summaryrefslogtreecommitdiffstats
path: root/ports-mgmt/portaudit-db/files/portaudit2vuxml.awk
blob: 182d7243139192f1c2aa8dd288deafa508d9d2c5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/awk -f

  BEGIN {
    XMLFILE=ARGV[2]
    delete ARGV[2]
    while (getline < XMLFILE) {
      if (/<\/vuxml>/)
        break
      print
    }
    XML=$0
    FS="|"
  }

  /^(#|$)/ { next }

  {
    if (PKG[$4])
      PKG[$4]=PKG[$4] FS $1
    else
      PKG[$4]=$1
    gsub(/</, "&lt;")
    gsub(/>/, "&gt;")
    gsub(/&/, "&amp;")
    URL[$4]=$2
    TOPIC[$4]=$3
  }

  END {
    OPN["<"]="lt"
    OPN["<="]="le"
    OPN["="]="eq"
    OPN[">="]="ge"
    OPN[">"]="gt"

    for (UUID in PKG) {
      print "  <vuln vid=\"" UUID "\">"
      print "    <topic>" TOPIC[UUID] "</topic>"

      print "    <affects>"
      split(PKG[UUID], APKG)
      for (TPKG in APKG) {
        VERS=APKG[TPKG]
        print "      <package>"
        if (match(VERS, /(<|>)=?|=/) > 0) {
          print "        <name>" substr(VERS, 1, RSTART-1) "</name>"
          printf "        <range>"
          do {
            OP=substr(VERS, RSTART, RLENGTH)
            LEN=length(VERS)
            VERS=substr(VERS, RSTART+RLENGTH, LEN+1-RSTART-RLENGTH)
            XXX=match(VERS, /(<|>)=?|=/)
            if (XXX > 0)
               printf "<%s>%s</%s>", OPN[OP], substr(VERS, 1, RSTART-1), OPN[OP]
            else
               printf "<%s>%s</%s>", OPN[OP], VERS, OPN[OP]
          } while (XXX > 0)
          printf "</range>\n"
        }
        else {
          print "        <name>" VERS "</name>"
        }
        print "      </package>"
      }
      print "    </affects>"

      print "    <description>"
      print "      <body xmlns=\"http://www.w3.org/1999/xhtml\">"
      print "        <p>Please <a href=\"mailto:security-officer@FreeBSD.org?subject=vid%20" UUID "\">contact"
      print "           the FreeBSD Security Officer</a> for more information.</p>"
      print "      </body>"
      print "    </description>"
      print "    <references>"
      print "      <url>" URL[UUID] "</url>"
      print "    </references>"
      print "    <dates>"
      print "      <discovery>2000-00-00</discovery>"
      print "      <entry>2000-00-00</entry>"
      print "    </dates>"
      print "  </vuln>"
      print ""
    }
    print XML
    while (getline < XMLFILE) {
      print
    }
  }
OpenPOWER on IntegriCloud