From da2d9535b78a6b3344de3a698f4243511c249484 Mon Sep 17 00:00:00 2001 From: Raphael Geissert Date: Tue, 14 Dec 2010 03:55:03 +0000 Subject: Add some scripts to check our CVE list against Red Hat's Try with: cd check-external && ./update.sh && ./lookup.sh CVE-2010 git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15701 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- check-external/lookup.sh | 70 ++++++++++++++++++++++++++++++++++++++++++++++++ check-external/update.sh | 30 +++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100755 check-external/lookup.sh create mode 100755 check-external/update.sh (limited to 'check-external') diff --git a/check-external/lookup.sh b/check-external/lookup.sh new file mode 100755 index 0000000000..c33f4f5cd6 --- /dev/null +++ b/check-external/lookup.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +#################### +# Copyright (C) 2010 by Raphael Geissert +# +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . +#################### + +set -e + +regex= +after= + +while [ $# -ge 1 ]; do + case $1 in + --after|-a) + [ $# -gt 1 ] || { + echo "Missing argument for --after" >&2 + exit 1 + } + shift + after="$1" + ;; + --help|-h) + echo "Usage: $(basename "$0") [--after|-a per-year-id] [regex]" + echo ; echo "Look for NFUs in our tracker but recognised by RH (for now)" + echo "(requires you to run ./update.sh every now and then)" + echo ; year="$(date +%Y)" + echo "Example (check ids of $year):" + echo -e "\t$(basename "$0") CVE-$year" + echo "Example (check ids after CVE-$year-0100):" + echo -e "\t$(basename "$0") --after 0100 CVE-$year" + echo ; echo "Note: this is a hackish and slow implementation." + exit + ;; + *) + regex="$1" + ;; + esac + shift +done + +for cve in $(< cve.list); do + + if [[ $regex ]]; then + [[ $cve =~ $regex ]] || continue + fi + + if [[ $after ]]; then + [ "${cve#CVE-*-}" '>' "$after" ] || continue + fi + + # Permanent exclusions can be added below + o=$(grep -m1 -A1 $cve ../data/CVE/list | grep NOT-FOR-US | + grep -vi redhat | grep -vi 'red hat' | grep -vi pre-dating | + grep -vi realplayer | grep -vi acroread | grep -vi acrobat | + grep -vi adobe | grep -vi 'real player') && echo "$cve: $o" || : +done diff --git a/check-external/update.sh b/check-external/update.sh new file mode 100755 index 0000000000..cf75051fba --- /dev/null +++ b/check-external/update.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +#################### +# Copyright (C) 2010 by Raphael Geissert +# +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . +#################### + +# Note: The downloaded html files are Copyright by Red Hat, Inc. +# or as specified at the individual html files or elsewhere on redhat.com's website + +set -e + +for year in $(seq 1999 $(date +%Y)); do + wget -N https://www.redhat.com/security/data/cve/cve-$year.html +done + +sed -rn '/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4})<.+$/\1/;p}' cve-*.html > cve.list -- cgit v1.2.3