Skip to content
Snippets Groups Projects

Resolve #3524567 "Create cves for"

Merged Resolve #3524567 "Create cves for"
issue/securitydrupalorg-3524567:3524567-create-cves-for into 7.x-1.x
Merged Greg Knaddison requested to merge issue/securitydrupalorg-3524567:3524567-create-cves-for into 7.x-1.x
Compare
and
1 file
+ 14
1
Compare changes
  • Side-by-side
  • Inline
scripts/cves/advisory-to-cvejson.php
+ 14
1
@@ -108,6 +108,13 @@ function get_cwe_capec_from_advisory_url($advisory_url) {
@@ -108,6 +108,13 @@ function get_cwe_capec_from_advisory_url($advisory_url) {
$advisories = [
$advisories = [
// This is a spot for manual update.
// This is a spot for manual update.
// Template: 'https://www.drupal.org/sa-contrib-2025-ZZZ' => ['CWE' => '', 'CWE-DESC' => '', 'CAPEC' => '', 'CAPEC-DESC' => ''],
// Template: 'https://www.drupal.org/sa-contrib-2025-ZZZ' => ['CWE' => '', 'CWE-DESC' => '', 'CAPEC' => '', 'CAPEC-DESC' => ''],
 
'https://www.drupal.org/sa-contrib-2025-063' => ['CWE' => '294', 'CWE-DESC' => 'Authentication Bypass by Capture-replay', 'CAPEC' => '555', 'CAPEC-DESC' => 'Remote Services with Stolen Credentials'],
 
'https://www.drupal.org/sa-contrib-2025-062' => ['CWE' => '288', 'CWE-DESC' => 'Authentication Bypass Using an Alternate Path or Channel', 'CAPEC' => '554', 'CAPEC-DESC' => 'Functionality Bypass'],
 
'https://www.drupal.org/sa-contrib-2025-061' => ['CWE' => '288', 'CWE-DESC' => 'Authentication Bypass Using an Alternate Path or Channel', 'CAPEC' => '554', 'CAPEC-DESC' => 'Functionality Bypass'],
 
'https://www.drupal.org/sa-contrib-2025-060' => ['CWE' => '862', 'CWE-DESC' => 'Missing Authorization', 'CAPEC' => '212', 'CAPEC-DESC' => 'Functionality Misuse'],
 
'https://www.drupal.org/sa-contrib-2025-059' => ['CWE' => '770', 'CWE-DESC' => 'Allocation of Resources Without Limits or Throttling', 'CAPEC' => '130', 'CAPEC-DESC' => 'Excessive Allocation'],
 
'https://www.drupal.org/sa-contrib-2025-058' => ['CWE' => '79', 'CWE-DESC' => 'Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\')', 'CAPEC' => '63', 'CAPEC-DESC' => 'Cross-Site Scripting (XSS)'],
 
// Advanced File Destination. Not sure if this should get a CVE? 'https://www.drupal.org/sa-contrib-2025-057' => ['CWE' => '', 'CWE-DESC' => '', 'CAPEC' => '', 'CAPEC-DESC' => ''],
'https://www.drupal.org/sa-contrib-2025-056' => ['CWE' => '288', 'CWE-DESC' => 'Authentication Bypass Using an Alternate Path or Channel', 'CAPEC' => '115', 'CAPEC-DESC' => 'Authentication Bypass'],
'https://www.drupal.org/sa-contrib-2025-056' => ['CWE' => '288', 'CWE-DESC' => 'Authentication Bypass Using an Alternate Path or Channel', 'CAPEC' => '115', 'CAPEC-DESC' => 'Authentication Bypass'],
'https://www.drupal.org/sa-contrib-2025-055' => ['CWE' => '862', 'CWE-DESC' => 'Missing Authorization', 'CAPEC' => '87', 'CAPEC-DESC' => 'Forceful Browsing'],
'https://www.drupal.org/sa-contrib-2025-055' => ['CWE' => '862', 'CWE-DESC' => 'Missing Authorization', 'CAPEC' => '87', 'CAPEC-DESC' => 'Forceful Browsing'],
'https://www.drupal.org/sa-contrib-2025-054' => ['CWE' => '352', 'CWE-DESC' => 'Cross-Site Request Forgery (CSRF)', 'CAPEC' => '62', 'CAPEC-DESC' => 'Cross Site Request Forgery'],
'https://www.drupal.org/sa-contrib-2025-054' => ['CWE' => '352', 'CWE-DESC' => 'Cross-Site Request Forgery (CSRF)', 'CAPEC' => '62', 'CAPEC-DESC' => 'Cross Site Request Forgery'],
@@ -249,7 +256,7 @@ function get_cwe_capec_from_advisory_url($advisory_url) {
@@ -249,7 +256,7 @@ function get_cwe_capec_from_advisory_url($advisory_url) {
return ['cwe' => $cwe, 'capec' => $capec];
return ['cwe' => $cwe, 'capec' => $capec];
}
}
// URL of the JSON data. The limit should be set to however many CVEs have not been published yet.
// URL of the JSON data. The limit parameter should be set to however many CVEs have not been published yet.
// This is a spot for manual update.
// This is a spot for manual update.
$url = 'https://www.drupal.org/api-d7/node.json?type=sa&sort=created&direction=DESC&limit=6&page=0';
$url = 'https://www.drupal.org/api-d7/node.json?type=sa&sort=created&direction=DESC&limit=6&page=0';
@@ -273,6 +280,12 @@ if (isset($jsonData['list']) && is_array($jsonData['list'])) {
@@ -273,6 +280,12 @@ if (isset($jsonData['list']) && is_array($jsonData['list'])) {
error_log('Skipping because its got its own cve: '. $item['url']);
error_log('Skipping because its got its own cve: '. $item['url']);
continue;
continue;
}
}
 
// Skip for this unsupported advisory for now.
 
// This is a spot for manual update.
 
if (in_array($item['url'], ['https://www.drupal.org/sa-contrib-2025-057'])) {
 
error_log('Skipping because we should decide who to give credit and how many CVEs to do: '. $item['url']);
 
continue;
 
}
// Skip those created before 2025. This is created+1 for sa-contrib-2025-001.
// Skip those created before 2025. This is created+1 for sa-contrib-2025-001.
if ($item['created'] < 1736356930) {
if ($item['created'] < 1736356930) {
error_log('Skipping because its too old: '. $item['url']);
error_log('Skipping because its too old: '. $item['url']);