Add 'showjson' command to output an advisory in OSV JSON

Open Source Vulnerability format is a standard for publishing
vulnerabilities in Open Source projects and is defined at
https://ossf.github.io/osv-schema/

1 files changed, 94 insertions, 0 deletions

diff --git a/tmpl/advisory.json b/tmpl/advisory.json
new file mode 100644
index 0000000..475012f
--- /dev/null
+++ b/tmpl/advisory.json
@@ -0,0 +1,94 @@
+[% USE date -%]
+[% PERL -%]
+use JSON;
+[% END -%]
+[% MACRO jsonvar(var) PERL -%]
+# JSON-encode the given variable, including quotes
+print JSON::encode_json($stash->get($stash->get('var')));
+[% END %]
+[%- SET adv = advdb.advisories.$advisory -%]
+{
+  "schema_version": "1.6.2",
+  "id": [% jsonvar('advisory') %],
+  "published": "[% date.format(adv.status.published, format => '%Y-%m-%dT%H:%M:%SZ', gmt => 1) %]",
+  "summary": [% jsonvar('adv.subject') %],
+  "details": [% jsonvar('adv.description') %],
+[% IF adv.CVE && adv.CVE.list.size != 0 -%]
+  "related": [
+[% FOREACH cve IN adv.CVE -%]
+    [% jsonvar('cve') -%]
+[% "," IF ! loop.last %]
+[% END -%]
+  ],
+[% END -%]
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "[% config.site_url %]/[% basename.ID(advisory) %].html"
+    }
+[%- "," IF adv.references && adv.references.list.size != 0 %]
+[% FOREACH ref IN adv.references -%]
+    {
+      "type": "REPORT",
+      "url": [% jsonvar('ref') %]
+    }
+[%- "," IF ! loop.last %]
+[% END -%]
+  ],
+  "affected": [
+[% USE srciter = iterator(adv.src.keys) -%]
+[% FOREACH rel IN srciter -%]
+[% USE mediaiter = iterator(adv.src.$rel.keys) -%]
+[% FOREACH media IN mediaiter -%]
+[% FOREACH srpm IN adv.src.$rel.$media -%]
+    {
+      "package": {
+        "ecosystem": "Mageia:[% rel %]",
+[% USE pkg = String(srpm) -%]
+[% FOREACH part IN pkg.split('-[\w\.+~^]+-[\w\.]+\.mga\d+') -%]
+[% SET pkgname = part -%]
+[% LAST -%]
+[% END -%]
+        "name": [% jsonvar('pkgname') %],
+[% CALL pkg.shift(pkgname) -%]
+[% CALL pkg.shift('-') -%]
+[% SET pkgver = pkg.text -%]
+[% USE purl = String('pkg:rpm/mageia/') -%]
+[% CALL purl.push(pkgname) -%]
+[% CALL purl.push('?distro=mageia-') -%]
+[% CALL purl.push(rel) -%]
+[% SET purltext = purl.text -%]
+        "purl": [% jsonvar('purltext') %]
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": [% jsonvar('pkgver') %]
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "section": [% jsonvar('media') %]
+      }
+    }
+[%- "," IF ! loop.last || ! mediaiter.last || ! srciter.last %]
+[% END %]
+[%- END -%]
+[%- END -%]
+  ],
+  "credits": [
+    {
+      "name": "Mageia",
+      "type": "COORDINATOR",
+      "contact": [
+        "https://wiki.mageia.org/en/Packages_Security_Team"
+      ]
+    }
+  ]
+}