From b117d83ca38d664c4470a0b7e27926ac17bc2834 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 21 Dec 2020 14:37:45 +0100
Subject: Add a script to merge two CVE files

It currently supports the necessary annotations to automatically merge
the point release lists.
---
 bin/merge-cve-files | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100755 bin/merge-cve-files

(limited to 'bin')

diff --git a/bin/merge-cve-files b/bin/merge-cve-files
new file mode 100755
index 0000000000..a36e4c7b6b
--- /dev/null
+++ b/bin/merge-cve-files
@@ -0,0 +1,73 @@
+#!/usr/bin/python3
+#
+# Merge a separate CVE file (such as data/next-point-update.txt) back into
+# the main one.
+#
+# Copyright © 2020 Emilio Pozuelo Monfort <pochu@debian.org>
+
+import os.path
+import sys
+
+import setup_paths  # noqa
+from debian_support import internRelease
+from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
+
+def merge_annotations(old_annotations, new_annotation):
+    if not isinstance(new_annotation, PackageAnnotation):
+        raise NotImplementedError(f"unsupported annotation of type {type(annotation)}")
+
+    # filter out the current annotation, if any
+    annotations = [ann for ann in old_annotations
+                   if not isinstance(ann, PackageAnnotation)
+                   or ann.package != new_annotation.package
+                   or ann.release != new_annotation.release]
+
+    # append the new one at the right place
+    for idx, annotation in enumerate(annotations):
+        if not isinstance(annotation, PackageAnnotation) \
+          or annotation.package != new_annotation.package:
+            continue
+
+        next_annotation = annotations[idx + 1] if len(annotations) > (idx + 1) else None
+        if next_annotation and isinstance(next_annotation, PackageAnnotation) \
+          and next_annotation.package == new_annotation.package \
+          and internRelease(new_annotation.release) < internRelease(next_annotation.release):
+            continue
+
+        annotations.insert(idx + 1, new_annotation)
+        return annotations
+
+def parse_list(path):
+    data, messages = cvelist(path)
+
+    for m in messages:
+        sys.stderr.write(str(m) + "\n")
+
+    return data
+
+if len(sys.argv) not in (2, 3):
+    print(f"Usage: {os.path.basename(sys.argv[0])} (CVE/list) extra-cve-list")
+    sys.exit(1)
+
+if len(sys.argv) == 3:
+    main_list = sys.argv[1]
+else:
+    main_list = os.path.dirname(__file__) + '/../data/CVE/list'
+
+extra_list = sys.argv[-1]
+
+data = parse_list(main_list)
+extra_data = parse_list(extra_list)
+
+for extra_bug in extra_data:
+    bug = next(bug for bug in data if bug.header.name == extra_bug.header.name)
+
+    new_annotations = bug.annotations
+    for extra_annotation in extra_bug.annotations:
+        new_annotations = merge_annotations(new_annotations, extra_annotation)
+
+    bug = bug._replace(annotations=new_annotations)
+    data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data]
+
+with open(main_list, 'w') as f:
+    writecvelist(data, f)
-- 
cgit v1.2.3