Skip to content
AutoUpdater

AutoUpdater #920

Sign in to view logs

AutoUpdater

AutoUpdater #920

Workflow file for this run

.github/workflows/AutoUpdater.yml at 99bb823
name: AutoUpdater
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: "0 20 * * *"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
update:
runs-on: ubuntu-latest
env:
REGEX: ${{ secrets.REGEX }}
steps:
- if: ${{ env.REGEX == '' }}
run: echo 'Notice:Need to set secrets.REGEX'
- uses: actions/checkout@v3
with:
path: main
- uses: actions/checkout@v3
with:
repository: CVEProject/cvelist
path: cvelist
- name: python script select
run: |
import json
import os
import re
def load_cvelist_json(file_path: str):
if file_path[-4:] != 'json':
return False
try:
f = open(file_path, 'r', encoding='utf-8')
data = json.load(f)
except:
f = open(file_path, 'r', encoding='cp1252')
data = json.load(f)
finally:
f.close()
return data
def description_fliter(cve_json: dict, patten: re.Pattern):
description = cve_json["description"]["description_data"][0]["value"]
if patten.search(description):
return True
return False
def get_cves(cve_dir: str, patten: re.Pattern):
selected_cves = []
for root, dirs, files in os.walk(cve_dir):
for f in files:
path = os.path.join(root, f)
data = load_cvelist_json(path)
if data:
if description_fliter(data, patten):
id = data['CVE_data_meta']['ID']
description = data["description"]["description_data"][0]["value"]
try:
baseScore = data["impact"]["cvss"]['baseScore']
baseSeverity = data["impact"]["cvss"]['baseSeverity']
except:
baseScore = 'NULL'
baseSeverity = 'NULL'
url = 'https://nvd.nist.gov/vuln/detail/' + id
info = {
'id': id,
'description': description,
'baseScore': baseScore,
'baseSeverity': baseSeverity,
'url': url,
'_path': path
}
selected_cves.append(info)
return selected_cves
REGEX = os.environ['REGEX']
patten = re.compile(REGEX, flags=re.IGNORECASE)
cve_dir = './cvelist'
cves = get_cves(cve_dir, patten)
with open('./cves.json', 'w') as f:
f.write(json.dumps(cves, indent=4))
shell: python
- name: python script update dir
run: |
import json
import os
import time
def generate_README(cves: list):
stamp = f'\nLastUpdate: {time.asctime()}'
cves.sort(key=lambda x: x['id'], reverse=True)
add = '\n## Auto Selected CVEs\n'
for cve in cves:
info = f"\n### {cve['id']}\n" \
f"+ baseScore: {cve['baseScore']}\n" \
f"+ baseSeverity: {cve['baseSeverity']}\n" \
f"+ [More info about {cve['id']} on NVD]({cve['url']})\n" \
f"\n{cve['description']}\n"
add = add + info
with open('./main/README.md', 'r', encoding='utf-8') as f:
content = f.read()
pos = content.find('\n## Auto Selected CVEs\n')
new_content = content[:pos] + add + stamp
with open('./main/README.md', 'w', encoding='utf-8') as f:
f.write(new_content)
root_path = './main'
with open('./main/cves.json', 'r') as f_old:
old_data = json.load(f_old)
with open('cves.json', 'r') as f_new:
new_data = json.load(f_new)
if old_data == new_data:
os.popen('echo $(date): No new CVEs. >> ./main/UpdateNote.txt')
else:
os.popen('echo $(date): Updated! >> ./main/UpdateNote.txt')
os.popen(f'cp ./cves.json ./main/cves.json')
for cve in new_data:
cve_path = os.path.join(root_path, cve['id'])
if not os.path.isdir(cve_path):
os.mkdir(cve_path)
os.popen(f'cp {cve["_path"]} {cve_path}')
generate_README(new_data)
shell: python
- name: auto push
run: |
cd main
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "generated"
git push