diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-19 21:38:00 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-19 21:39:13 +0100 |
commit | 69e6a64212d86986e983af47540422b29de6a31c (patch) | |
tree | 36773d85c0945be7792a274b243a4c6217c776ba | |
parent | d60e4dae3dc5265042f92d4632ab719a4231cc5b (diff) | |
download | vulns-69e6a64212d86986e983af47540422b29de6a31c.tar.gz |
bippy: read from the linux.uuid file.
Also remove the unneeded platforms array as that's just overkill in the
json file.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rwxr-xr-x | scripts/bippy | 44 | ||||
-rw-r--r-- | scripts/linux.uuid (renamed from cve/linux.uuid) | 0 |
2 files changed, 22 insertions, 22 deletions
diff --git a/scripts/bippy b/scripts/bippy index e63f5ae1..c4875b56 100755 --- a/scripts/bippy +++ b/scripts/bippy @@ -25,9 +25,6 @@ DEBUG=0 KERNEL_TREE="/home/gregkh/linux/stable/linux-stable" FOUND_IN="/home/gregkh/linux/stable/commit_tree/id_found_in" -# Hard coded for now, but maybe come from a file? -ORGID="f4215fc3-5b6b-47ff-a258-f7189bd81038" - # Might be dropped if we don't need the full "container" output, see at the # bottom for more details USER="gregkh@linuxfoundation.org" @@ -243,17 +240,32 @@ function version_is_mainline # ======= # Main logic starts here +# Get the UUID we are going to use from the linux.uuid file in the directory +# where the script is. This allows us to change this if needed in the future +# (and it's easier to move between testing and production databases this way, +# as those require different uuids.) +orig_id=$(cat "${DIR}"/linux.uuid) +if [[ "${orig_id}" == "" ]]; then + echo "No UUID found to use at ${DIR}/linux.uuid, aborting" + exit 1 +fi +dbg "orig_id=${orig_id}" + # go into the kernel tree, we need this to be a valid one #cd ${KERNEL_TREE} || exit 1 -# See if the SHA given to us is a valid SHA in the git repo -# and turning the sha into a "full" one so that we don't get this wrong. - +# See if the SHA given to us is a valid SHA in the git repo. +# This tests if we have a valid kernel tree, AND we need a full/long SHA1 for +# many of the searches we do later on. If we stuck with a short one, some of +# the searches would give us false-positives as people use short shas in commit +# messages. GIT_SHA_FULL=$(cd ${KERNEL_TREE} && git log -1 --format="%H" "${GIT_SHA}") if [[ "${GIT_SHA_FULL}" == "" ]] ; then echo "error: git id ${GIT_SHA} is not found in the tree at ${KERNEL_TREE}" exit 1 fi + +# Grab a "real" 12 character short sha to use as well, we "know" this will not fail. GIT_SHA_SHORT=$(cd ${KERNEL_TREE} && git log -1 --abbrev=12 --format="%h" "${GIT_SHA_FULL}") # Get the subject line of our sha @@ -758,7 +770,7 @@ if [[ "${JSON_FILE}" != "" ]] ; then x_generator=$(jo -- engine="${SCRIPT}-${SCRIPT_VERSION}") - cveMetadata=$(jo -- assignerOrgId="${ORGID}" \ + cveMetadata=$(jo -- assignerOrgId="${orig_id}" \ cveID="${CVE_NUMBER}" \ requesterUserId="${USER}" \ -s serial="1" \ @@ -772,19 +784,9 @@ if [[ "${JSON_FILE}" != "" ]] ; then descriptions=$(jo -a -- "${d}") providerMetadata=$(jo -- \ - orgId="${ORGID}" \ + orgId="${orig_id}" \ ) -# versions=$(jo -- \ -# -s lessThan="6.7" \ -# -s status="affected" \ -# -s version="0" \ -# -s versionType="custom" \ -# ) - - p=$(jo -a -- "Linux") - platforms=$(jo -- platforms="${p}") - f="" while IFS= read -r entry; do f+="${entry} " @@ -795,15 +797,14 @@ if [[ "${JSON_FILE}" != "" ]] ; then program_files=$(jo -a -- ${f}) # FIXME: add program_files down below to a and ag in the proper place, - # but for now, the json is not validating so don't add it until that is - # figured out... + # but for now, the json is not validating on the CVE server side, so + # don't add it until that is figured out... # We want vuln_array_json to be expanded without quotes # shellcheck disable=SC2086 a=$(jo -- \ product="Linux" \ vendor="Linux" \ - platforms="${p}" \ defaultStatus="${default_status}" \ repo="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" \ ${vuln_array_json} \ @@ -814,7 +815,6 @@ if [[ "${JSON_FILE}" != "" ]] ; then ag=$(jo -- \ product="Linux" \ vendor="Linux" \ - platforms="${p}" \ defaultStatus="unaffected" \ repo="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" \ ${git_array_json} \ diff --git a/cve/linux.uuid b/scripts/linux.uuid index ce693948..ce693948 100644 --- a/cve/linux.uuid +++ b/scripts/linux.uuid |