https://github.com/msantos/cvecat
Command line utility to format and write CVE data to stdout
https://github.com/msantos/cvecat
cve
Last synced: 2 months ago
JSON representation
Command line utility to format and write CVE data to stdout
- Host: GitHub
- URL: https://github.com/msantos/cvecat
- Owner: msantos
- License: mit
- Created: 2019-12-15T15:29:51.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2024-09-15T13:44:09.000Z (9 months ago)
- Last Synced: 2025-02-13T05:30:03.910Z (4 months ago)
- Topics: cve
- Language: Go
- Size: 42 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://pkg.go.dev/codeberg.org/msantos/cvecat)
# SYNOPSIS
cvecat [*options*] *CVE-YYYY-NNNN* *...*
# DESCRIPTION
A command line utility to format and write CVE data to stdout.
cvecat takes one or more CVE identifiers as arguments and outputs the
data to standard output. If no arguments are provided, cvecat reads the
CVE identifiers from stdin, one per line.To test formatting, cvecat can read JSON data from stdin by using `-`
as an argument.The CVE data is download from the `cvelist` project on GitHub:
```
https://github.com/CVEProject/cvelistV5
```# BUILD
```
go install codeberg.org/msantos/cvecat/cmd/cvecat@latest
```* build from git repository
```
CGO_ENABLED=0 go build -trimpath -ldflags "-w" ./cmd/cvecat
```# EXAMPLES
## Write CVEs to stdout
```
cvecat CVE-2019-5007 CVE-2019-5008 CVE-2019-5009
```## Read from stdin to stdout
```
cat << EOF | cvecat
CVE-2019-5007
CVE-2019-5008
CVE-2019-5009
EOF
```## Specify Formatting
```
FORMAT='ID: {{.CVE.CveMetadata.CveID}}
Assigner: {{.CVE.CveMetadata.AssignerShortName}}
'
cvecat --format="$FORMAT" CVE-2019-6013
```## Test Formatting
```
cat CVE-2019-6013.json | cvecat --format="$FORMAT" -
```# OPTIONS
--dryrun
: Do not perform any network operations--format *string*
: Template for formatting output using the [Go template
syntax](https://golang.org/pkg/text/template/)--verbose *int*
: Enable debug messages. To see the JSON field names for use in the
template, use `verbose=3`.# ENVIRONMENT VARIABLES
CVECAT_FORMAT
:set default value for --format# Alternatives
## shell
```bash
#!/bin/bashset -o errexit
set -o nounset
set -o pipefailcve() {
CVE="$1"OFS="$IFS"
IFS="-"
set -- $CVEYEAR="$2"
ID="$3"if [ "$1" != "CVE" ]; then
exit 1
fi
if [[ ! "$2" =~ ^[0-9]{4}$ ]]; then
exit 1
fi
if [[ ! "$3" =~ ^[0-9][0-9][0-9][0-9]+$ ]]; then
exit 1
fi# https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2019/10xxx/CVE-2019-10210.json
URL="https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/$YEAR/${ID%[0-9][0-9][0-9]}xxx/$CVE.json"curl -s "$URL"
IFS="$OFS"
}for arg in "$@"; do
cve "$arg" |
jq -r '.containers.cna.descriptions[] | select(.lang == "en") | .value'
done
```