summaryrefslogtreecommitdiffstats
path: root/scripts/secbugsreport.pl
blob: ccc92fd995a4747b35cfa90066c783ad8cbaa504 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/perl

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
#
# Usage secbugsreport.pl YYYY MM DD, e.g. secbugsreport.pl $(date +'%Y %m %d')

use 5.10.1;
use strict;
use warnings;

use lib qw(. lib local/lib/perl5);

use Bugzilla;
use Bugzilla::Component;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Mailer;
use Bugzilla::Report::SecurityRisk;

use DateTime;
use URI;
use JSON::MaybeXS;

BEGIN { Bugzilla->extensions }
Bugzilla->usage_mode(USAGE_MODE_CMDLINE);

exit 0 unless Bugzilla->params->{report_secbugs_active};
exit 0 unless defined $ARGV[0] && defined $ARGV[1] && defined $ARGV[2];

my $html;
my $template = Bugzilla->template();
my $end_date
  = DateTime->new(year => $ARGV[0], month => $ARGV[1], day => $ARGV[2]);
my $start_date   = $end_date->clone()->subtract(months => 6);
my $report_week  = $end_date->ymd('-');
my $products     = decode_json(Bugzilla->params->{report_secbugs_products});
my $sec_keywords = ['sec-critical', 'sec-high'];
my $report       = Bugzilla::Report::SecurityRisk->new(
  start_date   => $start_date,
  end_date     => $end_date,
  products     => $products,
  sec_keywords => $sec_keywords
);
my $vars = {
  urlbase         => Bugzilla->localconfig->{urlbase},
  report_week     => $report_week,
  products        => $products,
  sec_keywords    => $sec_keywords,
  results         => $report->results,
  build_bugs_link => \&build_bugs_link,
};

$template->process('reports/email/security-risk.html.tmpl', $vars, \$html)
  or ThrowTemplateError($template->error());

# For now, only send HTML email.
my $email = Email::MIME->create(
  header_str => [
    From              => Bugzilla->params->{'mailfrom'},
    To                => Bugzilla->params->{report_secbugs_emails},
    Subject           => "Security Bugs Report for $report_week",
    'X-Bugzilla-Type' => 'admin'
  ],
  attributes => {
    content_type => 'text/html',
    charset      => 'UTF-8',
    encoding     => 'quoted-printable',
  },
  body_str => $html,
);

MessageToMTA($email);

sub build_bugs_link {
  my ($arr, $product) = @_;
  my $uri = URI->new(Bugzilla->localconfig->{urlbase} . 'buglist.cgi');
  $uri->query_param(bug_id => (join ',', @$arr));
  $uri->query_param(product => $product) if $product;
  return $uri->as_string;
}