77 lines
2.3 KiB
Ruby
Executable file
77 lines
2.3 KiB
Ruby
Executable file
#!/usr/bin/env ruby
|
|
# frozen_string_literal: true
|
|
|
|
require 'optparse'
|
|
require 'json'
|
|
require 'csv'
|
|
require './rhel_rpm_to_cve'
|
|
require './rhel_security_api_client'
|
|
require 'pry'
|
|
|
|
ARGV << '-h' if ARGV.empty?
|
|
|
|
data_file = './data/rpm-to-cve.xml'
|
|
|
|
options = {}
|
|
|
|
# for use with --cves-from-file arg
|
|
def read_cves_file(filepath)
|
|
CSV.read(filepath).flatten
|
|
end
|
|
|
|
parser = OptionParser.new do |parser|
|
|
parser.banner = 'Usage: rpm_pkg_audit.rb [options]'
|
|
parser.on('-p', '--pkg PKGNAME', 'Takes a base pkg name and returns cves from redhats security API.') do |pkg|
|
|
options[:pkg] = pkg
|
|
end
|
|
parser.on('-l', '--list', 'List packages in the XML datafile.') do |list|
|
|
options[:list] = list
|
|
end
|
|
parser.on('-x', '--xmlpkg PKGNAME', 'The pkg name you want to audit from xml file rpm-to-cve.xml') do |xmlpkg|
|
|
options[:xmlpkg] = xmlpkg
|
|
end
|
|
parser.on('-r', '--refresh', 'Refresh rpm-to-cve.xml file with latest pkgs and cves') do |_refresh|
|
|
options[:refresh] = true
|
|
end
|
|
parser.on('-c', '--cve CVE_ID', 'Takes a cve id and returns cve json from redhats security API.') do |cve|
|
|
options[:cve] = cve
|
|
end
|
|
parser.on('-f', '--cves-from-file CVE_FILE', 'Takes a file one cve id per line and sends a batch request to redhat security API') do |file|
|
|
options[:file] = file
|
|
end
|
|
end
|
|
|
|
parser.parse!
|
|
|
|
if options[:pkg]
|
|
pkg_name = options[:pkg]
|
|
elsif options[:xmlpkg]
|
|
xmlpkg_name = options[:xmlpkg]
|
|
end
|
|
|
|
rpm_auditer = RhelRpmToCve.new(filepath: data_file)
|
|
rhel_api_client = RhelSecurityApiClient.new
|
|
|
|
# this is getting long and nasty probably change this to a case statment
|
|
if xmlpkg_name
|
|
json = rpm_auditer.cves_per_pkg_name(xmlpkg_name).to_json
|
|
puts JSON.pretty_generate(JSON.parse(json))
|
|
elsif pkg_name
|
|
params = { params: { package: pkg_name } }
|
|
json_response = rhel_api_client.request('/cve.json', params)
|
|
cve_pkgs_and_adv = rhel_api_client.cve_pkg_adv(json_response)
|
|
puts JSON.pretty_generate(cve_pkgs_and_adv)
|
|
elsif options[:refresh]
|
|
rpm_auditer.refresh_rpm_to_cve_file('./data/rpm-to-cve.xml')
|
|
elsif options[:cve]
|
|
cve = options[:cve]
|
|
r = rhel_api_client.cve_id(cve)
|
|
puts JSON.pretty_generate(r)
|
|
elsif options[:file]
|
|
filepath = options[:file]
|
|
cve_ids = read_cves_file(filepath)
|
|
r = rhel_api_client.cves(cve_ids)
|
|
puts JSON.pretty_generate(r)
|
|
else options.key?(:list)
|
|
puts rpm_auditer.list_pkg_names.sort
|
|
end
|