From 1a429deeb807b04a7b8a0914fe3c8070d1fc20c4 Mon Sep 17 00:00:00 2001 From: Paul Wise Date: Fri, 20 Jan 2023 13:51:57 +0800 Subject: Add links to more CVE search services CIRCL, Red Hat CVEs, Ubuntu bugs, Alpine, Arch Linux bugs/CVEs. Also shorten SUSE bugzilla to bug and use consistent function names. Inspired-by: the Arch Linux security issue tracker --- bin/tracker_service.py | 74 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 63 insertions(+), 11 deletions(-) diff --git a/bin/tracker_service.py b/bin/tracker_service.py index d3d27ebb89..610ca69f30 100755 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -377,6 +377,8 @@ data source.""")], "; ", self.make_cert_bug_ref(url, bug.name, 'CERT'), ", ", + self.make_circl_bug_ref(url, bug.name, 'CIRCL'), + ", ", self.make_lwn_bug_ref(url, bug.name, 'LWN'), ", ", self.make_osssec_bug_ref(url, bug.name, 'oss-sec'), @@ -388,19 +390,28 @@ data source.""")], self.make_edb_bug_ref(url, bug.name, 'EDB'), ", ", self.make_metasploit_bug_ref(url, bug.name, 'Metasploit'), - ", ", - self.make_rhbug_ref(url, bug.name, - 'Red Hat'), - ", ", - self.make_ubuntu_bug_ref(url, bug.name, 'Ubuntu'), + ", Red Hat ", + self.make_redhat_bug_ref(url, bug.name, 'bug'), + "/", + self.make_redhat_cve_ref(url, bug.name, 'CVE'), + ", Ubuntu ", + self.make_ubuntu_bug_ref(url, bug.name, 'bug'), + "/", + self.make_ubuntu_cve_ref(url, bug.name, 'CVE'), ", ", self.make_gentoo_bug_ref(url, bug.name, 'Gentoo'), ", SUSE ", - self.make_suse_bug_ref(url, bug.name, 'bugzilla'), + self.make_suse_bug_ref(url, bug.name, 'bug'), "/", self.make_suse_cve_ref(url, bug.name, 'CVE'), ", ", self.make_mageia_bug_ref(url, bug.name, 'Mageia'), + ", ", + self.make_alpine_bug_ref(url, bug.name, 'Alpine'), + ", Arch Linux ", + self.make_archlinux_bug_ref(url, bug.name, 'bug'), + "/", + self.make_archlinux_cve_ref(url, bug.name, 'CVE'), ", GitHub ", self.make_github_advisory_ref(url, bug.name, 'advisories'), "/", @@ -1520,6 +1531,8 @@ Debian bug number.'''), return url.absolute("https://nvd.nist.gov/vuln/detail/%s" % name) def url_cert_bug(self, url, name): return url.absolute("https://www.kb.cert.org/vuls/byid", searchview='', query=name) + def url_circl_bug(self, url, name): + return url.absolute("https://cve.circl.lu/cve/%s" % name) def url_lwn_bug(self, url, name): return url.absolute("https://lwn.net/Search/DoSearch", words=name) def url_osssec_bug(self, url, name): @@ -1533,10 +1546,13 @@ Debian bug number.'''), return url.absolute("https://www.exploit-db.com/search/", action="search", cve=name) def url_metasploit_bug(self, url, name): return url.absolute("https://www.rapid7.com/db/search", q=name) - def url_rhbug(self, url, name): - return url.absolute("https://bugzilla.redhat.com/show_bug.cgi", - id=name) + def url_redhat_bug(self, url, name): + return url.absolute("https://bugzilla.redhat.com/show_bug.cgi", id=name) + def url_redhat_cve(self, url, name): + return url.absolute("https://access.redhat.com/security/cve/%s" % name) def url_ubuntu_bug(self, url, name): + return url.absolute("https://launchpad.net/bugs/cve/%s" % name) + def url_ubuntu_cve(self, url, name): return url.absolute("https://people.canonical.com/~ubuntu-security/cve/%s" % name) def url_gentoo_bug(self, url, name): return url.absolute("https://bugs.gentoo.org/show_bug.cgi", id=name) @@ -1547,6 +1563,12 @@ Debian bug number.'''), return url.absolute("https://www.suse.com/security/cve/%s/" % name) def url_mageia_bug(self, url, name): return url.absolute("https://advisories.mageia.org/%s.html" % name) + def url_alpine_bug(self, url, name): + return url.absolute("https://security.alpinelinux.org/vuln/%s" % name) + def url_archlinux_bug(self, url, name): + return url.absoluteDict("https://bugs.archlinux.org/", { "status[]": "", "search_in_details": "1", "string": name}) + def url_archlinux_cve(self, url, name): + return url.absolute("https://security.archlinux.org/%s" % name) def url_github_advisory_bug(self, url, name): return url.absolute("https://github.com/advisories", query=name) def url_github_code_bug(self, url, name): @@ -1629,6 +1651,11 @@ Debian bug number.'''), name = cve return A(self.url_cert_bug(url, cve), name) + def make_circl_bug_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_circl_bug(url, cve), name) + def make_lwn_bug_ref(self, url, cve, name=None): if name is None: name = cve @@ -1659,16 +1686,26 @@ Debian bug number.'''), name = cve return A(self.url_metasploit_bug(url, cve), name) - def make_rhbug_ref(self, url, cve, name=None): + def make_redhat_bug_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_redhat_bug(url, cve), name) + + def make_redhat_cve_ref(self, url, cve, name=None): if name is None: name = cve - return A(self.url_rhbug(url, cve), name) + return A(self.url_redhat_cve(url, cve), name) def make_ubuntu_bug_ref(self, url, cve, name=None): if name is None: name = cve return A(self.url_ubuntu_bug(url, cve), name) + def make_ubuntu_cve_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_ubuntu_cve(url, cve), name) + def make_gentoo_bug_ref(self, url, cve, name=None): if name is None: name = cve @@ -1689,6 +1726,21 @@ Debian bug number.'''), name = cve return A(self.url_mageia_bug(url, cve), name) + def make_alpine_bug_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_alpine_bug(url, cve), name) + + def make_archlinux_bug_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_archlinux_bug(url, cve), name) + + def make_archlinux_cve_ref(self, url, cve, name=None): + if name is None: + name = cve + return A(self.url_archlinux_cve(url, cve), name) + def make_github_advisory_ref(self, url, cve, name=None): if name is None: name = cve -- cgit v1.2.3