foundation_security_advisories/publish_cve_advisories.py

#!/usr/bin/env python3

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import os
import sys
import subprocess

from foundation_security_advisories.common import (
    CVEAdvisory,
)
from foundation_security_advisories.common_cve import *


def main():
    owned_cve_ids, published_cve_id_dates = get_owned_cve_ids()
    local_cve_advisories: dict[str, CVEAdvisory] = get_local_cve_advisories()

    for cve_id in local_cve_advisories:
        cve_advisory = local_cve_advisories[cve_id]
        if cve_id.startswith("MFSA-RESERVE"):
            print_cve_step(cve_id)
            if not replace_cve_id(cve_advisory):
                continue
            try_set_bugzilla_alias(cve_id.split("-")[-1], cve_advisory.id)
            cve_id = cve_advisory.id
            owned_cve_ids.append(cve_id)

        if cve_id not in owned_cve_ids:
            # if cve_id.startswith("CVE"):
            #     print_cve_step(cve_id)
            #     print(f"Warning: Skipping {cve_id} because we do not own it")
            continue

        if cve_id not in published_cve_id_dates:
            print_cve_step(cve_id)
            publish_cve(cve_advisory.id, cve_advisory.to_json())
        else:
            try_update_published_cve(
                local_cve=cve_advisory,
                local_date=cve_advisory.newest_instance.file_last_modified,
                remote_date=published_cve_id_dates[cve_id],
            )

    if os.getenv("CI"):
        subprocess.run(
            [
                "git",
                "commit",
                "-m",
                f"Assign CVE ids",
            ]
        )
        subprocess.run(["git", "push"])


if __name__ == "__main__":
    sys.exit(main())