# RPM Pkg Audit
This command-line program cn be used to query data against Redhat's Security API.

## Usage:
```
Usage: rpm_pkg_audit.rb [options]
    -p, --pkg PKGNAME                Takes a base pkg name and returns cves from redhats security API.
    -l, --list                       List packages in the XML datafile.
    -x, --xmlpkg PKGNAME             The pkg name you want to audit from xml file rpm-to-cve.xml
    -r, --refresh                    Refresh rpm-to-cve.xml file with latest pkgs and cves
    -c, --cve CVE-2020-1234          Takes a cve id and returns cve json from redhats security API.
    -f, --cves-from-file cves.txt    Takes a file one cve id per line and sends a batch request to redhat security API
    -a, --advisory RHSA-2019:0997    Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155
```


#### --refresh
By default there needs to be a ./data directory in the project where running the script. It needs to have an XML file named rpm-to-cve.xml inside of the data dir. This file is sourced from [here](https://www.redhat.com/security/data/metrics/rpm-to-cve.xml). You can run the --refresh command to download a fresh copy of this file. 

#### --list
This will list out all of the packages that are present in the XML file rpm-to-cve.xml. You can pipe the output to grep to search for specific package names. 
```
./rpm_pkg_audit.rb --list | grep ^sudo-devel
sudo-devel-0:1.8.19p2-12.el7_4.1
sudo-devel-0:1.8.19p2-14.el7_5.1
sudo-devel-0:1.8.23-3.el7_6.1
sudo-devel-0:1.8.23-4.el7_7.1
sudo-devel-0:1.8.23-4.el7_7.2
sudo-devel-0:1.8.6p3-12.el6
sudo-devel-0:1.8.6p3-12.el6_5.2
sudo-devel-0:1.8.6p3-15.el6_6.2
sudo-devel-0:1.8.6p3-19.el6
sudo-devel-0:1.8.6p3-25.el6_8
sudo-devel-0:1.8.6p3-28.el6_9
sudo-devel-0:1.8.6p3-29.el6_10.2
sudo-devel-0:1.8.6p3-29.el6_10.3
sudo-devel-0:1.8.6p3-29.el6_9
sudo-devel-0:1.8.6p3-7.el6
sudo-devel-0:1.8.6p7-16.el7
sudo-devel-0:1.8.6p7-17.el7_2.2
sudo-devel-0:1.8.6p7-20.el7
sudo-devel-0:1.8.6p7-21.el7_3
sudo-devel-0:1.8.6p7-22.el7_3
sudo-devel-0:1.8.6p7-23.el7_3
sudo-devel-0:1.8.6p7-23.el7_3.2
```

#### --xmlpkg
This will parse the XML file rpm-to-cve.xml for the package name given.
If there are results, the output will be pretty printed to the screen.

#### --pkg
This will send an API query to Redhat's Security API.
`GET /cve.json?package=base_package_name`
The output will be pretty printed to the screen.

#### --cve 
This will send an API query to Redhat's Security API.
`GET /cve/CVE_ID.json`
The output will be pretty printed to the screen.

#### --cves-from-file
This command expects a file to be present with one single CVE id per line.
This will send X num of batch API query to Redhat's Security API depending how many are in the txt file. 500 CVE IDS per API query
`GET /cve/CVE_ID, CVE_ID, CVE_ID, CVE_ID, etc...` 
The output will be pretty printed to the screen.

#### --advisory
This will send an API query to Redhat's Security API.
`GET /cve.json?advisory=ADVISORY_ID`
The output will be pretty printed to the screen.

### helper shellscript
To filter out operating system and the package that needs to be upgraded to quickly there is a helper shellscript provided in this repo. 
It uses `jq` to quickly filter out the package needed to be upgraded from the redhat json api response data. Example usage:

```
./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 6'                                                                                                                        [4:28:57]
{
  "cve_id": "CVE-2016-3627",
  "product_name": "Red Hat Enterprise Linux 6",
  "package_name": "libxml2-0:2.7.6-21.el6_8.1"
}

./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 7' 
{
  "cve_id": "CVE-2016-3627",
  "product_name": "Red Hat Enterprise Linux 7",
  "package_name": "libxml2-0:2.9.1-6.el7_2.3"
}

```a