2020-10-29 00:14:31 -05:00
|
|
|
#!/usr/bin/env ruby
|
|
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
require 'optparse'
|
|
|
|
|
require 'json'
|
2020-10-30 19:44:29 -05:00
|
|
|
require 'csv'
|
2020-10-29 00:14:31 -05:00
|
|
|
require './rhel_rpm_to_cve'
|
|
|
|
|
require './rhel_security_api_client'
|
2020-10-30 16:56:07 -05:00
|
|
|
require 'pry'
|
2020-10-29 00:14:31 -05:00
|
|
|
|
|
|
|
|
ARGV << '-h' if ARGV.empty?
|
|
|
|
|
|
2020-10-30 17:12:13 -05:00
|
|
|
data_file = './data/rpm-to-cve.xml'
|
2020-10-29 00:14:31 -05:00
|
|
|
|
|
|
|
|
options = {}
|
|
|
|
|
|
2020-10-30 19:44:29 -05:00
|
|
|
# for use with --cves-from-file arg
|
|
|
|
|
def read_cves_file(filepath)
|
|
|
|
|
CSV.read(filepath).flatten
|
|
|
|
|
end
|
|
|
|
|
|
2020-10-31 01:57:58 -05:00
|
|
|
def json_pp(json)
|
|
|
|
|
puts JSON.pretty_generate(json)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
parserr = OptionParser.new do |parser|
|
2020-10-29 00:14:31 -05:00
|
|
|
parser.banner = 'Usage: rpm_pkg_audit.rb [options]'
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-p', '--pkg PKGNAME',
|
|
|
|
|
'Takes a base pkg name and returns cves from redhats security API.') do |pkg|
|
2020-10-29 00:14:31 -05:00
|
|
|
options[:pkg] = pkg
|
|
|
|
|
end
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-l', '--list',
|
|
|
|
|
'List packages in the XML datafile.') do |list|
|
2020-10-29 00:14:31 -05:00
|
|
|
options[:list] = list
|
|
|
|
|
end
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-x', '--xmlpkg PKGNAME',
|
|
|
|
|
'The pkg name you want to audit from xml file rpm-to-cve.xml') do |xmlpkg|
|
2020-10-29 00:14:31 -05:00
|
|
|
options[:xmlpkg] = xmlpkg
|
|
|
|
|
end
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-r', '--refresh',
|
|
|
|
|
'Refresh rpm-to-cve.xml file with latest pkgs and cves') do |_refresh|
|
2020-10-29 00:14:31 -05:00
|
|
|
options[:refresh] = true
|
|
|
|
|
end
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-c', '--cve CVE_ID',
|
|
|
|
|
'Takes a cve id and returns cve json from redhats security API.') do |cve|
|
2020-10-30 16:56:07 -05:00
|
|
|
options[:cve] = cve
|
|
|
|
|
end
|
2020-10-31 01:57:58 -05:00
|
|
|
parser.on('-f', '--cves-from-file CVE_FILE',
|
|
|
|
|
'Takes a file one cve id per line and sends a batch request to redhat security API') do |file|
|
2020-10-30 19:44:29 -05:00
|
|
|
options[:file] = file
|
|
|
|
|
end
|
2020-10-29 00:14:31 -05:00
|
|
|
end
|
|
|
|
|
|
2020-10-31 01:57:58 -05:00
|
|
|
parserr.parse!
|
2020-10-29 00:14:31 -05:00
|
|
|
|
|
|
|
|
rpm_auditer = RhelRpmToCve.new(filepath: data_file)
|
|
|
|
|
rhel_api_client = RhelSecurityApiClient.new
|
|
|
|
|
|
2020-10-31 01:57:58 -05:00
|
|
|
if options[:xmlpkg_name]
|
|
|
|
|
pkg = option[:xmlpkg_name]
|
|
|
|
|
json = rpm_auditer.cves_per_pkg_name(pkg).to_json
|
|
|
|
|
json_pp(JSON.parse(json))
|
|
|
|
|
elsif options[:pkg]
|
|
|
|
|
pkg = options[:pkg]
|
|
|
|
|
params = { params: { package: pkg } }
|
|
|
|
|
json = rhel_api_client.request('/cve.json', params)
|
|
|
|
|
cve_pkgs_and_adv = rhel_api_client.cve_pkg_adv(json)
|
|
|
|
|
json_pp(cve_pkgs_and_adv)
|
2020-10-29 00:14:31 -05:00
|
|
|
elsif options[:refresh]
|
2020-10-30 17:12:13 -05:00
|
|
|
rpm_auditer.refresh_rpm_to_cve_file('./data/rpm-to-cve.xml')
|
2020-10-30 16:56:07 -05:00
|
|
|
elsif options[:cve]
|
2020-10-31 01:57:58 -05:00
|
|
|
id = options[:cve]
|
|
|
|
|
json = rhel_api_client.cve_id(id)
|
|
|
|
|
json_pp(json)
|
2020-10-30 19:44:29 -05:00
|
|
|
elsif options[:file]
|
|
|
|
|
filepath = options[:file]
|
|
|
|
|
cve_ids = read_cves_file(filepath)
|
2020-10-31 01:57:58 -05:00
|
|
|
json = rhel_api_client.cve_ids(cve_ids)
|
|
|
|
|
json_pp(json)
|
|
|
|
|
elsif options[:list]
|
|
|
|
|
puts rpm_auditer.list_pkg_names.sort
|
2020-10-29 00:14:31 -05:00
|
|
|
end
|
