Author: pere
Date: 2011-01-29 21:44:49 +0000 (Sat, 29 Jan 2011)
New Revision: 16005
Modified:
bin/compare-nvd-cve
data/CPE/aliases
Log:
Map CPE aliases to the first in the alias list.
Modified: bin/compare-nvd-cve
==================================================================---
bin/compare-nvd-cve 2011-01-29 21:41:34 UTC (rev 16004)
+++ bin/compare-nvd-cve 2011-01-29 21:44:49 UTC (rev 16005)
@@ -13,10 +13,39 @@
$| = 1;
-open(my $fh, "<", "data/CPE/list") || die;
+my %cpealiases;
+open (my $fh, "<", "data/CPE/aliases") || die;
+my $lastcpe = "";
while (<$fh>) {
chomp;
+ unless ($_) {
+ $lastcpe = "";
+ next;
+ }
+ if ($lastcpe) {
+ $cpealiases{$_} = $lastcpe;
+ } else {
+ $cpealiases{$_} = $_;
+ $lastcpe = $_;
+ }
+}
+close ($fh);
+
+sub cpe_expand_alias {
+ my $cpe = shift;
+ my $retval = $cpe;
+ if (defined $cpe && exists $cpealiases{$cpe}) {
+ $retval = $cpealiases{$cpe};
+ }
+ return $retval;
+}
+
+open($fh, "<", "data/CPE/list") || die;
+while (<$fh>) {
+ chomp;
my ($binpkg, $cpe) = split(/;/);
+ $cpe = cpe_expand_alias($cpe);
+# $cpe = "unknown-$binpkg" unless $cpe;
if ($cpe) {
$cpemap{$binpkg} = $cpe;
$cperevmap{$cpe} = $binpkg;
@@ -60,7 +89,7 @@
my %info;
my @debiancpe = get_debian_cpe($cve);
for my $cpe (@debiancpe) {
- $info{$cpe} = 1;
+ $info{cpe_expand_alias($cpe)} = 1;
}
my @products;
@@ -72,10 +101,10 @@
}
}
for my $cpe (@products) {
- if (exists $info{cpe_product($cpe)}) {
- $info{cpe_product($cpe)} += 2;
+ if (exists $info{cpe_expand_alias(cpe_product($cpe))}) {
+ $info{cpe_expand_alias(cpe_product($cpe))} += 2;
} else {
- $info{cpe_product($cpe)} = 2;
+ $info{cpe_expand_alias(cpe_product($cpe))} = 2;
}
}
for my $cpe (sort keys %info) {
@@ -86,7 +115,6 @@
print STDERR "warning: $cve in Debian refer to $cpe, while
NVD do not (found $cpelist).\n"
} elsif (2 == $info{$cpe}) {
if (exists $cperevmap{$cpe}) {
- my $binpkg = $cperevmap{$cpe};
print STDERR "warning: $cve in NVD is not refering to
$cpe found in Debian.\n"
}
@@ -100,7 +128,7 @@
for my $missing (sort { $reportedmissing{$a} <=> $reportedmissing{$b} }
keys %reportedmissing) {
my $count = $reportedmissing{$missing};
- print STDERR "error: $cve: missing CPE ID for $missing
($count)\n";
+ print STDERR "error: missing CPE ID for $missing ($count)\n";
}
sub get_debian_cpe {
Modified: data/CPE/aliases
==================================================================---
data/CPE/aliases 2011-01-29 21:41:34 UTC (rev 16004)
+++ data/CPE/aliases 2011-01-29 21:44:49 UTC (rev 16005)
@@ -8,19 +8,19 @@
cpe:/a:asterisk:p_b_x
cpe:/a:digium:asterisk
+cpe:/a:clamav:clamav
cpe:/a:cclamav:clamav
cpe:/a:clam_anti-virus:clamav
-cpe:/a:clamav:clamav
cpe:/a:clamavs:clamav
+cpe:/a:linux:kernel
cpe:/a:kernel:linux_kernel
-cpe:/a:linux:kernel
cpe:/o:kernel:linux
cpe:/o:linux:kernel
cpe:/o:linux:linux_kernel
+cpe:/a:fetchmail:fetchmail
cpe:/a:eric_raymond:fetchmail
-cpe:/a:fetchmail:fetchmail
cpe:/a:x:x.org
cpe:/a:x:x11
@@ -31,8 +31,8 @@
cpe:/a:silc:silc_toolkit
cpe:/a:silcnet:silc_toolkit
+cpe:/a:interchange_development_group:interchange
cpe:/a:icdevgroup:interchange
-cpe:/a:interchange_development_group:interchange
cpe:/a:w3:amaya
cpe:/a:w3c:amaya_web_browser
@@ -43,15 +43,15 @@
cpe:/a:sixapart:movable_type
cpe:/a:sixapart:movabletype
+cpe:/a:cups:cups
cpe:/a:apple:cups
-cpe:/a:cups:cups
+cpe:/a:xpdf:xpdf
cpe:/a:foolabs:xpdf
-cpe:/a:xpdf:xpdf
+cpe:/a:xensource:xen
cpe:/a:citrix:xen
cpe:/a:xen:xen
-cpe:/a:xensource:xen
cpe:/a:xensource_inc:xen
cpe:/a:videolan:vlc
@@ -63,8 +63,8 @@
cpe:/a:arb_project:arb-common
cpe:/a:lehrstuhl_fur_mikrobiologie:arb
+cpe:/a:ghostscript:ghostscript
cpe:/a:artifex:gpl_ghostscript
-cpe:/a:ghostscript:ghostscript
cpe:/a:gimp:gimp
cpe:/a:gnu:gimp