Skip to content

Extract dates from .yml files #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mveytsman merged 1 commit into from
Apr 1, 2013
Merged

Extract dates from .yml files #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ruby-advisory-db
Open in desktop
Submodule ruby-advisory-db updated 38 files
+8 −3 README.md
+2 −0 gems/actionpack/CVE-2012-1099.yml
+2 −0 gems/actionpack/CVE-2012-3424.yml
+2 −0 gems/actionpack/CVE-2012-3463.yml
+2 −0 gems/actionpack/CVE-2012-3465.yml
+2 −0 gems/actionpack/CVE-2013-0156.yml
+4 −3 gems/actionpack/CVE-2013-1855.yml
+4 −3 gems/actionpack/CVE-2013-1857.yml
+2 −0 gems/activerecord/CVE-2012-2660.yml
+2 −0 gems/activerecord/CVE-2012-2661.yml
+2 −0 gems/activerecord/CVE-2013-0155.yml
+2 −0 gems/activerecord/CVE-2013-0276.yml
+2 −0 gems/activerecord/CVE-2013-0277.yml
+4 −2 gems/activerecord/CVE-2013-1854.yml
+2 −0 gems/activesupport/CVE-2012-1098.yml
+2 −0 gems/activesupport/CVE-2012-3464.yml
+2 −0 gems/activesupport/CVE-2013-0333.yml
+4 −2 gems/activesupport/CVE-2013-1856.yml
+2 −0 gems/crack/CVE-2013-1800.yml
+2 −0 gems/devise/CVE-2013-0233.yml
+2 −0 gems/dragonfly/CVE-2013-1756.yml
+3 −0 gems/extlib/CVE-2013-1802.yml
+2 −0 gems/ftpd/CVE-2013-2512.yml
+2 −0 gems/gtk2/CVE-2007-6183.yml
+2 −0 gems/httparty/CVE-2013-1802.yml
+2 −0 gems/json/CVE-2013-0269.yml
+21 −0 gems/loofah/OSVDB-90945.yml
+2 −0 gems/mail/CVE-2011-0739.yml
+3 −0 gems/mail/CVE-2012-2139.yml
+3 −0 gems/mail/CVE-2012-2140.yml
+2 −0 gems/multi_xml/CVE-2013-0175.yml
+4 −2 gems/newrelic_rpm/CVE-2013-0284.yml
+4 −2 gems/nori/CVE-2013-0285.yml
+4 −2 gems/omniauth-oauth2/CVE-2012-6134.yml
+2 −0 gems/rack-cache/CVE-2012-267.yml
+2 −0 gems/rack/CVE-2013-0263.yml
+2 −0 gems/rdoc/CVE-2013-0256.yml
+44 −3 spec/advisory_example.rb
4 changes: 2 additions & 2 deletions .../_posts/2012-01-01-CVE-2012-6134.markdown → .../_posts/2012-09-08-CVE-2012-6134.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---
layout: post
title: "CVE-2012-6134: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability"
date: 2012-01-01
date: 2012-09-08
comments: false
categories: [omniauth-oauth2]
---

### CVE ID

* [CVE-2012-6134](https://github.com/intridea/omniauth-oauth2/pull/25)
* [CVE-2012-6134](http://www.osvdb.org/show/osvdb/90264)

### GEM NAME

Expand Down
4 changes: 2 additions & 2 deletions .../_posts/2013-01-01-CVE-2013-0284.markdown → .../_posts/2012-12-06-CVE-2013-0284.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---
layout: post
title: "CVE-2013-0284: Ruby on Rails newrelic_rpm Gem Discloses Sensitive Information"
date: 2013-01-01
date: 2012-12-06
comments: false
categories: [newrelic_rpm]
---

### CVE ID

* [CVE-2013-0284](https://newrelic.com/docs/ruby/ruby-agent-security-notification)
* [CVE-2013-0284](http://osvdb.org/show/osvdb/90189)

