diff options
| author |   Bjoern Tropf <asymmail@googlemail.com> | 2009-07-24 14:15:02 +0200 |
|---|---|---|
| committer | Bjoern Tropf <asymmail@googlemail.com> | 2009-07-24 14:15:02 +0200 |
| commit | 6d2c17472f1b367898f688ffcfc8f4f3014954d9 (patch) | |
| tree | 2d544c559b348b496f5ca0ddf2ff0d15906b2e1b | |
| parent | Change max line length to 79 (diff) | |
| download | kernel-check-6d2c17472f1b367898f688ffcfc8f4f3014954d9.tar.gz kernel-check-6d2c17472f1b367898f688ffcfc8f4f3014954d9.tar.bz2 kernel-check-6d2c17472f1b367898f688ffcfc8f4f3014954d9.zip | |
Add findcommit to the kernel-check project
* Change output (colors, readability)
* Add GITPATH variable
* Encapsulate input (.*input.*)
* Check last interval
* Fix "remotes" error
* Fix typo (LASTFIXEDBRANCH)
* Fix indents
| -rwxr-xr-x | collector.py | 7 | ||||
| -rwxr-xr-x | findcommit | 56 | ||||
| -rw-r--r-- | guidexml.py | 2 | ||||
| -rwxr-xr-x | kernel-check.py | 5 | ||||
| -rwxr-xr-x | kernellib.py | 129 | ||||
| -rw-r--r-- | testsuite.py | 2 |
6 files changed, 128 insertions, 73 deletions
diff --git a/collector.py b/collector.py index 0b41479..e7edcc8 100755 --- a/collector.py +++ b/collector.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python # kernel-check -- Kernel security information # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 @@ -111,14 +111,13 @@ def usage(): 'Prints the usage screen' print 'Usage: %s [OPTION]...' % sys.argv[0][:-3] - print 'Kernel security information\r\n' + print 'Kernel security information %s\r\n' % lib.VERSION print ' -d, --delay [ticks] add delay to xml file creation' print ' -f, --force force update of xml files' print ' -h, --help display help information' print ' -t, --tree [dir] set the portage path' - print ' -s, --skip skip update of earlier xml files' + print ' -s, --skip skip update of prior nvd files' print ' -v, --verbose display debugging information' - print '\r\nVersion: %s' % lib.VERSION sys.exit() diff --git a/findcommit b/findcommit new file mode 100755 index 0000000..47acbe7 --- /dev/null +++ b/findcommit @@ -0,0 +1,56 @@ +#!/bin/sh + +TEXT=".*$@.*" +GITPATH="./" + +KNOWNCOMMITS="" +LASTFIXEDBRANCH="" +WHITEBOARD="" + +GOOD=$'\e[32;01m' +BAD=$'\e[31;01m' +BRACKET=$'\e[34;01m' +NORMAL=$'\e[0m' + +GITPATH="--git-dir=$GITPATH.git --work-tree=$GITPATH" +BRANCHES="`git $GITPATH branch -a | grep linux` origin/master" +for B in $BRANCHES ; do + COMMITS="`git $GITPATH rev-list --pretty=oneline "$B" | grep "$TEXT" | cut -d " " -f 1`" + for C in $COMMITS ; do + if [[ "${KNOWNCOMMITS/$C/}" == "$KNOWNCOMMITS" ]] ; then + TAG="`git $GITPATH describe --contains --all "$C"`" + DESC="`git $GITPATH --no-pager log -1 --pretty=short "$C"`" + DESC="`echo "$DESC" | tr -s "\n" `" + DESC="${TAG/tags\//\n${GOOD}label${NORMAL} }\n${DESC}" + DESC="${DESC/commit/${GOOD}commit${NORMAL}}" + DESC="${DESC/Author:/${GOOD}author${NORMAL}}" + DESC="${DESC/ /${GOOD}title${NORMAL} ${BRACKET}}${NORMAL}\n" + echo -e "$DESC" + + VERSION="${TAG/tags\/v/}" + VERSION="${VERSION/~*/}" + VERSION="${VERSION/^*/}" + + if [ "$B" != "origin/master" ] ; then + THISBRANCH="${B/remotes\/origin\/linux-/}" + THISBRANCH="${THISBRANCH/.y/}" + REVISION="${THISBRANCH/*./}" + MAJORMINOR="${THISBRANCH/.