in foundation_security_advisories/common_cve.py [0:0]
def try_update_published_cve(local_cve: CVEAdvisory, local_date: int, remote_date):
"""
Check if there is a difference between the local and the remote CVE.
If there is one, update the CVE.
"""
remote_date_str = pretty_date(remote_date)
local_date_str = pretty_date(local_date)
if remote_date > local_date and not os.getenv("FORCE_UPDATE"):
return
print_cve_step(local_cve.id)
# We need to modify the remote and local json a bit to make sure we only
# detect a diff if something actually changed.
remote_cve_json = get_cve(local_cve.id)
remote_cve_json.pop("cveMetadata")
remote_cve_json_container = remote_cve_json["containers"]["cna"]
remote_cve_json_container.pop("providerMetadata")
if "x_legacyV4Record" in remote_cve_json_container:
remote_cve_json_container.pop("x_legacyV4Record")
local_cve_json = local_cve.to_json()
local_reference_urls = [
local_reference[0]
for local_instance in local_cve.instances
for local_reference in local_instance.references
]
# If there are references which we did not add automatically, we probably don't
# want to remove them, so we move them to our to-be-published object.
remote_extra_references = list(
filter(
lambda reference: not reference["url"] in local_reference_urls
and all(
not reference["url"].startswith(prefix)
for prefix in [
"https://bugzilla.mozilla.org",
"https://www.bugzilla.mozilla.org",
"https://mozilla.org",
"https://www.mozilla.org",
]
),
remote_cve_json["containers"]["cna"]["references"],
)
)
local_cve_json["containers"]["cna"]["references"].extend(remote_extra_references)
# Sort the references to make sure we detect the diff correctly.
remote_cve_json["containers"]["cna"]["references"].sort(
key=lambda reference: reference["url"]
)
local_cve_json["containers"]["cna"]["references"].sort(
key=lambda reference: reference["url"]
)
# Include any other containers from the remote we do not know about (like "adp")
for container_name in remote_cve_json["containers"].keys():
if container_name not in local_cve_json["containers"].keys():
local_cve_json["containers"][container_name] = remote_cve_json[
"containers"
][container_name]
diff = difflib.unified_diff(
dumps(remote_cve_json, indent=2, sort_keys=True).split("\n"),
dumps(local_cve_json, indent=2, sort_keys=True).split("\n"),
lineterm="",
fromfile=f"Remote",
fromfiledate=remote_date_str,
tofile=f"Local ",
tofiledate=local_date_str,
)
is_unchanged = True
for line in diff:
print(line)
is_unchanged = False
if is_unchanged:
# There seems to be no actual difference, lets update the
# timestamp so that we won't be here again next time.
print(f"--- Remote\t{remote_date_str}")
print(f"+++ Local \t{local_date_str}")
print(f"Not actual difference found for {local_cve.id}")
touch_cve_id(local_cve.id)
return
if local_cve.year < 2023:
if not prompt_yes_no(
f"\nThis CVE lies before the cutoff year 2023. Should the content still be updated for {local_cve.id}?",
default=False,
):
print(f"Skipping {local_cve.id} because it lies before the cutoff year")
touch_cve_id(local_cve.id)
return False
else:
if not prompt_yes_no(f"\nShould this content be updated for {local_cve.id}?"):
print(f"Skipping {local_cve.id}")
return False
update_published_cve(local_cve.id, local_cve_json)