summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-11-20 10:48:35 +0100
committerBjoern Tropf <asym@gentoo.org>2009-11-20 10:48:35 +0100
commitd68e4cb2969b47e2e126cae635e32602f6f97e4c (patch)
tree9beb494c2f32ddc39e0a886e13ae528513dbd71c
parentkernel-check 0.3.12 (diff)
downloadkernel-check-d68e4cb2969b47e2e126cae635e32602f6f97e4c.tar.gz
kernel-check-d68e4cb2969b47e2e126cae635e32602f6f97e4c.tar.bz2
kernel-check-d68e4cb2969b47e2e126cae635e32602f6f97e4c.zip
Implement pending cve in cron.py
Fix tabs in setup.py Update TODO
-rw-r--r--TODO29
-rw-r--r--setup.py4
-rwxr-xr-xtools/cron.py61
3 files changed, 52 insertions, 42 deletions
diff --git a/TODO b/TODO
index 68ef59c..9c61fcc 100644
--- a/TODO
+++ b/TODO
@@ -1,30 +1,15 @@
-Implementation
-==============
- Implement Report
-- Implement GUI
-- Implement kernel testing framwork
+- Implement the testsuite
+- Implement kernel testing framework
+- Find a way to import '-' or '_' modules
- Handle "best kernel not found"
- Add further error handling
-- Implement hardend/xen intervall
-
-Cleanup and Rework
-==================
-- Rework cron.py
-- Remove unused code and find better ways
-- Check lookaround of 'grp_all'
+- Implement hardend/xen interval
+- Add parameters to cron.py
- Rework interval class
-- Rework cves.refs
-
-Dokumentation
-=============
+- Split up cves.refs
- Use telling function- and variable names
- Write a proper documentation
-- Implement DTD
-
-Whiteboard changes
-==================
+- Implement DTD for vulnerability files
- Move arch into whiteboard e.g. {x86, amd64}
-
-Summary changes
-===============
- Explicitly mention the CVSS score e.g. (CVSS-5.6)
diff --git a/setup.py b/setup.py
index 261275a..4a62ae6 100644
--- a/setup.py
+++ b/setup.py
@@ -15,7 +15,7 @@ setup(
author_email='asym@gentoo.org',
url='http://dev.gentoo.org/~asym/guide.xml',
package_dir={'': 'src'},
- packages=['kernelcheck', 'kernelcheck.lib'],
- scripts=['bin/kernel-check']
+ packages=['kernelcheck', 'kernelcheck.lib'],
+ scripts=['bin/kernel-check']
)
diff --git a/tools/cron.py b/tools/cron.py
index ecea3de..2287922 100755
--- a/tools/cron.py
+++ b/tools/cron.py
@@ -37,7 +37,16 @@ CONST = {
'portdir' : portage.settings['PORTDIR']
}
-NOCVE = {
+PENDING = {
+ 'published' : '0000-00-00',
+ 'desc' : 'Pending', #TODO
+ 'severity' : 'Low',
+ 'vector' : '()',
+ 'score' : '0.0',
+ 'refs' : et.Element('refs')
+}
+
+NOMATCH = {
'cve' : 'GENERIC-MAP-NOMATCH',
'published' : '0000-00-00',
'desc' : 'This GENERIC identifier is not specific to any ' \
@@ -53,8 +62,8 @@ NOCVE = {
PARAM = {
'delay' : 0.2,
- 'skip' : False,
- 'logfile' : os.path.join(CONST['filepath'], 'cron.log'),
+ 'skip' : True,
+ 'logfile' : False, #os.path.join(CONST['filepath'], 'cron.log'),
'tmpdir' : os.path.join(CONST['filepath'], 'tmp'),
'bugdir' : os.path.join(CONST['filepath'], 'tmp', 'bug'),
'nvddir' : os.path.join(CONST['filepath'], 'tmp', 'nvd'),
@@ -142,15 +151,17 @@ def main(argv):
vul = parse_bz_dict(PARAM['bugdir'], item)
for cve in vul['cvelist']:
- if cve == NOCVE['cve']:
- vul['cves'] = [NOCVE['cve']]
+ if cve == NOMATCH['cve']:
+ vul['cves'] = [NOMATCH['cve']]
if len(vul['cvelist']) > 1:
- raise CronError('\'Nocve\' and valid cve: ' + item)
+ logging.error('\'Nomatch\' and valid cve: ' + item)
else:
try:
vul['cves'].append(nvd_dict[cve])
except KeyError:
- raise CronError('No Nvd entry: ' + cve)
+ logging.error('No Nvd entry: ' + cve)
+ vul['cves'].append(cve)
+ vul['pending'] = True
write_xml_file(PARAM['outdir'], vul)
created_files += 1
@@ -255,7 +266,7 @@ def parse_bz_dict(directory, bugid):
string = string.replace('CAN', 'CVE')
if string in REGEX['m_nomatch'].findall(string):
- cvelist = [NOCVE['cve']]
+ cvelist = [NOMATCH['cve']]
for (year, split_cves) in REGEX['grp_all'].findall(string):
for cve in REGEX['grp_split'].findall(split_cves):
@@ -272,10 +283,11 @@ def parse_bz_dict(directory, bugid):
'reporter' : root.find('reporter').text.lower(),
'reported' : root.find('creation_ts').text,
'status' : root.find('bug_status').text.lower(),
+ 'pending' : False;
}
for item in vul['cvelist']:
- if item != NOCVE['cve']:
+ if item != NOMATCH['cve']:
if item not in CVES:
CVES[item] = vul.bugid
else:
@@ -390,20 +402,33 @@ def write_xml_file(directory, vul):
for cve in vul['cves']:
cveroot = et.SubElement(root, 'cve')
- if cve == NOCVE['cve']:
+ if cve == NOMATCH['cve']:
for element in CONST['cveorder']:
if element == 'refs':
- cveroot.append(NOCVE[element])
+ cveroot.append(NOMATCH[element])
else:
node = et.SubElement(cveroot, element)
- node.text = NOCVE[element]
+ node.text = NOMATCH[element]
else:
- for element in CONST['cveorder']:
- if element == 'refs':
- cveroot.append(cve[element])
- else:
- node = et.SubElement(cveroot, element)
- node.text = cve[element]
+ if vul['pending']:
+ for element in CONST['cveorder']:
+ if element == 'refs':
+ cveroot.append(PENDING[element])
+ else:
+ if element == 'cve':
+ node = et.SubElement(cveroot, element)
+ node.text = cve
+ else:
+ node = et.SubElement(cveroot, element)
+ node.text = PENDING[element]
+
+ else:
+ for element in CONST['cveorder']:
+ if element == 'refs':
+ cveroot.append(cve[element])
+ else:
+ node = et.SubElement(cveroot, element)
+ node.text = cve[element]
with open(filename, 'w') as xmlout:
__indent__(root)