### GEM NAME

Expand Down
4 changes: 2 additions & 2 deletions .../_posts/2013-01-01-CVE-2013-0285.markdown → .../_posts/2013-01-10-CVE-2013-0285.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---
layout: post
title: "CVE-2013-0285: Ruby Gem nori Parameter Parsing Remote Code Execution"
date: 2013-01-01
date: 2013-01-10
comments: false
categories: [nori]
---

### CVE ID

* [CVE-2013-0285](https://github.com/savonrb/nori/commit/818f5263b1d597b603d46cbe1702cd2717259e32)
* [CVE-2013-0285](http://osvdb.org/show/osvdb/90196)

### GEM NAME

Expand Down
2 changes: 1 addition & 1 deletion .../_posts/2013-01-01-CVE-2013-1756.markdown → .../_posts/2013-02-19-CVE-2013-1756.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: post
title: "CVE-2013-1756: Dragonfly Gem Remote Code Execution"
date: 2013-01-01
date: 2013-02-19
comments: false
categories: [dragonfly]
---
Expand Down
2 changes: 1 addition & 1 deletion source/_posts/2013-03-19-CVE-2013-1854.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ categories: [activerecord,rails]

### CVE ID

* [CVE-2013-1854](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE)
* [CVE-2013-1854](http://osvdb.org/show/osvdb/91453)

### GEM NAME

Expand Down
2 changes: 1 addition & 1 deletion source/_posts/2013-03-19-CVE-2013-1855.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ categories: [actionpack,rails]

### CVE ID

* [CVE-2013-1855](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8)
* [CVE-2013-1855](http://www.osvdb.org/show/osvdb/91452)

### GEM NAME

Expand Down
2 changes: 1 addition & 1 deletion source/_posts/2013-03-19-CVE-2013-1856.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ categories: [activesupport,rails]

### CVE ID

* [CVE-2013-1856](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI)
* [CVE-2013-1856](http://www.osvdb.org/show/osvdb/91451)

### GEM NAME

Expand Down
2 changes: 1 addition & 1 deletion source/_posts/2013-03-19-CVE-2013-1857.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ categories: [actionpack,rails]

### CVE ID

* [CVE-2013-1857](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI)
* [CVE-2013-1857](http://osvdb.org/show/osvdb/91454)

### GEM NAME

Expand Down
24 changes: 7 additions & 17 deletions tasks/sync_advisories.rake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,29 +10,19 @@ task :sync_advisories do

Rake::FileList["ruby-advisory-db/gems/**/*.yml"].each do |advisory|
yaml = YAML.load_file(advisory)
unless yaml['cve']
STDERR.puts "*** WARNING: couldn't sync '#{yaml['title']}: no CVE metadata"
next
end

cve = "CVE-" + yaml['cve']
title = yaml['title'].gsub(/\s+/m, ' ')

title = "#{cve}: #{title}"
slug = cve
date = yaml['date']

puts "Processing: #{title}"

if yaml['url']['osvdb.org']
osvdb_entry = Net::HTTP.get URI(yaml['url'])
date = osvdb_entry[/(\d{4}-\d{2}-\d{2})\<\/td/, 1]
else
nvd_entry = Net::HTTP.get URI("http://web.nvd.nist.gov/view/vuln/detail?vulnId=#{cve}")
matches = nvd_entry.match(/(\d{2})\/(\d{2})\/(\d{4})\<\/div/)

if matches
date = sprintf("%04d-%02d-%02d", Integer(matches[3]), Integer(matches[1]), Integer(matches[2]))
else
puts "Can't determine date for: #{title}"
date = "#{yaml['cve'][/\d{4}/]}-01-01"
end
end
STDERR.puts "Processing: #{title}"

filename = "#{date}-#{slug}.markdown"
template = ERB.new <<-MARKDOWN
Expand Down Expand Up @@ -67,4 +57,4 @@ MARKDOWN

File.open("source/_posts/#{filename}", "w") { |file| file << template.result(binding) }
end
end
end