summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmilio Pozuelo Monfort <pochu@debian.org>2021-11-03 11:47:25 +0100
committerEmilio Pozuelo Monfort <pochu@debian.org>2021-11-03 12:55:14 +0100
commit888aa53139a53109a61ad0c5cfe4194267b17b97 (patch)
treee74558274191c39666d69ac4c449009763b1840f
parentcce5c0125759612419c47ed33b739055bf63bd40 (diff)
Add a script to remove dist tags (e.g. postponed) from CVE/list
This can be useful when releasing a DSA that fixes some CVEs that were previously triaged as no-dsa.
-rwxr-xr-xbin/remove-cve-dist-tags60
1 files changed, 60 insertions, 0 deletions
diff --git a/bin/remove-cve-dist-tags b/bin/remove-cve-dist-tags
new file mode 100755
index 0000000000..c428127092
--- /dev/null
+++ b/bin/remove-cve-dist-tags
@@ -0,0 +1,60 @@
+#!/usr/bin/python3
+#
+# Remove no-dsa tags from data/CVE/list
+#
+# Copyright © 2021 Emilio Pozuelo Monfort <pochu@debian.org>
+
+import os.path
+import sys
+
+import setup_paths # noqa
+import config
+from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
+
+
+def keep_annotation(cve, annotation):
+ if not isinstance(annotation, PackageAnnotation):
+ return True
+
+ if cve.header.name in cves and \
+ annotation.release == release and \
+ annotation.package == package:
+ print(f"removing annotation for {cve.header.name}/{package}/{release}")
+ return False
+
+ return True
+
+
+def parse_list(path):
+ data, messages = cvelist(path)
+
+ return data
+
+if len(sys.argv) <= 3:
+ # assume there are no CVEs, so nothing to do
+ sys.exit(0)
+
+release = sys.argv[1]
+package = sys.argv[2]
+cves = sys.argv[3:]
+
+main_list = os.path.dirname(__file__) + '/../data/CVE/list'
+# check if another file was specified in config, e.g. a ExtendedFile
+distconfig = config.get_config()[release]
+if 'maincvefile' in distconfig:
+ main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
+
+data = parse_list(main_list)
+new_data = []
+
+for cve in data:
+ annotations = list(
+ annotation
+ for annotation in cve.annotations
+ if keep_annotation(cve, annotation)
+ )
+ cve = cve._replace(annotations=annotations)
+ new_data.append(cve)
+
+with open(main_list, 'w') as f:
+ writecvelist(new_data, f)

© 2014-2024 Faster IT GmbH | imprint | privacy policy