and the metadata export has been discontinued switch to gather the
Red Hat known CVEs from the Red Hat Security Data API endpoint instread.

Link: https://www.redhat.com/en/blog/future-red-hat-security-data
Link: https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/check-external/update.sh b/check-external/update.sh
index 10402da1dd..2c068e0910 100755
--- a/check-external/update.sh
+++ b/check-external/update.sh
@@ -49,9 +49,10 @@ wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classifica
 # Some extra data is readily available as an xml file (until 2023-11-08)
 # discontinued as per https://www.redhat.com/en/blog/future-red-hat-security-data
 # last archived version: https://access.redhat.com/security/data/archive/cve-metadata-from-bugzilla_20231108.xml
-#wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml
-#cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml |
-cat redhat-bugzilla.html |
+# Gather data from Red Hat Security Data API instead
+# https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index
+curl -s https://access.redhat.com/hydra/rest/securitydata/cve.json?per_page=1000000 | jq -r '.[] | .CVE' > redhat-security-data-api.list
+cat redhat-bugzilla.html redhat-security-data-api.list |
 perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' | sort -u > cve.list
 check_list cve.list