summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-11-21 15:49:02 +0100
committerBjoern Tropf <asym@gentoo.org>2009-11-21 15:49:02 +0100
commit1318958dfbe3d98b7eb4c7e34279778d11d134f7 (patch)
tree622069994b374b681c46209d5340acb0aee2cc2b
parentFix a typo (diff)
downloadkernel-check-1318958dfbe3d98b7eb4c7e34279778d11d134f7.tar.gz
kernel-check-1318958dfbe3d98b7eb4c7e34279778d11d134f7.tar.bz2
kernel-check-1318958dfbe3d98b7eb4c7e34279778d11d134f7.zip
Output design idea
-rw-r--r--pym/kernelcheck/__init__.py (renamed from src/kernelcheck/__init__.py)0
-rwxr-xr-xpym/kernelcheck/kernelcheck.py (renamed from src/kernelcheck/kernelcheck.py)152
-rw-r--r--pym/kernelcheck/lib/__init__.py (renamed from src/kernelcheck/lib/__init__.py)0
-rw-r--r--pym/kernelcheck/lib/kernellib.py (renamed from src/kernelcheck/lib/kernellib.py)4
-rw-r--r--setup.py2
-rwxr-xr-xtools/cron.py9
6 files changed, 138 insertions, 29 deletions
diff --git a/src/kernelcheck/__init__.py b/pym/kernelcheck/__init__.py
index e69de29..e69de29 100644
--- a/src/kernelcheck/__init__.py
+++ b/pym/kernelcheck/__init__.py
diff --git a/src/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index 1587b98..0369bfb 100755
--- a/src/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -3,6 +3,10 @@
# Copyright 2009-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
+from portage.output import bold, colorize, darkgreen, green, teal #TODO
+from _emerge.stdout_spinner import stdout_spinner
+from _emerge.userquery import userquery
+
import getopt
import portage
import sys
@@ -15,6 +19,7 @@ info = portage.output.EOutput().einfo
warn = portage.output.EOutput().ewarn
error = portage.output.EOutput().eerror
color = portage.output.colorize
+spin = stdout_spinner()
term = portage.output.get_term_size()
def main(argv):
@@ -44,39 +49,75 @@ def main(argv):
elif opt in ('-v', '--verbose'):
lib.VERBOSE = True
- print '>>> Gathering system information'
+ """
+ These are the packages that would be merged, in order:
+
+ Calculating dependencies... done!
+
+ Total: 0 packages, Size of downloads: 0 kB
+
+ Nothing to merge; would you like to auto-clean packages? [Yes/No] n
+ """
+ print ''
+ print darkgreen('These are the specifications of your kernel:')
+ print ''
uname = os.uname()
if uname[0] != 'Linux':
error('This tool currently only works for Linux kernels.')
error('Apparantly you are using "%s".' % uname[0])
- sys.exit()
+ return
+ info(bold('Information:'))
+
kernel = lib.extract_version(uname[2])
if kernel is None:
error('No kernel information found!')
return
-
- info('Kernel version : %s' % (color('GOOD', '%s-%s' %
- (kernel.version, kernel.revision))))
- info('Kernel source : %s' % color('GOOD', kernel.source))
+ kernel.version = '2.6.30'
+
+ print ' %s : %s' % (darkgreen('kernel source '), kernel.source)
+ print ' %s : %s - %s' % (darkgreen('kernel version'), kernel.version,
+ kernel.revision)
kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel)
- if kernel.genpatch is not None:
- info('Gen(too)patch : %s' % color('GOOD', '%s %s' %
- (kernel.genpatch.version, repr(kernel.genpatch))))
+ if kernel.genpatch is not None:# TODO
+
+ print ' %s : %s' % (darkgreen('kernel patches'),
+ '%s %s (%s)' % ('genpatch',
+ kernel.genpatch.version,
+ repr(kernel.genpatch)))
elif kernel.source == 'gentoo':
- warn('No genpatch information found!')
+ warn('No genpatch information found!')
arch = portage.settings['ARCH']
if arch:
- info('Architecture : %s' % color('GOOD', arch))
+ print ' %s : %s' % (darkgreen('architecture '), arch)
else:
error('No architecture found!')
return
-
- print '\n>>> Reading all kernel vulnerabilities'
+
+ minaddr = str()
+ try:
+ minaddr = open('/proc/sys/vm/mmap_min_addr').read().strip()
+ except:
+ minaddr = '?'
+
+ modules = str()
+ try:
+ for line in open('/proc/modules').readlines():
+ modules += '%s ' % line.split(' ')[0]
+ except:
+ modules = '?'
+
+ print ''
+ info(bold('Configuration:'))
+ print ' %s : %s' % (darkgreen('mmap_min_addr '), minaddr)
+ print ' %s : %s' % (darkgreen('loaded modules'), modules)
+
+ print '\nDetermining vulnerabilities... done!' #TODO #spin
+ print ''
"""
supported = list()
@@ -90,11 +131,70 @@ def main(argv):
supported.append(i)
"""
- kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch)
+ kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
if not kernel_eval:
error('No kernel vulnerability files found!')
return
+ print_summary(kernel_eval.affected)
+
+
+ #TODO move to kernellib
+ low = int()
+ medium = int()
+ high = int()
+ cvss_score = float()
+ cve_amount = int()
+
+ for item in kernel_eval.affected:
+ for cve in item.cves:
+ if cve.severity == 'Low':
+ low += 1
+ if cve.severity == 'Medium':
+ medium += 1
+ if cve.severity == 'High':
+ high += 1
+ if len(kernel_eval.affected) is not 0:
+ for cve in item.cves:
+ cve_amount += 1
+ cvss_score += float(cve.score)
+
+ cvss_score = cvss_score / cve_amount
+
+ severity_eval = str()
+
+ if high is not 0:
+ severity_eval += '%s high' % high
+ if medium is not 0:
+ if high is not 0:
+ severity_eval += ', '
+ severity_eval += '%s medium' % medium
+ if low is not 0:
+ if high is not 0 or medium is not 0:
+ severity_eval += ', '
+ severity_eval += '%s low' % low
+
+ print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' \
+ % (len(kernel_eval.affected), severity_eval, cvss_score)
+
+ print ''
+
+ prompt = "Would you like to upgrade your kernel?"
