stats/cvuln-per-year-intro.pl at master · curl/stats · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl

# C mistakes vs non-C mistakes per year
#
my $webroot = $ARGV[0] || "../curl-www";
$csv = "$webroot/docs/releases.csv";
require "$webroot/docs/vuln.pm";

sub buginfo {
    open(C, "<$csv") || die "no CSV";
    while(<C>) {
        chomp;
        my ($index, $version, $vulns, $date) = split(';', $_);
        $release{$version} = $date;
        #print STDERR "bug: $version\n";
    }
    close(C);
}

buginfo();

for(@vuln) {
    my ($id, $start, $stop, $desc, $cve, $date,
        $report, $cwe, $award, $area, $cissue, $where, $severity)=split('\|');

    # date of introduction
    my $date = $release{$start};
    if(!$date) {
        die "bad date?";
    }
    my $year=int($date);

    if($cissue ne "-") {
        $cvuln{$year}++;
    }
    else {
        $nonc{$year}++
    }
}

my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
    localtime(time);
$year += 1900;

# go to this year
for my $y (1998 .. $year) {
    printf "%d-01-01;%d;%d\n", $y, $cvuln{$y}, $nonc{$y};
}