mirror-cves.sh 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. #!/bin/bash
  2. dest=/srv/http/htdocs/apt-sec/mirror/cve
  3. # call apt-sec from different pwd so that it uses different config and
  4. # caching files in this mirroring step
  5. dir=/srv/http/htdocs/apt-sec
  6. aptsec=$dir/apt-sec
  7. echo "Extracting CVEs..."
  8. cd $dir/mirror
  9. log="$($aptsec update --cves)"
  10. #echo "$log"
  11. urls="$(echo "$log"|grep '^NeedCVE:'|grep -v 'LOCAL-'|cut -b 10-)"
  12. # don't suck any more than we have to..
  13. urls="$(echo "$urls"|sort |uniq|sort -n)"
  14. for url in $urls; do
  15. echo -n "$($url|sed 's/.*=//') "
  16. done
  17. [ "AA$urls" = "AA" ] && exit
  18. echo "Mirroring CVEs..."
  19. for url in $urls; do
  20. name="$(echo $url|sed 's/.*?//')"
  21. file="$dest/$name"
  22. if [ -f "$file" ]; then
  23. echo "Already got ${name##*=} (?!)"
  24. continue
  25. else
  26. wget -qO "$file" "$url" || echo "Error retrieving $url.."
  27. fi
  28. # do some verification and delete bad downloads
  29. # XXX replicates apt-sec parsing code. instead, we should
  30. # post-process and provide proper input to apt-sec..
  31. basename $file|grep -q '^vulnId=' && grep -q "is valid CVE format, but CVE was not found" "$file" && rm "$file"
  32. basename $file|grep -q '^name=' && grep -q "Could not find a CVE entry or candidate named" "$file" && rm "$file"
  33. done