| .. | ||
| data | ||
| redhat_oval_definition_parser | ||
| README.md | ||
| rhel_rpm_to_cve.rb | ||
| rhel_security_api_client.rb | ||
| rpm_pkg_audit.rb | ||
| sax_parser.rb | ||
RPM Pkg Audit
This command-line program cn be used to query data against Redhat's Security API.
Usage:
Usage: rpm_pkg_audit.rb [options]
-p, --pkg PKGNAME Takes a base pkg name and returns cves from redhats security API.
-l, --list List packages in the XML datafile.
-x, --xmlpkg PKGNAME The pkg name you want to audit from xml file rpm-to-cve.xml
-r, --refresh Refresh rpm-to-cve.xml file with latest pkgs and cves
-c, --cve CVE-2020-1234 Takes a cve id and returns cve json from redhats security API.
-f, --cves-from-file cves.txt Takes a file one cve id per line and sends a batch request to redhat security API
-a, --advisory RHSA-2019:0997 Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155
--refresh
By default there needs to be a ./data directory in the project where running the script. It needs to have an XML file named rpm-to-cve.xml inside of the data dir. This file is sourced from here. You can run the --refresh command to download a fresh copy of this file.
--list
This will list out all of the packages that are present in the XML file rpm-to-cve.xml. You can pipe the output to grep to search for specific package names.
./rpm_pkg_audit.rb --list | grep ^sudo-devel
sudo-devel-0:1.8.19p2-12.el7_4.1
sudo-devel-0:1.8.19p2-14.el7_5.1
sudo-devel-0:1.8.23-3.el7_6.1
sudo-devel-0:1.8.23-4.el7_7.1
sudo-devel-0:1.8.23-4.el7_7.2
sudo-devel-0:1.8.6p3-12.el6
sudo-devel-0:1.8.6p3-12.el6_5.2
sudo-devel-0:1.8.6p3-15.el6_6.2
sudo-devel-0:1.8.6p3-19.el6
sudo-devel-0:1.8.6p3-25.el6_8
sudo-devel-0:1.8.6p3-28.el6_9
sudo-devel-0:1.8.6p3-29.el6_10.2
sudo-devel-0:1.8.6p3-29.el6_10.3
sudo-devel-0:1.8.6p3-29.el6_9
sudo-devel-0:1.8.6p3-7.el6
sudo-devel-0:1.8.6p7-16.el7
sudo-devel-0:1.8.6p7-17.el7_2.2
sudo-devel-0:1.8.6p7-20.el7
sudo-devel-0:1.8.6p7-21.el7_3
sudo-devel-0:1.8.6p7-22.el7_3
sudo-devel-0:1.8.6p7-23.el7_3
sudo-devel-0:1.8.6p7-23.el7_3.2
--xmlpkg
This will parse the XML file rpm-to-cve.xml for the package name given. If there are results, the output will be pretty printed to the screen.
--pkg
This will send an API query to Redhat's Security API.
GET /cve.json?package=base_package_name
The output will be pretty printed to the screen.
--cve
This will send an API query to Redhat's Security API.
GET /cve/CVE_ID.json
The output will be pretty printed to the screen.
--cves-from-file
This command expects a file to be present with one single CVE id per line.
This will send X num of batch API query to Redhat's Security API depending how many are in the txt file. 500 CVE IDS per API query
GET /cve/CVE_ID, CVE_ID, CVE_ID, CVE_ID, etc...
The output will be pretty printed to the screen.
--advisory
This will send an API query to Redhat's Security API.
GET /cve.json?advisory=ADVISORY_ID
The output will be pretty printed to the screen.
helper shellscript
To filter out operating system and the package that needs to be upgraded to quickly there is a helper shellscript provided in this repo.
It uses jq to quickly filter out the package needed to be upgraded from the redhat json api response data. Example usage:
./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 6' [4:28:57]
{
"cve_id": "CVE-2016-3627",
"product_name": "Red Hat Enterprise Linux 6",
"package_name": "libxml2-0:2.7.6-21.el6_8.1"
}
./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 7'
{
"cve_id": "CVE-2016-3627",
"product_name": "Red Hat Enterprise Linux 7",
"package_name": "libxml2-0:2.9.1-6.el7_2.3"
}
```a