diff options
| author | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-12-21 14:37:45 +0100 |
|---|---|---|
| committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-12-21 14:41:03 +0100 |
| commit | 3b76477149af3003e4bbbdfa5f4d29b2f2c50a21 (patch) | |
| tree | 3f164cf9e21e1762f04394f3c071af48b3f57371 /bin | |
| parent | 6ff831755f0eddc933cde3c14afc55fdb4dfa042 (diff) | |
Add a script to merge two CVE files
It currently supports the necessary annotations to automatically merge
the point release lists.
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/merge-cve-files | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/bin/merge-cve-files b/bin/merge-cve-files new file mode 100755 index 0000000000..a36e4c7b6b --- /dev/null +++ b/bin/merge-cve-files @@ -0,0 +1,73 @@ +#!/usr/bin/python3 +# +# Merge a separate CVE file (such as data/next-point-update.txt) back into +# the main one. +# +# Copyright © 2020 Emilio Pozuelo Monfort <pochu@debian.org> + +import os.path +import sys + +import setup_paths # noqa +from debian_support import internRelease +from sectracker.parsers import cvelist, writecvelist, PackageAnnotation + +def merge_annotations(old_annotations, new_annotation): + if not isinstance(new_annotation, PackageAnnotation): + raise NotImplementedError(f"unsupported annotation of type {type(annotation)}") + + # filter out the current annotation, if any + annotations = [ann for ann in old_annotations + if not isinstance(ann, PackageAnnotation) + or ann.package != new_annotation.package + or ann.release != new_annotation.release] + + # append the new one at the right place + for idx, annotation in enumerate(annotations): + if not isinstance(annotation, PackageAnnotation) \ + or annotation.package != new_annotation.package: + continue + + next_annotation = annotations[idx + 1] if len(annotations) > (idx + 1) else None + if next_annotation and isinstance(next_annotation, PackageAnnotation) \ + and next_annotation.package == new_annotation.package \ + and internRelease(new_annotation.release) < internRelease(next_annotation.release): + continue + + annotations.insert(idx + 1, new_annotation) + return annotations + +def parse_list(path): + data, messages = cvelist(path) + + for m in messages: + sys.stderr.write(str(m) + "\n") + + return data + +if len(sys.argv) not in (2, 3): + print(f"Usage: {os.path.basename(sys.argv[0])} (CVE/list) extra-cve-list") + sys.exit(1) + +if len(sys.argv) == 3: + main_list = sys.argv[1] +else: + main_list = os.path.dirname(__file__) + '/../data/CVE/list' + +extra_list = sys.argv[-1] + +data = parse_list(main_list) +extra_data = parse_list(extra_list) + +for extra_bug in extra_data: + bug = next(bug for bug in data if bug.header.name == extra_bug.header.name) + + new_annotations = bug.annotations + for extra_annotation in extra_bug.annotations: + new_annotations = merge_annotations(new_annotations, extra_annotation) + + bug = bug._replace(annotations=new_annotations) + data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data] + +with open(main_list, 'w') as f: + writecvelist(data, f) |