Added an RPM to CVE parser for RHEL

2020-02-04 17:15:20 -06:00 · 2020-02-04 17:15:20 -06:00 · 40a745361e
commit 40a745361e
parent f5687cecbb
3 changed files with 205908 additions and 0 deletions
--- a/rpm_to_cve_parser/rhel_rpm_to_cve.rb
+++ b/rpm_to_cve_parser/rhel_rpm_to_cve.rb
@ -0,0 +1,43 @@
+require 'ox'
+
+class RhelRpmToCve
+  # filepath == /path/to/rpm-to-cve.xml
+  attr_accessor :filepath, :file, :xml
+  
+  def initialize(filepath)
+    @filepath = filepath
+    @file = File.read(filepath)
+    @xml = Ox.load(file, mode: :hash)
+  end
+
+  def list_pkg_names
+    xml[:rpms][:rpm].map do |key|
+      key.first[:rpm]
+    end.sort
+  end
+
+  def pkg_exists?(pkg_name)
+    list_pkg_names.include? pkg_name
+  end
+
+  def cves_per_pkg_name(pkg_name)
+    if pkg_exists? pkg_name
+      results = find_pkg(pkg_name).map do |r|
+        r[:cve]
+      end.compact
+
+      { 
+        :rhel_package_name => pkg_name,
+        :cves => results.map {|cve| cve}
+      }
+
+    end
+  end
+
+  def find_pkg(pkg_name)
+    xml[:rpms][:rpm].select do |results|
+      results if results.first[:rpm] == pkg_name
+    end.first
+  end
+
+end
--- a/rpm_to_cve_parser/rpm-to-cve.xml
+++ b/rpm_to_cve_parser/rpm-to-cve.xml
--- a/rpm_to_cve_parser/update_rpms_to_cve_xml.sh
+++ b/rpm_to_cve_parser/update_rpms_to_cve_xml.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+# refresh the latest rpm to cve xml mapping file from redhat security page
+
+wget https://www.redhat.com/security/data/metrics/rpm-to-cve.xml .