Author: geissert
Date: 2010-12-14 03:55:03 +0000 (Tue, 14 Dec 2010)
New Revision: 15701
Added:
check-external/
check-external/lookup.sh
check-external/update.sh
Log:
Add some scripts to check our CVE list against Red Hat''s
Try with: cd check-external && ./update.sh && ./lookup.sh
CVE-2010
Added: check-external/lookup.sh
==================================================================---
check-external/lookup.sh (rev 0)
+++ check-external/lookup.sh 2010-12-14 03:55:03 UTC (rev 15701)
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+####################
+# Copyright (C) 2010 by Raphael Geissert <geissert at debian.org>
+#
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <http://www.gnu.org/licenses/>.
+####################
+
+set -e
+
+regex+after+
+while [ $# -ge 1 ]; do
+ case $1 in
+ --after|-a)
+ [ $# -gt 1 ] || {
+ echo "Missing argument for --after" >&2
+ exit 1
+ }
+ shift
+ after="$1"
+ ;;
+ --help|-h)
+ echo "Usage: $(basename "$0") [--after|-a per-year-id]
[regex]"
+ echo ; echo "Look for NFUs in our tracker but recognised by RH (for
now)"
+ echo "(requires you to run ./update.sh every now and then)"
+ echo ; year="$(date +%Y)"
+ echo "Example (check ids of $year):"
+ echo -e "\t$(basename "$0") CVE-$year"
+ echo "Example (check ids after CVE-$year-0100):"
+ echo -e "\t$(basename "$0") --after 0100 CVE-$year"
+ echo ; echo "Note: this is a hackish and slow implementation."
+ exit
+ ;;
+ *)
+ regex="$1"
+ ;;
+ esac
+ shift
+done
+
+for cve in $(< cve.list); do
+
+ if [[ $regex ]]; then
+ [[ $cve =~ $regex ]] || continue
+ fi
+
+ if [[ $after ]]; then
+ [ "${cve#CVE-*-}" ''>'' "$after" ] ||
continue
+ fi
+
+ # Permanent exclusions can be added below
+ o=$(grep -m1 -A1 $cve ../data/CVE/list | grep NOT-FOR-US |
+ grep -vi redhat | grep -vi ''red hat'' | grep -vi pre-dating |
+ grep -vi realplayer | grep -vi acroread | grep -vi acrobat |
+ grep -vi adobe | grep -vi ''real player'') && echo
"$cve: $o" || :
+done
Property changes on: check-external/lookup.sh
___________________________________________________________________
Added: svn:executable
+ *
Added: check-external/update.sh
==================================================================---
check-external/update.sh (rev 0)
+++ check-external/update.sh 2010-12-14 03:55:03 UTC (rev 15701)
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+####################
+# Copyright (C) 2010 by Raphael Geissert <geissert at debian.org>
+#
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file. If not, see <http://www.gnu.org/licenses/>.
+####################
+
+# Note: The downloaded html files are Copyright by Red Hat, Inc.
+# or as specified at the individual html files or elsewhere on
redhat.com''s website
+
+set -e
+
+for year in $(seq 1999 $(date +%Y)); do
+ wget -N https://www.redhat.com/security/data/cve/cve-$year.html
+done
+
+sed -rn
''/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4})<.+$/\1/;p}''
cve-*.html > cve.list
Property changes on: check-external/update.sh
___________________________________________________________________
Added: svn:executable
+ *