updated xml with latest, made --pkg cmdline output json now

rpm_to_cve_parser/rhel_rpm_to_cve.rb

@@ -7,13 +7,11 @@ class RhelRpmToCve
   def initialize(filepath)
     @filepath = filepath
     @file = File.read(filepath)
-    @xml = Ox.load(file, mode: :hash)
+    @xml = Ox.parse(file)
   end
 
   def list_pkg_names
-    xml[:rpms][:rpm].map do |key|
-      key.first[:rpm]
-    end
+    xml.rpms.locate("?/@rpm")
   end
 
   def pkg_exists?(pkg_name)
@@ -22,8 +20,8 @@ class RhelRpmToCve
 
   def cves_per_pkg_name(pkg_name)
     if pkg_exists? pkg_name
-      results = find_pkg(pkg_name).map do |r|
-        r[:cve]
+      results = find_pkg(pkg_name).locate('*/cve').map do |r|
+        r.text
       end.compact
 
       { 
@@ -36,9 +34,14 @@ class RhelRpmToCve
   end
 
   def find_pkg(pkg_name)
-    xml[:rpms][:rpm].select do |results|
-      results if results.first[:rpm] == pkg_name
-    end.first
+    xml.rpms.locate("rpm[@rpm=#{pkg_name}]").first
   end
 
+  def convert_to_json
+    pkgs = list_pkg_names
+    pkgs_and_cves = pkgs.map do |pkg_name|
+      cves_per_pkg_name(pkg_name)
+    end
+    pkgs_and_cves.to_json
+  end
 end

rpm_to_cve_parser/rpm-to-cve.xml

@@ -1291032,4 +1291032,301 @@
     <cve>CVE-2020-15683</cve>
     <cve>CVE-2020-15969</cve>
   </rpm>
+  <rpm rpm="firefox-0:78.4.0-2.el6_10">
+    <erratum released="2020-10-26">RHSA-2020:4330</erratum>
+    <arch>i686</arch>
+    <arch>ppc64</arch>
+    <arch>s390x</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-15683</cve>
+    <cve>CVE-2020-15969</cve>
+  </rpm>
+  <rpm rpm="firefox-debuginfo-0:78.4.0-2.el6_10">
+    <erratum released="2020-10-26">RHSA-2020:4330</erratum>
+    <arch>ppc64</arch>
+    <arch>s390x</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-15683</cve>
+    <cve>CVE-2020-15969</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193-0:1-7.el8">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193-debuginfo-0:1-7.el8">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193-debugsource-0:1-7.el8">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_13_2-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_13_2-debuginfo-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_13_2-debugsource-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_14_3-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_14_3-debuginfo-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_14_3-debugsource-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_19_1-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_19_1-debuginfo-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_19_1-debugsource-0:1-2.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_1_2-0:1-5.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_1_2-debuginfo-0:1-5.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_1_2-debugsource-0:1-5.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_6_3-0:1-4.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_6_3-debuginfo-0:1-4.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-193_6_3-debugsource-0:1-4.el8_2">
+    <erratum released="2020-10-26">RHSA-2020:4331</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147-0:1-18.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147-debuginfo-0:1-18.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147-debugsource-0:1-18.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_0_2-0:1-14.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_0_2-debuginfo-0:1-14.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_0_2-debugsource-0:1-14.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_0_3-0:1-14.el8">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_13_2-0:1-5.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_13_2-debuginfo-0:1-5.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_13_2-debugsource-0:1-5.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_20_1-0:1-4.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_20_1-debuginfo-0:1-4.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_20_1-debugsource-0:1-4.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_24_2-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_24_2-debuginfo-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_24_2-debugsource-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_27_1-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_27_1-debuginfo-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_27_1-debugsource-0:1-2.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_3_1-0:1-14.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_5_1-0:1-9.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
+  <rpm rpm="kpatch-patch-4_18_0-147_8_1-0:1-7.el8_1">
+    <erratum released="2020-10-26">RHSA-2020:4332</erratum>
+    <arch>ppc64le</arch>
+    <arch>x86_64</arch>
+    <cve>CVE-2020-14385</cve>
+    <cve>CVE-2020-14386</cve>
+  </rpm>
 </rpms>

rpm_to_cve_parser/rpm_pkg_audit.rb

@@ -2,8 +2,7 @@
 # frozen_string_literal: true
 
 require 'optparse'
-require 'pry'
-require 'pp'
+require 'json'
 require './rhel_rpm_to_cve'
 
 data_file = './rpm-to-cve.xml'
@@ -26,7 +25,8 @@ pkg_name = options[:pkg]
 rpm_auditer = RhelRpmToCve.new(data_file)
 
 if pkg_name
-  pp rpm_auditer.cves_per_pkg_name(pkg_name) 
+  json = rpm_auditer.cves_per_pkg_name(pkg_name).to_json
+  puts JSON.pretty_generate(JSON.parse(json))
 else options.key?(:list)
   puts rpm_auditer.list_pkg_names.sort
 end