mirror of
https://github.com/captn3m0/photon-os-advisories.git
synced 2024-09-16 19:40:22 +00:00
Nemo
e9bbad80b0
This is a partial fix, as it solves it for 99% of the advisories. There are a few advisories, where the CVE is referenced multiple times across multiple advisories (in the same OS version) and thus looking up the CVE in the online JSON files gives you multiple fixed package versions. This only happens for a handful of cases so we don't mind yet!
94 lines
3.3 KiB
Python
94 lines
3.3 KiB
Python
import sys
|
|
import markdown
|
|
import json
|
|
import os
|
|
import re
|
|
from bs4 import BeautifulSoup
|
|
|
|
# This is a WIP unused script to
|
|
# write data back to the GSD database
|
|
advisories_dir = sys.argv[1]
|
|
gsd_dir = sys.argv[2]
|
|
|
|
CVE_REGEX = r"CVE-\d{4}-\d{4,7}"
|
|
FILE_FORMAT = "/Security-Updates-{version}.md"
|
|
ADVISORY_URL = "https://github.com/vmware/photon/wiki/Security-Update-{slug}"
|
|
PHOTON_VERSIONS = range(1, 5)
|
|
|
|
def advisory_slug(os_version, advisory):
|
|
_id = int(advisory.split("-")[2])
|
|
return f"{os_version}.0-{_id}"
|
|
|
|
def generate_cve_mapping():
|
|
mapping = {}
|
|
for version in PHOTON_VERSIONS:
|
|
filename = FILE_FORMAT.format(version=version)
|
|
file = advisories_dir + filename
|
|
with open(file, "r") as f:
|
|
table_html = markdown.markdown(
|
|
f.read(), extensions=["markdown.extensions.tables"]
|
|
)
|
|
soup = BeautifulSoup(table_html, "html.parser")
|
|
for tr in soup.find("tbody").find_all("tr"):
|
|
(advisory, severity, date, packages, cves) = [
|
|
x.text for x in tr.find_all("td")
|
|
]
|
|
cves = re.findall(CVE_REGEX, cves)
|
|
for cve in cves:
|
|
slug = advisory_slug(version, advisory)
|
|
if cve in mapping:
|
|
mapping[cve].append(slug)
|
|
else:
|
|
mapping[cve] = [slug]
|
|
|
|
return mapping
|
|
|
|
|
|
def __main__():
|
|
mapping = generate_cve_mapping()
|
|
for cve in mapping:
|
|
(_, year, _id) = cve.split("-")
|
|
grouping_id = _id[:-3] + "xxx"
|
|
gsd = f"GSD-{year}-{_id}"
|
|
path = f"{gsd_dir}/{year}/{grouping_id}/{gsd}.json"
|
|
if os.path.exists(path):
|
|
updated = False
|
|
data = None
|
|
with open(path, "r") as f:
|
|
data = json.loads(f.read())
|
|
slugs = mapping[cve]
|
|
urls = [ADVISORY_URL.format(slug=slug) for slug in slugs]
|
|
if 'gsd' in data:
|
|
existing_links = [x['url'] for x in data['gsd']['references']]
|
|
missing_links = existing_links - urls
|
|
if len(missing_links) > 0:
|
|
for url in urls:
|
|
data['gsd']['references'].append({
|
|
"type": "ADVISORY",
|
|
"url": url
|
|
})
|
|
elif 'GSD' in data and 'references' in data['GSD']:
|
|
data['GSD']['references'].extend(urls)
|
|
elif 'GSD' in data:
|
|
data['GSD']['references'] = urls
|
|
else:
|
|
try:
|
|
description = data['namespaces']['cve.org']['description']['description_data'][0]['value']
|
|
except KeyError:
|
|
description = data['namespaces']['nvd.nist.gov']['cve']['description']['description_data'][0]['value']
|
|
data['GSD'] = {
|
|
"alias": cve,
|
|
"description": description,
|
|
"id": gsd,
|
|
"references": urls
|
|
}
|
|
with open(path, 'w') as f:
|
|
f.write(json.dumps(data, indent=4))
|
|
|
|
else:
|
|
print(f"Could not find {cve}")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
__main__()
|