# cve **Repository Path**: bzhaoop/cve ## Basic Information - **Project Name**: cve - **Description**: No description available - **Primary Language**: Python - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 3 - **Created**: 2021-08-03 - **Last Updated**: 2021-08-03 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README ## Bugzilla API调用 ### API文档地址 https://bugzilla.readthedocs.io/en/latest/api/ ### 主机域名 https://bugzilla.redhat.com ### CVE 查询 https://bugzilla.redhat.com/buglist.cgi?quicksearch=CVE #### 特例 https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571 #### 待解决的 - 查询cve的信息(Fixed In Version 在哪个版本中修复) - 根据当前cve的所有评论消息中获取补丁的地址(需要将多个补丁下载) - 库上的源码和补丁(打补丁操作)--- 已有工具 - 打补丁成功后,自动向gitee提交pr -----后续操作 #### 查询cve信息 - api地址:https://bugzilla.redhat.com/rest/bug?alias=CVE-2020-27827 - Content-type: application/json ```json { "bugs": [ { "priority": "medium", "cf_last_closed": "2021-02-11T16:10:19Z", "assigned_to_detail": { "email": "security-response-team", "real_name": "Red Hat Product Security", "name": "security-response-team", "id": 164808 }, "blocks": [ 1921443, 1939725 ], "creator": "Pedro Sampaio", "last_change_time": "2021-04-01T19:08:55Z", "is_cc_accessible": true, "keywords": [ "Security" ], "creator_detail": { "email": "psampaio", "real_name": "Pedro Sampaio", "name": "psampaio", "id": 409354 }, "cc": [ "Aaron Conole", "Alan Pevec", "Bill Montgomery", "Chris Wright", "Christian Trautman", "Daniel Becker", "David Blechter", "Doron Fediuck", "DRamseur", "Eyal Edri", "Eric Paris", "Flavio Leitner", "James Hogarth", "Jason Burrell", "Jean-Tsung Hsiao", "Jason Hunter", "Jason Joyce", "Jim Minter", "Joanne Okerman", "Jon Schlueter", "Kevin Mitts", "Lon Hohberger", "lpeer", "Mike Burns", "mgala", "Moran Goldboim", "Michal Skrivanek", "Mangirdas Judeikis", "Nir Levy", "Nick Stielau", "Open vSwitch development team", "Rick Alongi", "RHOS Maint", "Rashid Khan", "Sandro Bonazzola", "Scott Lewis", "Scott Herold", "Steve Linabery", "Sudha Ponnaganti", "Shai Revivo", "Thomas Graf", "Timothy Redaelli", "Yuval Turgeman" ], "url": "", "assigned_to": "Red Hat Product Security", "groups": [], "see_also": [], "id": 1921438, "whiteboard": "", "creation_time": "2021-01-28T02:00:58Z", "qa_contact": "", "depends_on": [ 1921439, 1921441, 1921442, 1922439, 1922440, 1923222, 1923224, 1921440, 1922068, 1922069, 1922070, 1923221, 1923223, 1923225, 1923226, 1923227, 1923228, 1923229, 1924956 ], "dupe_of": null, "docs_contact": "", "resolution": "ERRATA", "classification": "Other", "alias": [ "CVE-2020-27827" ], "cf_doc_type": "If docs needed, set a value", "op_sys": "Linux", "target_release": [ "---" ], "status": "CLOSED", "cc_detail": [ { "email": "aconole", "real_name": "Aaron Conole", "name": "aconole", "id": 386177 }, { "email": "apevec", "real_name": "Alan Pevec", "name": "apevec", "id": 100112 }, { "email": "bmontgom", "real_name": "Bill Montgomery", "name": "bmontgom", "id": 342077 }, { "email": "chrisw", "real_name": "Chris Wright", "name": "chrisw", "id": 168427 }, { "email": "ctrautma", "real_name": "Christian Trautman", "name": "ctrautma", "id": 390166 }, { "email": "dbecker", "real_name": "Daniel Becker", "name": "dbecker", "id": 391818 }, { "email": "dblechte", "real_name": "David Blechter", "name": "dblechte", "id": 309257 }, { "email": "dfediuck", "real_name": "Doron Fediuck", "name": "dfediuck", "id": 274022 }, { "email": "dramseur", "real_name": "DRamseur", "name": "dramseur", "id": 453047 }, { "email": "eedri", "real_name": "Eyal Edri", "name": "eedri", "id": 312462 }, { "email": "eparis", "real_name": "Eric Paris", "name": "eparis", "id": 165117 }, { "email": "fleitner", "real_name": "Flavio Leitner", "name": "fleitner", "id": 210724 }, { "email": "james.hogarth", "real_name": "James Hogarth", "name": "james.hogarth", "id": 281842 }, { "email": "jburrell", "real_name": "Jason Burrell", "name": "jburrell", "id": 435933 }, { "email": "jhsiao", "real_name": "Jean-Tsung Hsiao", "name": "jhsiao", "id": 336664 }, { "email": "jhunter", "real_name": "Jason Hunter", "name": "jhunter", "id": 439810 }, { "email": "jjoyce", "real_name": "Jason Joyce", "name": "jjoyce", "id": 393063 }, { "email": "jminter", "real_name": "Jim Minter", "name": "jminter", "id": 304946 }, { "email": "jokerman", "real_name": "Joanne Okerman", "name": "jokerman", "id": 344626 }, { "email": "jschluet", "real_name": "Jon Schlueter", "name": "jschluet", "id": 381739 }, { "email": "kmitts", "real_name": "Kevin Mitts", "name": "kmitts", "id": 437785 }, { "email": "lhh", "real_name": "Lon Hohberger", "name": "lhh", "id": 84977 }, { "email": "lpeer", "real_name": "lpeer", "name": "lpeer", "id": 287527 }, { "email": "mburns", "real_name": "Mike Burns", "name": "mburns", "id": 269350 }, { "email": "mgala", "real_name": "", "name": "mgala", "id": 439097 }, { "email": "mgoldboi", "real_name": "Moran Goldboim", "name": "mgoldboi", "id": 293091 }, { "email": "michal.skrivanek", "real_name": "Michal Skrivanek", "name": "michal.skrivanek", "id": 332467 }, { "email": "mjudeiki", "real_name": "Mangirdas Judeikis", "name": "mjudeiki", "id": 405038 }, { "email": "nlevy", "real_name": "Nir Levy", "name": "nlevy", "id": 429438 }, { "email": "nstielau", "real_name": "Nick Stielau", "name": "nstielau", "id": 422464 }, { "email": "ovs-team", "real_name": "Open vSwitch development team", "name": "ovs-team", "id": 361092 }, { "email": "ralongi", "real_name": "Rick Alongi", "name": "ralongi", "id": 368090 }, { "email": "rhos-maint", "real_name": "RHOS Maint", "name": "rhos-maint", "id": 342900 }, { "email": "rkhan", "real_name": "Rashid Khan", "name": "rkhan", "id": 328132 }, { "email": "sbonazzo", "real_name": "Sandro Bonazzola", "name": "sbonazzo", "id": 344402 }, { "email": "sclewis", "real_name": "Scott Lewis", "name": "sclewis", "id": 316793 }, { "email": "sherold", "real_name": "Scott Herold", "name": "sherold", "id": 359085 }, { "email": "slinaber", "real_name": "Steve Linabery", "name": "slinaber", "id": 269094 }, { "email": "sponnaga", "real_name": "Sudha Ponnaganti", "name": "sponnaga", "id": 426940 }, { "email": "srevivo", "real_name": "Shai Revivo", "name": "srevivo", "id": 354886 }, { "email": "tgraf", "real_name": "Thomas Graf", "name": "tgraf", "id": 368396 }, { "email": "tredaelli", "real_name": "Timothy Redaelli", "name": "tredaelli", "id": 404513 }, { "email": "yturgema", "real_name": "Yuval Turgeman", "name": "yturgema", "id": 402569 } ], "cf_clone_of": null, "summary": "CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak", "is_open": false, "platform": "All", "severity": "medium", "cf_environment": "", "version": [ "unspecified" ], "deadline": null, "component": [ "vulnerability" ], "cf_fixed_in": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9", "is_creator_accessible": true, "is_confirmed": true, "target_milestone": "---", "product": "Security Response", "cf_release_notes": "A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability." } ] } ``` ``` 字段映射: Fixed In Version:cf_fixed_in ``` #### 获取cve的评论信息 - api地址:https://bugzilla.redhat.com/rest/bug/{id_or_alias}/comment ```json { "bugs": { "1921438": { "comments": [ { "is_private": false, "count": 0, "attachment_id": null, "creator": "psampaio", "time": "2021-01-28T02:00:58Z", "bug_id": 1921438, "tags": [], "text": "Multiple versions of Open vSwitch are vulnerable to denial of service\nattacks in which crafted LLDP packets could cause memory to be lost\nwhen allocating data to handle specific optional TLVs. Triggering the\nvulnerability requires LLDP processing to be enabled for a specific\nport. Open vSwitch versions before 2.5.x are not vulnerable.\n\nReferences:\n\nhttps://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html\nhttps://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61", "id": 14719315, "creation_time": "2021-01-28T02:00:58Z", "creator_id": 409354 }, { "is_private": false, "count": 1, "attachment_id": null, "creator": "psampaio", "time": "2021-01-28T02:02:03Z", "bug_id": 1921438, "tags": [], "text": "Created lldpd tracking bugs for this issue:\n\nAffects: epel-7 [bug 1921442]\nAffects: fedora-all [bug 1921441]\n\n\nCreated openvswitch tracking bugs for this issue:\n\nAffects: fedora-all [bug 1921440]\nAffects: openstack-rdo [bug 1921439]", "id": 14719334, "creation_time": "2021-01-28T02:02:03Z", "creator_id": 