From b8f6d73ff4e4588e328788410bc43c346adb9bff Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Mon, 03 Feb 2025 14:45:26 +0530
Subject: [PATCH] upgrade deps, fix schema
---
generate.py | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
uv.lock | 18 ++++++++++++++++--
2 files changed, 62 insertions(+), 32 deletions(-)
diff --git a/generate.py b/generate.py
index 45d2fa0..457cb61 100644
--- a/generate.py
+++ a/generate.py
@@ -18,10 +18,13 @@
ADVISORY_URL = "https://github.com/vmware/photon/wiki/Security-Update-{slug}"
PHOTON_VERSIONS = range(1, 6)
ADVISORIES_DIR = "photon-wiki"
-HEADERS = {
- "User-Agent": "Mozilla/5.0 Gecko/20100101 Firefox/126.0"
-}
+HEADERS = {"User-Agent": "Mozilla/5.0 Gecko/20100101 Firefox/126.0"}
+
+def format_as_rfc3339(timestamp):
+ return timestamp.strftime("%Y-%m-%dT%H:%M:%SZ")
+
+
def last_modified_date(file):
p = int(
subprocess.check_output(
@@ -98,19 +101,21 @@
}
fixed_version = cve_fixed_version(pkg, cves, os_version, advisory)
if fixed_version:
- r["ranges"] = {
- "events": [
- {"introduced": "0"},
- {"fixed": fixed_version},
- ],
- "type": "ECOSYSTEM",
- }
+ r["ranges"] = [
+ {
+ "events": [
+ {"introduced": "0"},
+ {"fixed": fixed_version},
+ ],
+ "type": "ECOSYSTEM",
+ }
+ ]
return r
yield {
"id": advisory,
- "modified": modified.isoformat("T", timespec='seconds') + "Z",
- "published": published.isoformat("T", timespec='seconds') + "Z",
+ "modified": format_as_rfc3339(modified),
+ "published": format_as_rfc3339(published),
"related": cves,
"affected": [affected(pkg, cves, os_version) for pkg in packages],
"references": [
@@ -122,8 +127,12 @@
def merge_advisories(advisory_file, data):
def dedup_dicts(items):
- dedupped = [ json.loads(i) for i in set(canonicaljson.encode_canonical_json(item) for item in items)]
+ dedupped = [
+ json.loads(i)
+ for i in set(canonicaljson.encode_canonical_json(item) for item in items)
+ ]
return dedupped
+
# read the current advisory data as json
with open(advisory_file, "r") as f:
original = json.load(f)
@@ -133,7 +142,7 @@
# Add any new data, but use a set, to avoid
# duplicate entries
- for key in ['affected', 'related', 'references']:
+ for key in ["affected", "related", "references"]:
if current[key]:
current[key].extend(data[key])
current[key] = dedup_dicts(current[key])
@@ -144,17 +153,25 @@
# and the later modified date
current["published"] = (
min(
- datetime.strptime(current["published"].replace('+00:00', ''), "%Y-%m-%dT%H:%M:%SZ"),
- datetime.strptime(data["published"].replace('+00:00', ''), "%Y-%m-%dT%H:%M:%SZ"),
- ).isoformat("T", timespec='seconds')
+ datetime.strptime(
+ current["published"].replace("+00:00", ""), "%Y-%m-%dT%H:%M:%SZ"
+ ),
+ datetime.strptime(
+ data["published"].replace("+00:00", ""), "%Y-%m-%dT%H:%M:%SZ"
+ ),
+ ).isoformat("T", timespec="seconds")
+ "Z"
)
current["modified"] = (
max(
- datetime.strptime(current["modified"].replace('+00:00', ''), "%Y-%m-%dT%H:%M:%SZ"),
- datetime.strptime(data["modified"].replace('+00:00', ''), "%Y-%m-%dT%H:%M:%SZ"),
- ).isoformat("T", timespec='seconds')
+ datetime.strptime(
+ current["modified"].replace("+00:00", ""), "%Y-%m-%dT%H:%M:%SZ"
+ ),
+ datetime.strptime(
+ data["modified"].replace("+00:00", ""), "%Y-%m-%dT%H:%M:%SZ"
+ ),
+ ).isoformat("T", timespec="seconds")
+ "Z"
)
@@ -172,10 +189,11 @@
# If there were important changes, but modified hasn't changed
# bump the timestamp so downstream can pick up changes
- if original['modified'] == current['modified']:
- current['modified'] = datetime.now().isoformat("T", timespec='seconds') + "Z"
