misc_rbtools/security_tools/redhat_tools/rpm_pkg_audit.rb

#!/usr/bin/env ruby
# frozen_string_literal: true

require 'optparse'
require 'json'
require 'csv'
require './rhel_rpm_to_cve'
require './rhel_security_api_client'
require 'pry'

ARGV << '-h' if ARGV.empty?

data_file = './data/rpm-to-cve.xml'

options = {}

# for use with --cves-from-file arg
def read_cves_file(filepath)
  CSV.read(filepath).flatten
end

def json_pp(json)
  puts JSON.pretty_generate(json)
end

parserr = OptionParser.new do |parser|
  parser.banner = 'Usage: rpm_pkg_audit.rb [options]'
  parser.on('-p', '--pkg PKGNAME',
            'Takes a base pkg name and returns cves from redhats security API.') do |pkg|
    options[:pkg] = pkg
  end
  parser.on('-l', '--list',
            'List packages in the XML datafile.') do |list|
    options[:list] = list
  end
  parser.on('-x', '--xmlpkg PKGNAME',
            'The pkg name you want to audit from xml file rpm-to-cve.xml') do |xmlpkg|
    options[:xmlpkg] = xmlpkg
  end
  parser.on('-r', '--refresh',
            'Refresh rpm-to-cve.xml file with latest pkgs and cves') do |_refresh|
    options[:refresh] = true
  end
  parser.on('-c', '--cve CVE-2020-1234',
            'Takes a cve id and returns cve json from redhats security API.') do |cve|
    options[:cve] = cve
  end
  parser.on('-f', '--cves-from-file cves.txt',
            'Takes a file one cve id per line and sends a batch request to redhat security API') do |file|
    options[:file] = file
  end
  parser.on('-a', '--advisory RHSA-2019:0997',
            'Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155') do |advisory|
    options[:advisory] = advisory
  end
end

parserr.parse!

rpm_auditer = RhelRpmToCve.new(filepath: data_file)
rhel_api_client = RhelSecurityApiClient.new

if options[:xmlpkg_name]
  pkg = option[:xmlpkg_name]
  json = rpm_auditer.cves_per_pkg_name(pkg).to_json
  json_pp(JSON.parse(json))
elsif options[:pkg]
  pkg = options[:pkg]
  params = { params: { package: pkg } }
  response = rhel_api_client.request('/cve.json', params)

  json = rhel_api_client.cve_pkg_adv(response)
  json_pp(json)
elsif options[:refresh]
  rpm_auditer.refresh_rpm_to_cve_file('./data/rpm-to-cve.xml')
elsif options[:cve]
  id = options[:cve]

  json = rhel_api_client.cve_id(id)
  json_pp(json)
elsif options[:file]
  filepath = options[:file]
  cve_ids = read_cves_file(filepath)

  json = rhel_api_client.cve_ids(cve_ids)
  json_pp(json)
elsif options[:list]
  puts rpm_auditer.list_pkg_names.sort
elsif options[:advisory]
  advisory = options[:advisory]
  params = { params: { advisory: advisory } }

  json = rhel_api_client.request('/cve.json', params)
  json_pp(json)
end