blob: 6e8d7214eb065885c5613f72587982d0b20b3497 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/python3
#
# Remove no-dsa tags from data/CVE/list
#
# Copyright © 2021 Emilio Pozuelo Monfort <pochu@debian.org>
import os.path
import sys
import setup_paths # noqa
import config
from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
def keep_annotation(cve, annotation):
if not isinstance(annotation, PackageAnnotation):
return True
if cve.header.name in cves and \
annotation.release in releases and \
annotation.package == package:
print(f"removing annotation for {cve.header.name}/{package}/{annotation.release}")
return False
return True
def parse_list(path):
data, messages = cvelist(path)
return data
if len(sys.argv) <= 3:
# assume there are no CVEs, so nothing to do
sys.exit(0)
releases = sys.argv[1].split(",")
package = sys.argv[2]
cves = sys.argv[3:]
main_list = os.path.dirname(__file__) + '/../data/CVE/list'
# check if another file was specified in config, e.g. a ExtendedFile
for release in releases:
distconfig = config.get_config()[release]
if 'maincvefile' in distconfig:
main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
data = parse_list(main_list)
new_data = []
for cve in data:
annotations = list(
annotation
for annotation in cve.annotations
if keep_annotation(cve, annotation)
)
cve = cve._replace(annotations=annotations)
new_data.append(cve)
with open(main_list, 'w') as f:
writecvelist(new_data, f)
|
