diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-31 19:41:20 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-31 19:41:20 -0800 |
| commit | a5d23ba552f0afeb9a4d8b0939fe4b6a970e891f (patch) | |
| tree | 68e485c6d1437bdd3d44cf502582cf8401668751 | |
| parent | 36d707b0ee3780b3d40106364fbbfb9fe0fdd9f5 (diff) | |
| download | vulns-a5d23ba552f0afeb9a4d8b0939fe4b6a970e891f.tar.gz | |
scripts/cve_create: script to create a cve
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rwxr-xr-x | scripts/cve_create | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/scripts/cve_create b/scripts/cve_create new file mode 100755 index 00000000..37c89e21 --- /dev/null +++ b/scripts/cve_create @@ -0,0 +1,104 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (c) 2024 - Greg Kroah-Hartman <gregkh@linuxfoundation.org> +# +# cve_create - Create a CVE entry to be submitted to the CVE database based on +# a provide git commit id +# +# Will look through the list of reserved cve ids and find the one for the year +# that the git commit was authored. If none is availble, will exit with an +# error. +# +# If a free one is found, the new "database" entry will be created with files +# in the format that can be submitted both to CVE and for the mail +# notification. +# +# Usage: +# cve_create [GIT_SHA] +# +# Requires: +# A kernel git tree with the SHA to be used in it +# bippy + +# TODO - make these options that are not hard-coded + +KERNEL_TREE="/home/gregkh/linux/stable/linux-stable" + +# don't use unset variables +set -o nounset + +# set where the tool was run from, +# the name of our script, +# and the git version of it +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +SCRIPT=${0##*/} +SCRIPT_VERSION=$(cd "${DIR}" && git show -s --abbrev-commit --abbrev=12 --pretty=format:"%h") + +help() { + echo "${SCRIPT} [GIT_SHA]" + exit 1 +} + +GIT_SHA="${1:-}" +if [[ "${GIT_SHA}" == "" ]] ; then + help +fi + +# See if the SHA given to us is a valid SHA in the git repo +# and turning the sha into a "full" one so that we don't get this wrong. +GIT_SHA_FULL=$(cd ${KERNEL_TREE} && git log -1 --format="%H" "${GIT_SHA}") +if [[ "${GIT_SHA_FULL}" == "" ]] ; then + echo "error: git id ${GIT_SHA} is not found in the tree at ${KERNEL_TREE}" + exit 1 +fi + +YEAR=$(cd ${KERNEL_TREE} && git log -1 --format="%as" "${GIT_SHA_FULL}" | cut -f 1 -d '-') +if [[ "${YEAR}" == "" ]] ; then + echo "error: can not determine the date of the commit!" + exit 1 +fi +echo "year = ${YEAR}" + +CVE_ROOT="${DIR}/../cve/" + +RESERVED_DIR="${CVE_ROOT}reserved/${YEAR}/" +PUBLISHED_DIR="${CVE_ROOT}published/${YEAR}/" + +# Go into the directory for the year asked for +cd "${RESERVED_DIR}" 2> /dev/null +if [[ $? -ne 0 ]]; then + echo "No free ids found in ${RESERVED_DIR}" + echo "Should you allocate some more for that year?" + exit 1 +fi + +# find a free id +ID=$(ls | sort -V | head -n 1) + +if [[ "${ID}" == "" ]] ; then + echo "No free id found for ${YEAR}" + echo "Should you allocate some more for that year?" + exit 1 +fi +echo "ID=${ID}" + +# Make the new year directory, if it is not present +# fixme, test if present first, as we shouldn't be rude here +mkdir "${PUBLISHED_DIR}" 2> /dev/null + +# write the new entry, using the SHA given to us +# by moving the original entry and then writing to it +mv "${ID}" "${PUBLISHED_DIR}" +echo "${GIT_SHA_FULL}" > "${PUBLISHED_DIR}/${ID}.sha1" + +# write the new json entry out, using bippy +${DIR}/bippy ${ID} ${GIT_SHA_FULL} > "${PUBLISHED_DIR}/${ID}.json" + +# write the mbox entry out +# TODO - use ???? +touch "${PUBLISHED_DIR}/${ID}.mbox" + +# say all is good, and give the id +echo "CVE id ${ID} was allocated for git commit ${GIT_SHA_FULL}" +echo "be sure to submit it properly using ...." |