anext = anext[:-1]+chr(ord(anext[-1])+1)
return ",".join(['-'.join(map(str,aff)) for aff in alist])
-
+
+def allyourbase(issues):
+ allbase = []
+ # find all the major versions of OpenSSL we have vulnerabilities fixed in
+ for affects in issues.getElementsByTagName('fixed'):
+ if (affects.getAttribute("base") not in allbase):
+ if ("fips" not in affects.getAttribute("base")): # temporary hack
+ allbase.append(affects.getAttribute("base"))
+ return sorted(allbase, reverse=True)
+
+
parser = OptionParser()
parser.add_option("-i", "--input", help="input vulnerability file live openssl-web/news/vulnerabilities.xml", dest="input")
+parser.add_option("-b", "--base", help="only include vulnerabilities for this major version (i.e. 1.0.1)", dest="base")
(options, args) = parser.parse_args()
# We need an output directory not stdout because we might write multiple files
# Display issues latest by date first, if same date then by highest CVE
allissues = ""
for issue in sorted(issues, key=lambda x: (x.getAttribute('public'), x.getElementsByTagName('cve')[0].getAttribute('name')),reverse=True):
+
+ if options.base:
+ include = 0
+ for affects in issue.getElementsByTagName('fixed'):
+ if (affects.getAttribute("base") in options.base):
+ include = 1
+ if (include == 0):
+ continue
+
date = issue.getAttribute('public')
year = date[:-4]
if (year != thisyear):
allissues += "<dt>"
if cve:
- allissues += "<a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s\">CVE-%s</a> " %(cve,cve)
+ allissues += "<a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s\" name=\"CVE-%s\">CVE-%s</a> " %(cve,cve,cve)
for adv in issue.getElementsByTagName('advisory'):
allissues += "<a href=\"%s\">(OpenSSL advisory)</a> " %(adv.getAttribute("url"))
for sev in issue.getElementsByTagName('impact'):
allissues += " Reported by %s. " %(reported.getAttribute("source"))
allissues += "<ul>"
+ also = []
for affects in issue.getElementsByTagName('fixed'):
+ if options.base:
+ if (affects.getAttribute("base") not in options.base):
+ also.append("OpenSSL <a href=\"vulnerabilities-%s.html#CVE-%s\">%s</a>" %( affects.getAttribute('base'), cve, affects.getAttribute('version')))
+ continue
allissues += "<li>Fixed in OpenSSL %s " %(affects.getAttribute('version'))
for git in affects.getElementsByTagName('git'):
allissues += "<a href=\"https://github.com/openssl/openssl/commit/%s\">(git commit)</a> " %(git.getAttribute('hash'))
allissues += "(Affected "+merge_affects(issue,affects.getAttribute("base"))+")"
allissues += "</li>"
+ if also:
+ allissues += "<li>This issue was also addressed in "+ ", ".join( also)
allissues += "</ul></dd>"
allissues += "</dl>"
preface = "<!-- do not edit this file it is autogenerated, edit vulnerabilities.xml -->"
-preface += "<p><a name=\"toc\">Jump to year: </a>"
-preface += ", ".join( "<a href=\"#y%s\">%s</a>" %(year,year) for year in allyears)
+if options.base:
+ # for now don't put the link to the per-base page on main page until it's tested
+ bases = []
+ for base in allyourbase(dom):
+ if (options.base and base in options.base):
+ bases.append("%s " %(base))
+ else:
+ bases.append( "<a href=\"vulnerabilities-%s.html\">%s</a> " %(base,base))
+ preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
+ preface += "<h2>Fixed in OpenSSL %s</h2>" %(options.base)
+if len(allyears)>1: # If only vulns in this year no need for the year table of contents
+ preface += "<p><a name=\"toc\">Jump to year: </a>" + ", ".join( "<a href=\"#y%s\">%s</a>" %(year,year) for year in allyears)
preface += "</p>"
-preface += allissues
+if "<dt>" in allissues:
+ preface += allissues
+else:
+ preface += "No vulnerabilities"
sys.stdout.write(preface.encode('utf-8'))