-
Notifications
You must be signed in to change notification settings - Fork 32
/
publish_cve_advisories.py
60 lines (49 loc) · 1.81 KB
/
publish_cve_advisories.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env python3
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import sys
import subprocess
from foundation_security_advisories.common import (
CVEAdvisory,
)
from foundation_security_advisories.common_cve import *
def main():
owned_cve_ids, published_cve_id_dates = get_owned_cve_ids()
local_cve_advisories: dict[str, CVEAdvisory] = get_local_cve_advisories()
for cve_id in local_cve_advisories:
cve_advisory = local_cve_advisories[cve_id]
if cve_id.startswith("MFSA-RESERVE"):
print_cve_step(cve_id)
if not replace_cve_id(cve_advisory):
continue
try_set_bugzilla_alias(cve_id.split("-")[-1], cve_advisory.id)
cve_id = cve_advisory.id
owned_cve_ids.append(cve_id)
if cve_id not in owned_cve_ids:
# if cve_id.startswith("CVE"):
# print_cve_step(cve_id)
# print(f"Warning: Skipping {cve_id} because we do not own it")
continue
if cve_id not in published_cve_id_dates:
print_cve_step(cve_id)
publish_cve(cve_advisory.id, cve_advisory.to_json())
else:
try_update_published_cve(
local_cve=cve_advisory,
local_date=cve_advisory.newest_instance.file_last_modified,
remote_date=published_cve_id_dates[cve_id],
)
if os.getenv("CI"):
subprocess.run(
[
"git",
"commit",
"-m",
f"Assign CVE ids",
]
)
subprocess.run(["git", "push"])
if __name__ == "__main__":
sys.exit(main())