update rpm pkg audit stuff

2020-10-31 01:57:58 -05:00 · 2020-10-31 01:57:58 -05:00 · a3a8fb0c1e
commit a3a8fb0c1e
parent 70403b23dd
3 changed files with 43 additions and 42 deletions
--- a/security_tools/redhat_tools/rhel_rpm_to_cve.rb
+++ b/security_tools/redhat_tools/rhel_rpm_to_cve.rb
@ -1,13 +1,12 @@
 # frozen_string_literal: true

-# this is meant to parse and query data in redhat linux rpm-to-cve.xml file
-# that is posted on their security API.
-# Reference: https://www.redhat.com/security/data/metrics/
-
 require 'ox'
 require 'json'
 require 'rest-client'

+# This is meant to parse and query data in redhat linux rpm-to-cve.xml file
+# That is posted on their security API.
+# Documentation Reference: https://www.redhat.com/security/data/metrics/
 class RhelRpmToCve
  # filepath == /path/to/rpm-to-cve.xml
  attr_accessor :filepath, :file, :xml
@ -49,8 +48,7 @@ class RhelRpmToCve
        cves: cves,
        cve_count: cves.count
      }
-    else
-      'Package not found.'
+    else 'Package not found.'
    end
  end

--- a/security_tools/redhat_tools/rhel_security_api_client.rb
+++ b/security_tools/redhat_tools/rhel_security_api_client.rb
@ -1,12 +1,11 @@
-# Documentation link:
-# https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/overview
-
 # frozen_string_literal: true

 require 'rest-client'
 require 'json'
 require 'active_support/core_ext/array/grouping.rb'

+# Documentation link:
+# https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/overview
 class RhelSecurityApiClient
  attr_accessor :base_url

@ -14,8 +13,7 @@ class RhelSecurityApiClient
    @base_url = 'https://access.redhat.com/hydra/rest/securitydata'
  end

-  # params is a hash that looks like
-  # {:params => {:key => value}}
+  # params = {:params => {:key => value}}
  def request(path, params)
    r = RestClient::Request.execute(
      method: :get,
@ -48,7 +46,7 @@ class RhelSecurityApiClient
    request("/cve/#{cve_id}.json", params)
  end

-  def cves(cve_ids)
+  def cve_ids(cve_ids)
    params = {}
    responses = []
    cve_ids.in_groups_of(500, false) do |cve_id_batch|
--- a/security_tools/redhat_tools/rpm_pkg_audit.rb
+++ b/security_tools/redhat_tools/rpm_pkg_audit.rb
@ -19,59 +19,64 @@ def read_cves_file(filepath)
  CSV.read(filepath).flatten
 end

-parser = OptionParser.new do |parser|
+def json_pp(json)
+  puts JSON.pretty_generate(json)
+end
+
+parserr = OptionParser.new do |parser|
  parser.banner = 'Usage: rpm_pkg_audit.rb [options]'
-  parser.on('-p', '--pkg PKGNAME', 'Takes a base pkg name and returns cves from redhats security API.') do |pkg|
+  parser.on('-p', '--pkg PKGNAME',
+            'Takes a base pkg name and returns cves from redhats security API.') do |pkg|
    options[:pkg] = pkg
  end
-  parser.on('-l', '--list', 'List packages in the XML datafile.') do |list|
+  parser.on('-l', '--list',
+            'List packages in the XML datafile.') do |list|
    options[:list] = list
  end
-  parser.on('-x', '--xmlpkg PKGNAME', 'The pkg name you want to audit from xml file rpm-to-cve.xml') do |xmlpkg|
+  parser.on('-x', '--xmlpkg PKGNAME',
+            'The pkg name you want to audit from xml file rpm-to-cve.xml') do |xmlpkg|
    options[:xmlpkg] = xmlpkg
  end
-  parser.on('-r', '--refresh', 'Refresh rpm-to-cve.xml file with latest pkgs and cves') do |_refresh|
+  parser.on('-r', '--refresh',
+            'Refresh rpm-to-cve.xml file with latest pkgs and cves') do |_refresh|
    options[:refresh] = true
  end
-  parser.on('-c', '--cve CVE_ID', 'Takes a cve id and returns cve json from redhats security API.') do |cve|
+  parser.on('-c', '--cve CVE_ID',
+            'Takes a cve id and returns cve json from redhats security API.') do |cve|
    options[:cve] = cve
  end
-  parser.on('-f', '--cves-from-file CVE_FILE', 'Takes a file one cve id per line and sends a batch request to redhat security API') do |file|
+  parser.on('-f', '--cves-from-file CVE_FILE',
+            'Takes a file one cve id per line and sends a batch request to redhat security API') do |file|
    options[:file] = file
  end
 end

-parser.parse!
-
-if options[:pkg]
-  pkg_name = options[:pkg]
-elsif options[:xmlpkg]
-  xmlpkg_name = options[:xmlpkg]
-end
+parserr.parse!

 rpm_auditer = RhelRpmToCve.new(filepath: data_file)
 rhel_api_client = RhelSecurityApiClient.new

-# this is getting long and nasty probably change this to a case statment
-if xmlpkg_name
-  json = rpm_auditer.cves_per_pkg_name(xmlpkg_name).to_json
-  puts JSON.pretty_generate(JSON.parse(json))
-elsif pkg_name
-  params = { params: { package: pkg_name } }
-  json_response = rhel_api_client.request('/cve.json', params)
-  cve_pkgs_and_adv = rhel_api_client.cve_pkg_adv(json_response)
-  puts JSON.pretty_generate(cve_pkgs_and_adv)
+if options[:xmlpkg_name]
+  pkg = option[:xmlpkg_name]
+  json = rpm_auditer.cves_per_pkg_name(pkg).to_json
+  json_pp(JSON.parse(json))
+elsif options[:pkg]
+  pkg = options[:pkg]
+  params = { params: { package: pkg } }
+  json = rhel_api_client.request('/cve.json', params)
+  cve_pkgs_and_adv = rhel_api_client.cve_pkg_adv(json)
+  json_pp(cve_pkgs_and_adv)
 elsif options[:refresh]
  rpm_auditer.refresh_rpm_to_cve_file('./data/rpm-to-cve.xml')
 elsif options[:cve]
-  cve = options[:cve]
-  r = rhel_api_client.cve_id(cve)
-  puts JSON.pretty_generate(r)
+  id = options[:cve]
+  json = rhel_api_client.cve_id(id)
+  json_pp(json)
 elsif options[:file]
  filepath = options[:file]
  cve_ids = read_cves_file(filepath)
-  r = rhel_api_client.cves(cve_ids)
-  puts JSON.pretty_generate(r)
-else options.key?(:list)
-     puts rpm_auditer.list_pkg_names.sort
+  json = rhel_api_client.cve_ids(cve_ids)
+  json_pp(json)
+elsif options[:list]
+  puts rpm_auditer.list_pkg_names.sort
 end