diff options
| author | Raphael Geissert <geissert@debian.org> | 2010-12-14 17:56:22 +0000 |
|---|---|---|
| committer | Raphael Geissert <geissert@debian.org> | 2010-12-14 17:56:22 +0000 |
| commit | e43acb6de830b15458bae45e8f4dc083bcbe0d35 (patch) | |
| tree | c72ccfccbf4e17e61115dd4eda1d1a0f9d0bfa6c /check-external/lookup.sh | |
| parent | 87bfe301f27e6240150ae55ccaa67671d3c57d66 (diff) | |
Add support for other CVE sources
Example: ./lookup -s UBUNTU
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15704 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'check-external/lookup.sh')
| -rwxr-xr-x | check-external/lookup.sh | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/check-external/lookup.sh b/check-external/lookup.sh index c33f4f5cd6..5cb738b00b 100755 --- a/check-external/lookup.sh +++ b/check-external/lookup.sh @@ -22,6 +22,7 @@ set -e regex= after= +source=cve while [ $# -ge 1 ]; do case $1 in @@ -33,15 +34,29 @@ while [ $# -ge 1 ]; do shift after="$1" ;; + --source|-s) + [ $# -gt 1 ] || { + echo "Missing argument for --source" >&2 + exit 1 + } + shift + source="$1" + ;; --help|-h) - echo "Usage: $(basename "$0") [--after|-a per-year-id] [regex]" - echo ; echo "Look for NFUs in our tracker but recognised by RH (for now)" + echo "Usage: $(basename "$0") [--source|-s vendor] [--after|-a per-year-id] [regex]" + echo ; echo "Look for NFUs in our tracker but recognised or fixed by a vendor" echo "(requires you to run ./update.sh every now and then)" + echo ; echo "Possible vendors:" + echo -e "\tcve (for checking against Red Hat's tracker)" + echo "fixed issues only:" + echo -e "\tUBUNTU\n\tFEDORA\n\tetc (uppercase vendor name; check ./update)" echo ; year="$(date +%Y)" echo "Example (check ids of $year):" echo -e "\t$(basename "$0") CVE-$year" echo "Example (check ids after CVE-$year-0100):" echo -e "\t$(basename "$0") --after 0100 CVE-$year" + echo "Example (check ids of $year fixed at Fedora):" + echo -e "\t$(basename "$0") --source FEDORA CVE-$year" echo ; echo "Note: this is a hackish and slow implementation." exit ;; @@ -52,7 +67,15 @@ while [ $# -ge 1 ]; do shift done -for cve in $(< cve.list); do +source+=.list +[ -f "$source" ] || { + echo "CVE source list $source doesn't exist" >&2 + exit 1 +} + +for cve in $(< $source); do + + [[ $cve ]] || continue if [[ $regex ]]; then [[ $cve =~ $regex ]] || continue @@ -66,5 +89,6 @@ for cve in $(< cve.list); do o=$(grep -m1 -A1 $cve ../data/CVE/list | grep NOT-FOR-US | grep -vi redhat | grep -vi 'red hat' | grep -vi pre-dating | grep -vi realplayer | grep -vi acroread | grep -vi acrobat | - grep -vi adobe | grep -vi 'real player') && echo "$cve: $o" || : + grep -viw opera | grep -vi adobe | + grep -vi 'real player') && echo "$cve: $o" || : done |