+ if original["modified"] == current["modified"]:
+ current["modified"] = datetime.now().isoformat("T", timespec="seconds") + "Z"
return current
+
def fetch_cve_metadata(PHOTON_VERSIONS):
cve_metadata = {}
@@ -209,20 +227,22 @@
cve_metadata[cve].append(row)
else:
cve_metadata[cve] = [row]
- print(f"[+] CVE metadata for Photon OS {branch}.0: Added {len(cve_list)} CVEs")
-
+ print(
+ f"[+] CVE metadata for Photon OS {branch}.0: Added {len(cve_list)} CVEs"
+ )
+
return cve_metadata
-def __main__(advisory_id = None):
+def __main__(advisory_id=None):
cve_metadata = fetch_cve_metadata(PHOTON_VERSIONS)
advisories = set()
for d in get_osv(cve_metadata):
- advisories.add(d['id'])
+ advisories.add(d["id"])
# If we are only running for a single advisory
# Check and continue if it doesn't match
- if advisory_id and d['id'] != advisory_id:
+ if advisory_id and d["id"] != advisory_id:
continue
fn = f"advisories/{d['id']}.json"
if os.path.exists(fn):
@@ -240,7 +260,7 @@
if __name__ == "__main__":
- if len(sys.argv) >=2:
+ if len(sys.argv) >= 2:
__main__(sys.argv[1])
else:
__main__()
diff --git a/uv.lock b/uv.lock
index badb87b..c96c037 100644
--- a/uv.lock
+++ a/uv.lock
@@ -1,16 +1,17 @@
version = 1
-requires-python = ">=3.13"
+requires-python = ">=3.10"
[[package]]
name = "beautifulsoup4"
-version = "4.12.3"
+version = "4.13.0"
source = { registry = "https://pypi.org/simple" }
dependencies = [
{ name = "soupsieve" },
+ { name = "typing-extensions" },
]
-sdist = { url = "https://files.pythonhosted.org/packages/b3/ca/824b1195773ce6166d388573fc106ce56d4a805bd7427b624e063596ec58/beautifulsoup4-4.12.3.tar.gz", hash = "sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051", size = 581181 }
+sdist = { url = "https://files.pythonhosted.org/packages/4b/d3/6f4047d1de55b7a290ef8d4b4ebf59dcc24742920ebbed0909f823424205/beautifulsoup4-4.13.0.tar.gz", hash = "sha256:b6e5afb3a2b1472c8db751a92eabf7834e5c7099f990c5e4b35f1f16b60bae64", size = 558514 }
wheels = [
- { url = "https://files.pythonhosted.org/packages/b1/fe/e8c672695b37eecc5cbf43e1d0638d88d66ba3a44c4d321c796f4e59167f/beautifulsoup4-4.12.3-py3-none-any.whl", hash = "sha256:b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed", size = 147925 },
+ { url = "https://files.pythonhosted.org/packages/6e/74/d53cf0c527b20fc87351e6fd9d51aac9b5d1e32ec5a3a32b84671806ab40/beautifulsoup4-4.13.0-py3-none-any.whl", hash = "sha256:9c4c3dfa67aba55f6cd03769c441b21e6a369797fd6766e4b4c6b3399aae2735", size = 184993 },
]
[[package]]
@@ -82,4 +83,13 @@
sdist = { url = "https://files.pythonhosted.org/packages/d7/ce/fbaeed4f9fb8b2daa961f90591662df6a86c1abf25c548329a86920aedfb/soupsieve-2.6.tar.gz", hash = "sha256:e2e68417777af359ec65daac1057404a3c8a5455bb8abc36f1a9866ab1a51abb", size = 101569 }
wheels = [
{ url = "https://files.pythonhosted.org/packages/d1/c2/fe97d779f3ef3b15f05c94a2f1e3d21732574ed441687474db9d342a7315/soupsieve-2.6-py3-none-any.whl", hash = "sha256:e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9", size = 36186 },
+]
+
+[[package]]
+name = "typing-extensions"
+version = "4.12.2"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/df/db/f35a00659bc03fec321ba8bce9420de607a1d37f8342eee1863174c69557/typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8", size = 85321 }
+wheels = [
+ { url = "https://files.pythonhosted.org/packages/26/9f/ad63fc0248c5379346306f8668cda6e2e2e9c95e01216d2b8ffd9ff037d0/typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d", size = 37438 },
]
--
rgit 0.1.5