l4yton · May 25, 2023 15:47
diff --git a/firefox_disclosed.py b/firefox_disclosed.py
 #!/usr/bin/env python3

 import logging
 import sys
 import time
 from datetime import datetime, timedelta

 import requests
 from mastodon import Mastodon

 BUGZILLA_URL = "https://bugzilla.mozilla.org/rest/bug"


 def had_security_group_removed(bug_id: str, timestamp: str) -> bool:
    try:
        history = requests.get(BUGZILLA_URL + f"/{bug_id}/history",
                               params={
                                   "new_since": timestamp
                               },
                               timeout=10).json()
    except requests.exceptions.RequestException as e:
        logging.warn("Failed to receive history for bug:" + str(e))
        return False

    for item in history["bugs"][0]["history"]:
        for change in item["changes"]:
            if change["field_name"] == "groups" and change[
                    "removed"] == "core-security-release":
                return True

    return False


 def main() -> None:
    logging.basicConfig(filename="/var/log/firefox_disclosed.log",
                        level=logging.DEBUG)
    logging.info("Looking for new disclosed bugs...")

    timestamp = (datetime.now() -
                 timedelta(hours=24)).strftime("%Y-%m-%dT%H:%M:%SZ")
    try:
        bugs = requests.get(BUGZILLA_URL,
                            params={
                                "keywords":
                                "sec-critical,sec-high,sec-moderate,sec-low",
                                "keywords_type": "anywords",
                                "last_change_time": timestamp,
                                "limit": "200"
                            },
                            timeout=10).json()
    except requests.exceptions.RequestException as e:
        logging.error("Failed to fetch lastest bugs:" + str(e))
        return

    if len(bugs["bugs"]) == 0:
        return

    mastodon = Mastodon(
        access_token="<ACCESS_TOKEN>",
        api_base_url="https://infosec.exchange")

    for bug in bugs["bugs"]:
        # We are only interested in bugs that have a CVE assigned.
        if not (bug["alias"] and bug["alias"].startswith("CVE")):
            continue

        # Check if the bug recently got the "core-security-release" group removed, meaning that
        # it got disclosed.
        if had_security_group_removed(bug["id"], timestamp):
            # Toot!
            try:
                mastodon.toot(
                    f"{bug['summary']} ({bug['alias']}) https://bugzilla.mozilla.org/show_bug.cgi?id={bug['id']}"
                )
            except Exception as e:
                logging.warning("Failed to toot bug: " + str(e))

        time.sleep(1)


 if __name__ == "__main__":
    try:
        main()
    except KeyboardInterrupt:
        sys.exit()
	#!/usr/bin/env python3

	import logging
	import sys
	import time
	from datetime import datetime, timedelta

	import requests
	from mastodon import Mastodon

	BUGZILLA_URL = "https://bugzilla.mozilla.org/rest/bug"


	def had_security_group_removed(bug_id: str, timestamp: str) -> bool:
	try:
	history = requests.get(BUGZILLA_URL + f"/{bug_id}/history",
	params={
	"new_since": timestamp
	},
	timeout=10).json()
	except requests.exceptions.RequestException as e:
	logging.warn("Failed to receive history for bug:" + str(e))
	return False

	for item in history["bugs"][0]["history"]:
	for change in item["changes"]:
	if change["field_name"] == "groups" and change[
	"removed"] == "core-security-release":
	return True

	return False


	def main() -> None:
	logging.basicConfig(filename="/var/log/firefox_disclosed.log",
	level=logging.DEBUG)
	logging.info("Looking for new disclosed bugs...")

	timestamp = (datetime.now() -
	timedelta(hours=24)).strftime("%Y-%m-%dT%H:%M:%SZ")
	try:
	bugs = requests.get(BUGZILLA_URL,
	params={
	"keywords":
	"sec-critical,sec-high,sec-moderate,sec-low",
	"keywords_type": "anywords",
	"last_change_time": timestamp,
	"limit": "200"
	},
	timeout=10).json()
	except requests.exceptions.RequestException as e:
	logging.error("Failed to fetch lastest bugs:" + str(e))
	return

	if len(bugs["bugs"]) == 0:
	return

	mastodon = Mastodon(
	access_token="<ACCESS_TOKEN>",
	api_base_url="https://infosec.exchange")

	for bug in bugs["bugs"]:
	# We are only interested in bugs that have a CVE assigned.
	if not (bug["alias"] and bug["alias"].startswith("CVE")):
	continue

	# Check if the bug recently got the "core-security-release" group removed, meaning that
	# it got disclosed.
	if had_security_group_removed(bug["id"], timestamp):
	# Toot!
	try:
	mastodon.toot(
	f"{bug['summary']} ({bug['alias']}) https://bugzilla.mozilla.org/show_bug.cgi?id={bug['id']}"
	)
	except Exception as e:
	logging.warning("Failed to toot bug: " + str(e))

	time.sleep(1)


	if __name__ == "__main__":
	try:
	main()
	except KeyboardInterrupt:
	sys.exit()