#!/usr/bin/perl
#
# This script takes a comma seperated file with missing CVE entries
# and can add them to the vuln.xml document.
#

my $date = `date "+%Y-%m-%d"`;
my %cves;
chomp($date);
my $total=25;
my $CVEURL = "http://cve.mitre.org/cgi-bin/cvename.cgi?name=";
my $VUXURL = "http://www.vuxml.org/freebsd/";

if(!defined $ARGV[0]) {
	die("Usage: <cve file> <vuln.xml> <outfile>\n");
}

open(CFILE, "<$ARGV[0]") || die("Cannot open $ARGV[0]: $!\n");
open(VFILE, "<$ARGV[1]") || die("Cannot open $ARGV[0]: $!\n");
open(OUTFILE, ">$ARGV[2]") || die("Cannot open $ARGV[0]: $!\n");

while(<CFILE>) {
  my ($id,$cve,$url) = split(/,/,$_);
  chomp($url);
  $cves{$id}{$cve} = $url;
}

close(CFILE);

my $vid;
my $mod;
my $cnt;
while(<VFILE>) {
  my $line = $_;

  if(defined $mod && ($line =~ /<\/dates>/ || $line =~ /<modified>/)) {
    print OUTFILE "      <modified>$date</modified>\n";
    if($line =~ /<\/dates>/) {
      print OUTFILE $line;
    }
    $mod = undef;
    next;
  }

  print OUTFILE $line;
  next if($cnt == $total);

  if(defined $vid && $line =~ /<references>/) {
    foreach my $cve (keys %{$cves{$vid}}) {

      print "URL: $cves{$vid}{$cve}\n";
      print "CVE: $CVEURL$cve\n";
      print "VID: $VUXURL/$vid.html\n";
      print "Do you want to add: $cve (y/n) ?\n";

      my $answer = <STDIN>;
      if($answer =~ /n/) {
	next;
      }

      print OUTFILE "      <!-- $cves{$vid}{$cve} -->\n";    
      print OUTFILE "      <!-- $CVEURL$cve -->\n";    
      print OUTFILE "      <cvename>$cve</cvename>\n";
    }
    $vid = undef;
    $mod = $date;
  }

  if($line =~ /vid=\"(.*)\"/) {
    my $v = $1;
    if(exists $cves{$v}) {
      $cnt++;
      $vid = $v;
    }
  }
}
close(OUTFILE);
close(VFILE);