[Fedora-security-commits] fedora-security/tools add-cve-bug, NONE, 1.1.2.1 get-cve, 1.1, 1.1.2.1
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Wed Nov 7 16:20:42 UTC 2007
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10153
Modified Files:
Tag: lkundrak-tools-ng
get-cve
Added Files:
Tag: lkundrak-tools-ng
add-cve-bug
Log Message:
Split code that deals with NVD XMLs to a package and add
add-cve-bug tool that utilizes it.
***** Error reading new file: [Errno 2] No such file or directory: 'add-cve-bug'
Index: get-cve
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/get-cve,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- get-cve 6 Nov 2007 15:36:57 -0000 1.1
+++ get-cve 7 Nov 2007 16:20:40 -0000 1.1.2.1
@@ -2,121 +2,15 @@
# Get CVE information from NVD
# $Id$
+# Lubomir Kundrak <lkundrak at redhat.com>
use warnings;
use strict;
-use XML::Parser;
-use Data::Dumper;
-
-my $sourcebase = 'http://nvd.nist.gov/download/';
-my $cachebase = $ENV{'HOME'}.'/.nvdcache/';
-
-my $parser = new XML::Parser (
- 'Style' => 'Tree',
-);
-
-sub get_element
-{
- my $tree = shift;
-
- my $tag = shift @{$tree};
- my $content = shift @{$tree};
- my $arguments = shift @{$content};
-
- if ($tag and $content and $arguments) {
- return [$tag, $content, $arguments];
- } else {
- return undef;
- }
-}
-
-# Gets <desc> element and returns description from 'cve' source
-sub get_desc
-{
- my $e = shift;
-
- while (my $e = get_element ($e->[1])) {
- # <descript>
- $e->[2]->{'source'} eq 'cve' or next;
- return $e->[1]->[1];
- }
-}
-
-# Gets <refs> element and returns array of all url=s of <ref>s
-sub get_refs
-{
- my $e = shift;
- my @refs;
-
- while (my $e = get_element ($e->[1])) {
- # <ref>
- push @refs, $e->[2]->{'url'};
- }
-
- return @refs;
-}
-
-# Get <entry> and return its description and references
-sub do_entry
-{
- my $e = shift;
- my $desc;
- my @refs;
-
- $e->[2]->{'type'} eq 'CVE' or die 'Non-CVE entry';
-
- while (my $e = get_element ($e->[1])) {
- $desc = get_desc ($e) if $e->[0] eq 'desc';
- @refs = get_refs ($e) if $e->[0] eq 'refs';
-
- $desc and @refs and return ($desc, [@refs]);
- }
-}
-
-# Update file in cache if older than age and return its path
-sub nvdcache
-{
- my ($file, $age) = @_;
-
- # XXX: escaping
- system ("mkdir -p '$cachebase'");
- system ("wget -cqO '$cachebase$file' '$sourcebase$file'")
- and die ('Failed to update cache');
- return $cachebase.$file;
-}
-
-# lala
-sub cve
-{
- my $cve = shift;
-
- $cve =~ /^CVE-(\d+)-\d+$/ or die "'$cve' does not look like a CVE id";
- my $year = $1;
-
- foreach (
- # File name => cache update threshold (minutes, XXX: not implemented)
- # order is important
- [ 'nvdcve-modified.xml' => 0 ],
- [ 'nvdcve-recent.xml' => 0 ],
- [ 'nvdcve-'.$year.'.xml' => 1440 ],
- ) {
- my $file = nvdcache (@{$_});
- my $tree = $parser->parsefile ($file);
- my $e = get_element ($tree);
-
- while (my $e = get_element ($e->[1])) {
- # matching <entry name="$cve">
- if ($e->[0] eq 'entry' and $e->[2]->{'name'} eq $cve) {
- return do_entry ($e);
- }
- }
- }
-
- return undef;
-}
+use Libexig::CVE;
@ARGV or die 'Usage: get-cve <cve> [...]';
+
foreach my $cve (@ARGV) {
- print Dumper ($cve, cve ($cve));
+ print Dumper ($cve, Libexig::CVE::cve ($cve));
}
More information about the Fedora-security-commits
mailing list