#!/usr/bin/perl-w
use strict;
my $dn = `dirname $0`;chomp($dn);
my $pwd = `pwd`;chomp($pwd);
if ($dn !~ /^\//) { $dn = $pwd . "/" . $dn; }
push @INC,$dn;
require CanDBReader;
require SMASHData;
&SMASHData::read_all_cached_issues();
my @affected = ();
my @unaffected = ();
my @missingjira = ();
my @missingcvss = ();
my @leaked = ();
foreach my $cve (sort keys %SMASHData::pkgstate) {
next unless (
defined($SMASHData::pkgstate{$cve}->{'Carwos 1'}) ||
defined($SMASHData::codestreampkgstate{$cve}->{'SUSE:Carwos:1'})
);
my $affected = 0;
my %packages;
if (defined($SMASHData::pkgstate{$cve}->{'Carwos 1'})) {
%packages = %{$SMASHData::pkgstate{$cve}->{'Carwos 1'}};
} else {
%packages = %{$SMASHData::codestreampkgstate{$cve}->{'SUSE:Carwos:1'}};
}
my @packages = ();
foreach my $pkg (sort keys %packages) {
push @packages,"$pkg:$packages{$pkg}";
$affected = 1 if ($packages{$pkg} eq "Affected");
}
my $basescore = $SMASHData::cvssv3{$cve}->{'SUSE'}->{'base_score'};
my $basevector = $SMASHData::cvssv3{$cve}->{'SUSE'}->{'base_vector'};
my %references = %{$SMASHData::references{$cve}};
my @references = ();
foreach my $reference (sort keys %references) {
push @references, "$reference";
}
my $str = "| $cve | " . join (", ",@packages) ." | $SMASHData::severity{$cve} | $basescore ($basevector) | " . join("
", @references) . " |
\n";
if ($affected) {
push @affected,$str;
my $embargoed = "";
if ($SMASHData::embargoedcves{$cve}) {
$embargoed = "EMBARGOED: ";
}
unless (grep (/jsc.CAR/,@references)) {
push @missingjira,"$embargoed$cve\n";
&SMASHData::read_smash_issue($cve,1);
}
if (grep (/jsc.CAR/,@references) && ($embargoed ne "")) {
push @leaked,$cve;
}
unless (defined($SMASHData::cvssv3{$cve}->{'SUSE'})) {
push @missingcvss,$cve;
}
} else {
push @unaffected,$str;
}
}
my @email = ();
if (@missingjira || @missingcvss || @leaked) {
if (@missingjira) {
push @email, "For these CVE there is currently no 'CAR' jira associated.\n";
push @email, "If the issue is NOT embargoed, please open a CAR ticket from within SMASH.\n";
push @email, "\n";
push @email, join("",@missingjira);
push @email, "\n";
}
if (@missingcvss) {
push @email, "For these CVE there is currently no CVSS v3.1 score associated, but affect Carwos:\n";
push @email, "\n";
push @email, join("\n",@missingcvss);
push @email, "\n";
}
if (@leaked) {
push @email, "These CVEs are LEAKED TO CAR JIRA before embargoe ended!\n";
foreach my $leak (@leaked) {
my %references = %{$SMASHData::references{$leak}};
push @email, "$leak has following references:\n";
foreach my $reference (sort keys %references) {
push @email, "\t$reference: ". $references{$reference} . "\n";
}
}
push @email, "\n";
}
push @email, "Ciao, $0\n";
}
open(CARHTML,">car.html");
print CARHTML "Affected
\n";
print CARHTML "\n";
print CARHTML "| CVE | Package:Affectedness | Severity | CVSS v3.1 | References |
|---|
\n";
print CARHTML join("\n",@affected);
print CARHTML "
\n";
print CARHTML "Unaffected
\n";
print CARHTML "\n";
print CARHTML "| CVE | Package:Affectedness | Severity | CVSS v3.1 | References |
|---|
\n";
print CARHTML join("\n",@unaffected);
print CARHTML "
\n";
close(CARHTML);
if (@email) {
open(SENDMAIL,"|/usr/bin/mail -R meissner\@suse.de -s 'Missing CAR Jira tickets' security-reports\@suse.de");
print SENDMAIL join("",@email);
close(SENDMAIL);
}