409354 }, { "is_private": false, "count": 4, "attachment_id": null, "creator": "mcascell", "time": "2021-01-29T17:51:30Z", "bug_id": 1921438, "tags": [], "text": "Open vSwitch pull request:\nhttps://github.com/openvswitch/ovs/pull/337\n\nOpen vSwitch fix:\nhttps://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0", "id": 14726589, "creation_time": "2021-01-29T17:51:30Z", "creator_id": 441861 }, { "is_private": false, "count": 8, "attachment_id": null, "creator": "askrabec", "time": "2021-02-09T22:16:21Z", "bug_id": 1921438, "tags": [], "text": "Statement:\n\nRed Hat OpenStack Platform 13's openvswitch package will receive it's fixes from Fast Datapath.", "id": 14766024, "creation_time": "2021-02-09T22:16:21Z", "creator_id": 437379 }, { "is_private": false, "count": 9, "attachment_id": null, "creator": "askrabec", "time": "2021-02-09T22:16:45Z", "bug_id": 1921438, "tags": [], "text": "External References:\n\nhttps://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", "id": 14766025, "creation_time": "2021-02-09T22:16:45Z", "creator_id": 437379 }, { "is_private": false, "count": 11, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-02-11T14:52:13Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Fast Datapath for Red Hat Enterprise Linux 8\n\nVia RHSA-2021:0497 https://access.redhat.com/errata/RHSA-2021:0497", "id": 14772447, "creation_time": "2021-02-11T14:52:13Z", "creator_id": 241731 }, { "is_private": false, "count": 12, "attachment_id": null, "creator": "prodsec-dev", "time": "2021-02-11T16:10:19Z", "bug_id": 1921438, "tags": [], "text": "This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):\n\nhttps://access.redhat.com/security/cve/cve-2020-27827", "id": 14772848, "creation_time": "2021-02-11T16:10:19Z", "creator_id": 377884 }, { "is_private": false, "count": 13, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-15T14:33:31Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Fast Datapath for Red Hat Enterprise Linux 8\n\nVia RHSA-2021:0837 https://access.redhat.com/errata/RHSA-2021:0837", "id": 14871631, "creation_time": "2021-03-15T14:33:31Z", "creator_id": 241731 }, { "is_private": false, "count": 14, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-15T14:35:08Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Fast Datapath for Red Hat Enterprise Linux 7\n\nVia RHSA-2021:0834 https://access.redhat.com/errata/RHSA-2021:0834", "id": 14871651, "creation_time": "2021-03-15T14:35:08Z", "creator_id": 241731 }, { "is_private": false, "count": 15, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-15T14:35:38Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Fast Datapath for Red Hat Enterprise Linux 7\n\nVia RHSA-2021:0835 https://access.redhat.com/errata/RHSA-2021:0835", "id": 14871655, "creation_time": "2021-03-15T14:35:38Z", "creator_id": 241731 }, { "is_private": false, "count": 16, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-23T18:51:43Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Red Hat Virtualization 4 for Red Hat Enterprise Linux 8\n\nVia RHSA-2021:0976 https://access.redhat.com/errata/RHSA-2021:0976", "id": 14900197, "creation_time": "2021-03-23T18:51:43Z", "creator_id": 241731 }, { "is_private": false, "count": 17, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-31T12:57:00Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Red Hat Virtualization 4 for Red Hat Enterprise Linux 7\n\nVia RHSA-2021:1050 https://access.redhat.com/errata/RHSA-2021:1050", "id": 14925442, "creation_time": "2021-03-31T12:57:00Z", "creator_id": 241731 }, { "is_private": false, "count": 18, "attachment_id": null, "creator": "errata-xmlrpc", "time": "2021-03-31T12:57:39Z", "bug_id": 1921438, "tags": [], "text": "This issue has been addressed in the following products:\n\n Red Hat Virtualization 4 for Red Hat Enterprise Linux 7\n\nVia RHSA-2021:1051 https://access.redhat.com/errata/RHSA-2021:1051", "id": 14925447, "creation_time": "2021-03-31T12:57:39Z", "creator_id": 241731 } ] } }, "comments": {} } ``` ``` 获取补丁提交的地址: 对text字段进行\n的分割,然后匹配url路径,判断路径中是否存在想要的关键字 待确认: 1. 提交的补丁是否只在github上面 2. github的地址提炼出来后,如何下载想要的补丁包 3. 如果补丁包很多,是否都是需要打入进去的 ```