${REVISION}/}" + let REVISION=REVISION+1 + NEXTBRANCH="${MAJORMINOR}.${REVISION}" + fi + if [ -z "$LASTFIXEDBRANCH" ] ; then + WHITEBOARD="$WHITEBOARD [linux <${VERSION}]" + else + if [ "${LASTFIXEDBRANCH}" == "${VERSION/-rc*/}" ] ; then + WHITEBOARD="${WHITEBOARD} ${BAD}[linux >=${LASTFIXEDBRANCH} <${VERSION}]${NORMAL}" + else + WHITEBOARD="${WHITEBOARD} [linux >=${LASTFIXEDBRANCH} <${VERSION}]" + fi + fi + LASTFIXEDBRANCH=$NEXTBRANCH + KNOWNCOMMITS="$KNOWNCOMMITS $C" + fi + done +done +echo -e "${GOOD}Whiteboard${NORMAL}\n${WHITEBOARD:1}\n" diff --git a/guidexml.py b/guidexml.py index fed852d..d6babb8 100644 --- a/guidexml.py +++ b/guidexml.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python # guidexml -- guidexml class for python # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 diff --git a/kernel-check.py b/kernel-check.py index 970c49b..3c1d944 100755 --- a/kernel-check.py +++ b/kernel-check.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python # kernel-check -- Kernel security information # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 @@ -112,13 +112,12 @@ def usage(): 'Prints the usage screen' print 'Usage: %s [OPTION]...' % sys.argv[0][:-3] - print 'Kernel security information\r\n' + print 'Kernel security information %s\r\n' % lib.VERSION print ' -h, --help display help information' print ' -n, --nocolor disable colors' print ' -r, --report [file] create a security report' print ' -s, --show [bugid] display information about a bug' print ' -v, --verbose display debugging information' - print '\r\nVersion: %s' % lib.VERSION sys.exit() diff --git a/kernellib.py b/kernellib.py index 297a93e..de30723 100755 --- a/kernellib.py +++ b/kernellib.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python # kernel-check -- Kernel security information # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 @@ -15,52 +15,53 @@ import portage import re import urllib -ARCHES = ['all', 'alpha', 'amd64', 'amd64-fbsd', 'arm', 'hppa', 'ia64', 'm68k', - 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'sparc-fbsd', 'x86', - 'x86-fbsd'] +ARCHES = [ + 'all', 'alpha', 'amd64', 'amd64-fbsd', 'arm', 'hppa', 'ia64', 'm68k', + 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'sparc-fbsd', 'x86', + 'x86-fbsd' +] BUGORDER = ['bugid', 'reporter', 'reported', 'status', 'arch', 'affected'] CVEORDER = ['cve', 'published', 'desc', 'severity', 'vector', 'score', 'refs'] -#TODO Check lookaround of 'grpall' +#TODO Check lookaround of 'grp_all' REGEX = { 'bugzilla' : re.compile(r'(?<=bug.cgi\?id=)\d*'), - 'gpatches_v' : re.compile(r'(?<=K_GENPATCHES_VER\=\").+(?=\")'), - 'gpatches_w' : re.compile(r'(?<=K_WANT_GENPATCHES\=\").+(?=\")'), - - 'grpall' : re.compile(r'(?<=\()[ (]*CVE-(\d{4})([-,(){}|, \d]+)(?=\))'), - 'grpsplit' : re.compile(r'(?<=\D)(\d{4})(?=\D|$)'), - 'nomatch' : re.compile(r'.*GENERIC-MAP-NOMATCH.*'), - - 'wb_match' : re.compile(r'\s*\[\s*([^ +<=>]+)\s*(\+?)\s*([<=>]{1,2})\s' \ - r'*([^ <=>\]]+)\s*(?:([<=>]{1,2})\s*([^ \]]+))' \ - r'?\s*\]\s*(.*)'), - 'wb_version' : re.compile(r'^(?:\d{1,2}\.){0,3}\d{1,2}(?:[-_](?:r|rc)?