diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2021-11-03 11:47:25 +0100 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2021-11-03 12:55:14 +0100 |
commit | 75bf42abbd77892161630669bf03ba20552d0ae2 (patch) | |
tree | 101e710e32d070097396197c04b9ffa0ad541301 | |
parent | 3c6762fbe7869b82b86d539c653df9d67d6f5447 (diff) |
Add a script to remove dist tags (e.g. postponed) from CVE/list
This can be useful when releasing a DSA that fixes some CVEs that
were previously triaged as no-dsa.
-rwxr-xr-x | bin/remove-cve-dist-tags | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/bin/remove-cve-dist-tags b/bin/remove-cve-dist-tags new file mode 100755 index 0000000000..c428127092 --- /dev/null +++ b/bin/remove-cve-dist-tags @@ -0,0 +1,60 @@ +#!/usr/bin/python3 +# +# Remove no-dsa tags from data/CVE/list +# +# Copyright © 2021 Emilio Pozuelo Monfort <pochu@debian.org> + +import os.path +import sys + +import setup_paths # noqa +import config +from sectracker.parsers import cvelist, writecvelist, PackageAnnotation + + +def keep_annotation(cve, annotation): + if not isinstance(annotation, PackageAnnotation): + return True + + if cve.header.name in cves and \ + annotation.release == release and \ + annotation.package == package: + print(f"removing annotation for {cve.header.name}/{package}/{release}") + return False + + return True + + +def parse_list(path): + data, messages = cvelist(path) + + return data + +if len(sys.argv) <= 3: + # assume there are no CVEs, so nothing to do + sys.exit(0) + +release = sys.argv[1] +package = sys.argv[2] +cves = sys.argv[3:] + +main_list = os.path.dirname(__file__) + '/../data/CVE/list' +# check if another file was specified in config, e.g. a ExtendedFile +distconfig = config.get_config()[release] +if 'maincvefile' in distconfig: + main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile'] + +data = parse_list(main_list) +new_data = [] + +for cve in data: + annotations = list( + annotation + for annotation in cve.annotations + if keep_annotation(cve, annotation) + ) + cve = cve._replace(annotations=annotations) + new_data.append(cve) + +with open(main_list, 'w') as f: + writecvelist(new_data, f) |