+ if userquery(prompt, None) == 'No':
+ print''
+ print'Quitting.'
+ print ''
+ return
+
+ else:
+ print 'Not implemented yet ;)'
+
+ #print bold('Would you like to upgrade to the latest version? [%s/%s]' % (
+ #color('GOOD', 'Yes'), color('BAD','No'))) #TODO read
+
+ print ''
+
+ """
info('%s vulnerabilities read.' %
color('GOOD', str(kernel_eval.read)))
info('%s apply to this architecture.' %
@@ -106,11 +206,10 @@ def main(argv):
info('Your kernel is not affected by any known vulnerabilites!')
return
+
error('%s affect this kernel: ' %
color('BAD', str(len(kernel_eval.affected))))
- print_summary(kernel_eval.affected)
- """
info('You have the following choices: ')
print ''
@@ -150,11 +249,13 @@ def main(argv):
color('BAD', str(len(kernel_eval.affected))),
color('BAD', str(len(comparison.new)))))
print ''
- """
+
print_information()
print_beta()
+ """
+
def print_summary(vullist):
'Prints the vulnerability summary'
@@ -166,20 +267,23 @@ def print_summary(vullist):
whiteboard += '[' + str(interval) + '] '
if item.cves:
- print ''
-
+
for cve in item.cves:
severity = 'BAD'
if cve.severity == 'Low':
severity = 'GOOD'
elif cve.severity == 'Medium':
severity = 'WARN'
+
+ first_text = textwrap.wrap(cve.desc, term[1] - 44)[0]
+ print '[%s %26s] %s CVSS="%s" %s' % (darkgreen('bugid'),
+ color('GOOD', item.bugid),
+ darkgreen(cve.cve),
+ color(severity, cve.score),
+ teal('%s...' % first_text)
+ )
- print '\nBugid %s %-32s %s %s\n"%s..."' % (item.bugid,
- color(severity, cve.severity + ' (' + cve.score + ')'),
- cve.cve, whiteboard, cve.desc[:term[1]-6])
-
- print '\n'
+ print ''
def print_bug(bugid):
diff --git a/src/kernelcheck/lib/__init__.py b/pym/kernelcheck/lib/__init__.py
index e69de29..e69de29 100644
--- a/src/kernelcheck/lib/__init__.py
+++ b/pym/kernelcheck/lib/__init__.py
diff --git a/src/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py
index 79e26f3..5ce03ed 100644
--- a/src/kernelcheck/lib/kernellib.py
+++ b/pym/kernelcheck/lib/kernellib.py
@@ -410,7 +410,7 @@ def find_cve(cve, directory):
return None
-def eval_cve_files(directory, kernel, arch):
+def eval_cve_files(directory, kernel, arch, spin=None):
'Returns a vulnerabilty evaluation'
files = parse_cve_files(directory)
@@ -421,6 +421,8 @@ def eval_cve_files(directory, kernel, arch):
evaluation = Evaluation()
for item in files:
+ if spin: #TODO migh be useful in future release (e.g. framework)
+ spin.update()
evaluation.read += 1
if item.arch not in ARCHES:
diff --git a/setup.py b/setup.py
index 4a62ae6..58ff73a 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
author='Bjoern Tropf',
author_email='asym@gentoo.org',
url='http://dev.gentoo.org/~asym/guide.xml',
- package_dir={'': 'src'},
+ package_dir={'': 'pym'},
packages=['kernelcheck', 'kernelcheck.lib'],
scripts=['bin/kernel-check']
)
diff --git a/tools/cron.py b/tools/cron.py
index 4e37327..062da17 100755
--- a/tools/cron.py
+++ b/tools/cron.py
@@ -39,7 +39,10 @@ CONST = {
PENDING = {
'published' : '0000-00-00',
- 'desc' : 'Pending', #TODO
+ 'desc' : 'This PENDING identifier specifies all vulnerabilities ' \
+ 'which are not approved yet. PENDING is used by products, ' \
+ 'databases, and services to specify when a particular ' \
+ 'vulnerability element has been proposed as CVE entry.',
'severity' : 'Low',
'vector' : '()',
'score' : '0.0',
@@ -62,8 +65,8 @@ NOMATCH = {
PARAM = {
'delay' : 0.2,
- 'skip' : False,
- 'logfile' : os.path.join(CONST['filepath'], 'cron.log'),
+ 'skip' : True,
+ 'logfile' : False, #os.path.join(CONST['filepath'], 'cron.log'),
'tmpdir' : os.path.join(CONST['filepath'], 'tmp'),
'bugdir' : os.path.join(CONST['filepath'], 'tmp', 'bug'),
'nvddir' : os.path.join(CONST['filepath'], 'tmp', 'nvd'),