\d' \ - r'{1,2})*$'), - - 'version' : re.compile(r'^((?:\d{1,2}\.){0,4}\d{1,2})(-.*)?$'), - 'rcd' : re.compile(r'^rc\d{1,3}$'), - 'gitd' : re.compile(r'^git(\d{1,3})$'), - 'rd' : re.compile(r'^r\d{1,3}$') + 'gp_version' : re.compile(r'(?<=K_GENPATCHES_VER\=\").+(?=\")'), + 'gp_want' : re.compile(r'(?<=K_WANT_GENPATCHES\=\").+(?=\")'), + 'grp_all' : re.compile(r'(?<=\()[ (]*CVE-(\d{4})' \ + r'([-,(){}|, \d]+)(?=\))'), + 'grp_split' : re.compile(r'(?<=\D)(\d{4})(?=\D|$)'), + 'm_nomatch' : re.compile(r'.*GENERIC-MAP-NOMATCH.*'), + 'wb_match' : re.compile(r'\s*\[\s*([^ +<=>]+)\s*(\+?)' \ + r'\s*([<=>]{1,2})\s*([^ <=>\]' \ + r']+)\s*(?:([<=>]{1,2})\s*([^' \ + r' \]]+))?\s*\]\s*(.*)'), + 'wb_version' : re.compile(r'^(?:\d{1,2}\.){0,3}\d{1,2}' \ + r'(?:[-_](?:r|rc)?\d{1,2})*$'), + 'k_version' : re.compile(r'^((?:\d{1,2}\.){0,4}\d{1,2})(-.*)?$'), + 'rc_kernel' : re.compile(r'^rc\d{1,3}$'), + 'git_kernel' : re.compile(r'^git(\d{1,3})$'), + 'r_kernel' : re.compile(r'^r\d{1,3}$') } -GENERAL_KERNEL = ['aa', 'acpi', 'ac', 'alpha', 'arm', 'as', 'cell', 'ck', - 'compaq', 'crypto', 'development', 'gaming','gentoo-dev', - 'gentoo', 'gentoo-test', 'gfs', 'git', 'grsec', 'gs', - 'hardened-dev', 'hardened', 'hppa-dev', 'hppa', 'ia64', - 'kurobox', 'linux', 'lolo', 'mips-prepatch', 'mips', 'mjc', - 'mm', 'mosix', 'openblocks', 'openmosix','openvz', 'pac', - 'pegasos-dev', 'pegasos', 'pfeifer', 'planet-ccrma', 'ppc64', - 'ppc-development', 'ppc-dev', 'ppc', 'redhat', 'rsbac-dev', - 'rsbac', 'selinux', 'sh', 'sparc-dev', 'sparc', 'suspend2', - 'systrace', 'tuxonice', 'uclinux', 'usermode', - 'vanilla-prepatch', 'vanilla', 'vanilla-tiny', 'vserver-dev', - 'vserver', 'win4lin', 'wolk-dev', 'wolk', 'xbox', 'xen', - 'xfs'] - -GENTOO_KERNEL = ['cell', 'mips', 'tuxonice', 'mm', 'usermode', 'gentoo', - 'vanilla', 'git', 'openvz', 'vserver', 'hardened', 'sh', - 'xbox', 'sparc', 'xen'] +GENERAL_KERNEL = [ + 'aa', 'acpi', 'ac', 'alpha', 'arm', 'as', 'cell', 'ck', 'compaq', 'crypto', + 'development', 'gaming','gentoo-dev', 'gentoo', 'gentoo-test', 'gfs', + 'git', 'grsec', 'gs', 'hardened-dev', 'hardened', 'hppa-dev', 'hppa', + 'ia64', 'kurobox', 'linux', 'lolo', 'mips-prepatch', 'mips', 'mjc', 'mm', + 'mosix', 'openblocks', 'openmosix','openvz', 'pac', 'pegasos-dev', + 'pegasos', 'pfeifer', 'planet-ccrma', 'ppc64', 'ppc-development', + 'ppc-dev', 'ppc', 'redhat', 'rsbac-dev', 'rsbac', 'selinux', 'sh', + 'sparc-dev', 'sparc', 'suspend2', 'systrace', 'tuxonice', 'uclinux', + 'usermode', 'vanilla-prepatch', 'vanilla', 'vanilla-tiny', 'vserver-dev', + 'vserver', 'win4lin', 'wolk-dev', 'wolk', 'xbox', 'xen', 'xfs' +] + +GENTOO_KERNEL = [ + 'cell', 'mips', 'tuxonice', 'mm', 'usermode', 'gentoo', 'vanilla', 'git', + 'openvz', 'vserver', 'hardened', 'sh', 'xbox', 'sparc', 'xen' +] VERSION = '0.5.3' NOCVE = 'GENERIC-MAP-NOMATCH' @@ -69,7 +70,7 @@ VERBOSE = False FORCE = False SKIP = False DELAY = 0 -TREE = '/usr/portage' #FIXME +TREE = '/usr/portage' #FIXME Use python api / path != /usr/portage ? FOLDER = { 'tmp' : 'tmp', 'out' : 'out', @@ -156,9 +157,9 @@ class Cve: class Genpatch: 'Genpatch class' - base = bool() - extras = bool() - kernel = None + base = bool() + extras = bool() + kernel = None version = str() def __init__(self, version): @@ -190,8 +191,8 @@ class Kernel: 'Kernel class' revision = str() - source = str() - version = str() + source = str() + version = str() def __init__(self, source): self.source = source @@ -213,14 +214,14 @@ class Kernel: class Vulnerability: 'Vulnerability class' - arch = str() - bugid = int() + arch = str() + bugid = int() cvelist = list() - cves = list() + cves = list() affected = list() reported = str() reporter = str() - status = str() + status = str() def __init__(self, bugid): self.bugid = bugid @@ -240,12 +241,12 @@ class Interval: expand: a boolean indicating if the interval is shadowing other intervals """ - name = str() - lower = str() - upper = str() + name = str() + lower = str() + upper = str() lower_i = bool() upper_i = bool() - expand = str() + expand = str() def __init__(self, name, lower, upper, lower_i, upper_i, expand): if name == 'linux' or name == 'genpatches': @@ -376,8 +377,8 @@ def extract_genpatch(ebuild, directory, sources): content = ebuild_file.read() try: - genpatch_v = REGEX['gpatches_v'].findall(content)[0] - genpatch_w = REGEX['gpatches_w'].findall(content)[0] + genpatch_v = REGEX['gp_version'].findall(content)[0] + genpatch_w = REGEX['gp_want'].findall(content)[0] except: return None @@ -602,11 +603,11 @@ def extract_cves(string): cves = list() string = string.replace('CAN', 'CVE') - if string in REGEX['nomatch'].findall(string): + if string in REGEX['m_nomatch'].findall(string): return [NOCVE] - for (year, split_cves) in REGEX['grpall'].findall(string): - for cve in REGEX['grpsplit'].findall(split_cves): + for (year, split_cves) in REGEX['grp_all'].findall(string): + for cve in REGEX['grp_split'].findall(split_cves): cves.append('CVE-%s-%s' % (year, cve)) return cves @@ -749,8 +750,8 @@ def from_whiteboard(whiteboard): if not match: raise InvalidWhiteboardError(whiteboard) - name = match.group(1) - exp = match.group(2) + name = match.group(1) + exp = match.group(2) comp1 = match.group(3) vers1 = match.group(4) comp2 = match.group(5) @@ -800,7 +801,7 @@ def from_whiteboard(whiteboard): def extract_version(release): 'Extracts revision, source and version out of a release tag' - match = REGEX['version'].match(release) + match = REGEX['k_version'].match(release) if not match: debug('[Error] Release %s does not contain any valid information' % release) @@ -815,12 +816,12 @@ def extract_version(release): for elem in (rest or '').split('-'): if elem == 'sources': pass - elif REGEX['rcd'].match(elem): + elif REGEX['rc_kernel'].match(elem): kernel.version += '_' + elem - elif REGEX['gitd'].match(elem): + elif REGEX['git_kernel'].match(elem): kernel.source = 'git' kernel.revision = 'r' + REGEX['gitd'].match(elem).groups()[0] - elif REGEX['rd'].match(elem): + elif REGEX['r_kernel'].match(elem): kernel.revision = elem elif elem in GENERAL_KERNEL: if elem in GENTOO_KERNEL: diff --git a/testsuite.py b/testsuite.py index 5bc522e..3d0896e 100644 --- a/testsuite.py +++ b/testsuite.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python import unittest import sys |