blob: 5cb738b00b923bee91b7b00843afbe046961b612 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/bin/bash
####################
# Copyright (C) 2010 by Raphael Geissert <geissert@debian.org>
#
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
####################
set -e
regex=
after=
source=cve
while [ $# -ge 1 ]; do
case $1 in
--after|-a)
[ $# -gt 1 ] || {
echo "Missing argument for --after" >&2
exit 1
}
shift
after="$1"
;;
--source|-s)
[ $# -gt 1 ] || {
echo "Missing argument for --source" >&2
exit 1
}
shift
source="$1"
;;
--help|-h)
echo "Usage: $(basename "$0") [--source|-s vendor] [--after|-a per-year-id] [regex]"
echo ; echo "Look for NFUs in our tracker but recognised or fixed by a vendor"
echo "(requires you to run ./update.sh every now and then)"
echo ; echo "Possible vendors:"
echo -e "\tcve (for checking against Red Hat's tracker)"
echo "fixed issues only:"
echo -e "\tUBUNTU\n\tFEDORA\n\tetc (uppercase vendor name; check ./update)"
echo ; year="$(date +%Y)"
echo "Example (check ids of $year):"
echo -e "\t$(basename "$0") CVE-$year"
echo "Example (check ids after CVE-$year-0100):"
echo -e "\t$(basename "$0") --after 0100 CVE-$year"
echo "Example (check ids of $year fixed at Fedora):"
echo -e "\t$(basename "$0") --source FEDORA CVE-$year"
echo ; echo "Note: this is a hackish and slow implementation."
exit
;;
*)
regex="$1"
;;
esac
shift
done
source+=.list
[ -f "$source" ] || {
echo "CVE source list $source doesn't exist" >&2
exit 1
}
for cve in $(< $source); do
[[ $cve ]] || continue
if [[ $regex ]]; then
[[ $cve =~ $regex ]] || continue
fi
if [[ $after ]]; then
[ "${cve#CVE-*-}" '>' "$after" ] || continue
fi
# Permanent exclusions can be added below
o=$(grep -m1 -A1 $cve ../data/CVE/list | grep NOT-FOR-US |
grep -vi redhat | grep -vi 'red hat' | grep -vi pre-dating |
grep -vi realplayer | grep -vi acroread | grep -vi acrobat |
grep -viw opera | grep -vi adobe |
grep -vi 'real player') && echo "$cve: $o" || :
done
|
