lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240311150054.2945210-1-vegard.nossum@oracle.com>
Date: Mon, 11 Mar 2024 16:00:53 +0100
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Jonathan Corbet <corbet@....net>, cve@...nel.org
Cc: linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        security@...nel.org, Vegard Nossum <vegard.nossum@...cle.com>
Subject: [RFC PATCH 1/2] docs: automarkup: linkify CVSS: strings

CVSS vectors encode the results of a vulnerability analysis.

When encountered in the documentation, create links to first.org which
can be used to explain and explore the various vector components and
their values.

Example:

- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/MPR:L

FIRST is the Forum of Incident Response and Security Teams, founded
in 1990, and is partnered and supported by many well-known organizations.

Signed-off-by: Vegard Nossum <vegard.nossum@...cle.com>
---
 Documentation/sphinx/automarkup.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Documentation/sphinx/automarkup.py b/Documentation/sphinx/automarkup.py
index a413f8dd5115..8cf95a404bc8 100644
--- a/Documentation/sphinx/automarkup.py
+++ b/Documentation/sphinx/automarkup.py
@@ -76,6 +76,11 @@ c_namespace = ''
 RE_git = re.compile(r'commit\s+(?P<rev>[0-9a-f]{12,40})(?:\s+\(".*?"\))?',
     flags=re.IGNORECASE | re.DOTALL)
 
+#
+# CVSS score vectors
+#
+RE_cvss = re.compile(r'CVSS:(?P<ver>[0-9\.]+)(/[A-Z-]{1,3}:[A-Z])+')
+
 def markup_refs(docname, app, node):
     t = node.astext()
     done = 0
@@ -93,7 +98,8 @@ def markup_refs(docname, app, node):
                            RE_union: markup_c_ref,
                            RE_enum: markup_c_ref,
                            RE_typedef: markup_c_ref,
-                           RE_git: markup_git}
+                           RE_git: markup_git,
+                           RE_cvss: markup_cvss}
 
     if sphinx.version_info[0] >= 3:
         markup_func = markup_func_sphinx3
@@ -290,6 +296,12 @@ def markup_git(docname, app, match):
     return nodes.reference('', nodes.Text(text),
         refuri=f'https://git.kernel.org/torvalds/c/{rev}')
 
+def markup_cvss(docname, app, match):
+    text = match.group(0)
+    ver = match.group('ver')
+    return nodes.reference('', nodes.Text(text),
+        refuri=f'https://www.first.org/cvss/calculator/{ver}#{text}')
+
 def auto_markup(app, doctree, name):
     global c_namespace
     c_namespace = get_c_namespace(app, name)
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