forked from mozilla/foundation-security-advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
assign_cve_ids.py
executable file
·55 lines (45 loc) · 2.2 KB
/
assign_cve_ids.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/env python3
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
import os
import sys
import subprocess
from foundation_security_advisories.common import (
CVEAdvisory,
)
from foundation_security_advisories.common_cve import *
def main():
# In this script, directly assign CVEs by default and do not ask for confirmation.
if not os.getenv("PROMPT_ASK"):
os.environ["PROMPT_CHOOSE_DEFAULT"] = "1"
local_cve_advisories: dict[str, CVEAdvisory] = get_local_cve_advisories()
for cve_id in local_cve_advisories:
cve_advisory = local_cve_advisories[cve_id]
if cve_id.startswith("MFSA-RESERVE"):
print(f"\n-> {cve_id}")
if replace_cve_id(cve_advisory):
try_set_bugzilla_alias(cve_id.split("-")[-1], cve_advisory.id)
elif cve_advisory.newest_instance.mfsa_id == os.getenv("ASSIGN_BUGZILLA_ANYWAYS", ""):
# In the above, we have the bug id from the placeholder. Here we need to get it from the references
if len(cve_advisory.newest_instance.references) == 1 and len(cve_advisory.newest_instance.references[0]) == 2 and \
cve_advisory.newest_instance.references[0][1] is None and\
cve_advisory.newest_instance.references[0][0].startswith("https://bugzilla.mozilla.org/show_bug.cgi?id="):
bug_id = cve_advisory.newest_instance.references[0][0].replace("https://bugzilla.mozilla.org/show_bug.cgi?id=", "")
try_set_bugzilla_alias(bug_id, cve_advisory.id)
elif cve_advisory.newest_instance.title.startswith("Memory safety bugs fixed"):
pass # Roll-up
else:
print(f"{cve_advisory.newest_instance.parent.id} didn't have an expected reference format so you have to set it manually.")
if os.getenv("CI"):
subprocess.run(
[
"git",
"commit",
"-m",
f"Assign CVE ids",
]
)
subprocess.run(["git", "push"])
if __name__ == "__main__":
sys.exit(main())