#!/bin/bash
# Copyright 2018 Canonical, Ltd
# Author: Steve Beattie <steve.beattie@canonical.com>
# License: GPLv3
#
# This script reports kernel CVEs that are missing break-fix commit
# entries

set -e
export LANG=C

. "$HOME"/.ubuntu-cve-tracker.conf

if [ -z "${linux_kernel_cve_tracker}" ] ; then
    echo "\$linux_kernel_cve_tracker is undefined in $HOME/.ubuntu-cve-tracker.conf,"
    echo "Please git clone https://github.com/nluedtke/linux_kernel_cves.git"
    echo "and add the following to $HOME/.ubuntu-cve-tracker.conf with"
    echo "the path to that clone:"
    echo
    echo "# path to a copy of the linux kernel cve tracker from"
    echo "# https://github.com/nluedtke/linux_kernel_cves.git"
    echo "linux_kernel_cve_tracker=PATH_TO_CLONE"
    echo
fi

if [ -z "${debian_kernel_cve_tracker}" ] ; then
    echo "\$debian_kernel_cve_tracker is undefined in $HOME/.ubuntu-cve-tracker.conf,"
    echo "Please git clone https://salsa.debian.org/kernel-team/kernel-sec.git"
    echo "and add the following to $HOME/.ubuntu-cve-tracker.conf with"
    echo "the path to that clone:"
    echo
    echo "# path to a copy of the debian kernel cve tracker from"
    echo "# https://salsa.debian.org/kernel-team/kernel-sec.git"
    echo "debian_kernel_cve_tracker=PATH_TO_CLONE"
    echo
fi

_CVES=$(cd "$UCT" && grep -lr '^Patches_linux:' --exclude '*boilerplate*' active/ | xargs grep -L '^ break-fix:' | sort)
for _CVE in ${_CVES} ; do
    echo "${_CVE}"
    CVE="${_CVE##active/}"
    if grep -q "${CVE}:" "${linux_kernel_cve_tracker}/data/CVEs.txt" ; then
        echo -n '  ' && grep "${CVE}:" "${linux_kernel_cve_tracker}/data/CVEs.txt"
    fi
    for _dir in active retired ; do
        if [ -f "${debian_kernel_cve_tracker}/${_dir}/${CVE}" ] ; then
            echo -n '  ' && grep "^upstream:" "${debian_kernel_cve_tracker}/${_dir}/${CVE}"
        fi
    done
done