Author: lkundrak
Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10153
Modified Files: Tag: lkundrak-tools-ng get-cve Added Files: Tag: lkundrak-tools-ng add-cve-bug Log Message: Split code that deals with NVD XMLs to a package and add add-cve-bug tool that utilizes it.
***** Error reading new file: [Errno 2] No such file or directory: 'add-cve-bug'
Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/get-cve,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- get-cve 6 Nov 2007 15:36:57 -0000 1.1 +++ get-cve 7 Nov 2007 16:20:40 -0000 1.1.2.1 @@ -2,121 +2,15 @@
# Get CVE information from NVD # $Id$ +# Lubomir Kundrak lkundrak@redhat.com
use warnings; use strict;
-use XML::Parser; -use Data::Dumper; - -my $sourcebase = 'http://nvd.nist.gov/download/'; -my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; - -my $parser = new XML::Parser ( - 'Style' => 'Tree', -); - -sub get_element -{ - my $tree = shift; - - my $tag = shift @{$tree}; - my $content = shift @{$tree}; - my $arguments = shift @{$content}; - - if ($tag and $content and $arguments) { - return [$tag, $content, $arguments]; - } else { - return undef; - } -} - -# Gets <desc> element and returns description from 'cve' source -sub get_desc -{ - my $e = shift; - - while (my $e = get_element ($e->[1])) { - # <descript> - $e->[2]->{'source'} eq 'cve' or next; - return $e->[1]->[1]; - } -} - -# Gets <refs> element and returns array of all url=s of <ref>s -sub get_refs -{ - my $e = shift; - my @refs; - - while (my $e = get_element ($e->[1])) { - # <ref> - push @refs, $e->[2]->{'url'}; - } - - return @refs; -} - -# Get <entry> and return its description and references -sub do_entry -{ - my $e = shift; - my $desc; - my @refs; - - $e->[2]->{'type'} eq 'CVE' or die 'Non-CVE entry'; - - while (my $e = get_element ($e->[1])) { - $desc = get_desc ($e) if $e->[0] eq 'desc'; - @refs = get_refs ($e) if $e->[0] eq 'refs'; - - $desc and @refs and return ($desc, [@refs]); - } -} - -# Update file in cache if older than age and return its path -sub nvdcache -{ - my ($file, $age) = @_; - - # XXX: escaping - system ("mkdir -p '$cachebase'"); - system ("wget -cqO '$cachebase$file' '$sourcebase$file'") - and die ('Failed to update cache'); - return $cachebase.$file; -} - -# lala -sub cve -{ - my $cve = shift; - - $cve =~ /^CVE-(\d+)-\d+$/ or die "'$cve' does not look like a CVE id"; - my $year = $1; - - foreach ( - # File name => cache update threshold (minutes, XXX: not implemented) - # order is important - [ 'nvdcve-modified.xml' => 0 ], - [ 'nvdcve-recent.xml' => 0 ], - [ 'nvdcve-'.$year.'.xml' => 1440 ], - ) { - my $file = nvdcache (@{$_}); - my $tree = $parser->parsefile ($file); - my $e = get_element ($tree); - - while (my $e = get_element ($e->[1])) { - # matching <entry name="$cve"> - if ($e->[0] eq 'entry' and $e->[2]->{'name'} eq $cve) { - return do_entry ($e); - } - } - } - - return undef; -} +use Libexig::CVE;
@ARGV or die 'Usage: get-cve <cve> [...]'; + foreach my $cve (@ARGV) { - print Dumper ($cve, cve ($cve)); + print Dumper ($cve, Libexig::CVE::cve ($cve)); }
security-commits@lists.fedoraproject.org