Add CVE export for gts3.org

sslab-gatech · Jan 14, 2022 · 605ebc7 · 605ebc7
1 parent b5b088c
commit 605ebc7
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 4 deletions.
diff --git a/paper/common.py b/paper/common.py
@@ -9,23 +9,33 @@
 POC_FRONTMATTER = "```rudra-poc"
 
 
-def get_frontmatter(file, header):
-    contents = file.read()
+def get_frontmatter(contents, header):
     frontmatter_start = contents.index(header)
     frontmatter_end = contents.index("```", frontmatter_start + 1)
 
     metadata = contents[frontmatter_start + len(header) : frontmatter_end]
     return tomlkit.parse(metadata)
 
 
+def get_rustsec_title(contents):
+    frontmatter_end = contents.index("\n```\n")
+
+    title_start = contents.index("\n# ", frontmatter_end + 1) + 3
+    title_end = contents.index("\n", title_start)
+
+    return contents[title_start:title_end]
+
+
 # Returns a dict of RUSTSEC ids -> RUSTSEC metadata.
 def get_rustsec_metadata():
     rustsec_metadata = {}
 
     rustsec_dir = PROJECT_DIRECTORY / "advisory-db" / "crates"
     for advisory_file in rustsec_dir.glob("**/*.md"):
         with advisory_file.open() as f:
-            metadata = get_frontmatter(f, RUSTSEC_FRONTMATTER)["advisory"]
+            contents = f.read()
+            metadata = get_frontmatter(contents, RUSTSEC_FRONTMATTER)["advisory"]
+            metadata["title"] = get_rustsec_title(contents)
             rustsec_metadata[metadata["id"]] = metadata
 
     return rustsec_metadata
@@ -42,7 +52,8 @@ def get_poc_metadata():
             continue
 
         with poc_file.open() as f:
-            metadata = get_frontmatter(f, POC_FRONTMATTER)
+            contents = f.read()
+            metadata = get_frontmatter(contents, POC_FRONTMATTER)
             poc_metadata[identifier] = metadata
 
     return poc_metadata

diff --git a/paper/export_cve.py b/paper/export_cve.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+from common import *
+from collections import defaultdict
+import sys
+
+
+def main():
+    cve_data = []
+
+    rustsec_metadata_dict = get_rustsec_metadata()
+    poc_metadata_dict = get_poc_metadata()
+
+    for (poc_id, poc_metadata) in poc_metadata_dict.items():
+        if 'issue_date' not in poc_metadata['report']:
+            print(f"Warning: PoC {poc_id} is not reported")
+            continue
+
+        crate_name = poc_metadata['target']['crate']
+
+        issue_date = poc_metadata['report']['issue_date']
+        issue_year = issue_date.year
+        issue_date_string = f"{issue_date.year}/{issue_date.month:02}/{issue_date.day:02}"
+
+        try:
+            rustsec_id = poc_metadata['report']['rustsec_id']
+        except tomlkit.exceptions.NonExistentKey:
+            # Pending bugs
+            continue
+
+        rustsec_metadata = rustsec_metadata_dict[rustsec_id]
+        rustsec_title = rustsec_metadata["title"]
+
+        cve_list = []
+        if 'aliases' in rustsec_metadata:
+            for alias in rustsec_metadata['aliases']:
+                if alias.startswith("CVE"):
+                    cve_list.append(alias)
+
+        if len(cve_list) > 0:
+            cve_text = ", ".join(cve_list)
+            print(f"""date: {issue_date_string}
+proj: {crate_name} (Rust)
+cve: {cve_text}
+desc: {rustsec_title}
+url: https://rustsec.org/advisories/{rustsec_id}.html
+lead: Rudra project members
+""")
+
+if __name__ == '__main__':
+    main()