Re: Analysis vulnerabilities associated to published security advisories, anyone?
On Wednesday 09 March 2005 19:13, Steve Kemp wrote:
> A simple script I wrote did that for me already - although there are
> some fixups required as we seem to have a few different spellings
> for different things. eg. sanitizing vs sanitising.
>
> You can see the simple output here along with input and output.
>
> http://people.debian.org/~skx/2005/
Nice script. I fixed it up to sanitise 'sanitizations' and sort output by
count. diff attached.
Regards, David
--
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium ;)
-- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15
--- count.pl.txt 2005-03-09 19:10:11.000000000 +0100
+++ count.new 2005-03-09 20:03:41.135075072 +0100
@@ -15,6 +15,11 @@
my $package = $3;
my $type = $4;
+ $type =~ s/ *$//;
+ $type =~ s/(overflow|file)s$/$1/;
+ $type =~ s/saniti[zs]ing|validation/validation/;
+ $type =~ s/unsanitised input/missing input validation/;
+
$HASH{ $type } += 1; # Increase type of flaw.
$DSA{ $type } .= " " . $id ;
}
@@ -28,7 +33,8 @@
## Simple HTML output
##
-foreach my $key ( sort( keys %HASH ) )
+print "<table>";
+foreach my $key ( sort { $HASH{$b} <=> $HASH{$a} } keys %HASH )
{
print "<tr bgcolor=\"#cccccc\"><td>" . $key . "</td><td>" . $HASH{ $key } . "</tr>\n";
@@ -42,3 +48,4 @@
}
print "</td></tr>\n";
}
+print "</table>";
Reply to: