summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-11-14 12:16:25 +0100
committerBjoern Tropf <asym@gentoo.org>2009-11-14 12:16:25 +0100
commitf12b7f41c2dff37eebedf6027cf5aa33a5994258 (patch)
treef92e712abc6dd8f4ec7b14b33e90ba96f7bba425
parentFix some bugs (diff)
downloadkernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.tar.gz
kernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.tar.bz2
kernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.zip
Implement a NOCVE dictionary
Modify BUG_ON to support exception messages Fix small typo
-rwxr-xr-xkernel-check.py2
-rw-r--r--lib/kernellib.py21
-rwxr-xr-xtools/cron.py39
3 files changed, 40 insertions, 22 deletions
diff --git a/kernel-check.py b/kernel-check.py
index a1ab21d..5241ca3 100755
--- a/kernel-check.py
+++ b/kernel-check.py
@@ -247,7 +247,7 @@ def print_beta():
'Prints a beta warning message'
print('')
- error('%s You are using a early version of kernel-check.' %
+ error('%s You are using an early version of kernel-check.' %
color('BAD', 'IMPORTANT'))
error('Please note that this tool might not operate as expected.')
diff --git a/lib/kernellib.py b/lib/kernellib.py
index bc979cd..6f91ce5 100644
--- a/lib/kernellib.py
+++ b/lib/kernellib.py
@@ -58,10 +58,10 @@ DIR = {
'nvd' : os.path.join(FILEPATH, 'tmp', 'nvd')
}
-def BUG_ON(msg):
+def BUG_ON(msg, e):
if DEBUG:
- print 'DEBUG line %s in %s(): %s' % (inspect.stack()[1][2],
- inspect.stack()[1][3], msg)
+ print 'DEBUG line %s in %s(): %s -> %s' % (inspect.stack()[1][2],
+ inspect.stack()[1][3], msg, e)
class Evaluation:
@@ -393,8 +393,8 @@ def parse_cve_files(directory):
if cve_file is not None:
files.append(cve_file)
- except AttributeError:
- pass
+ except AttributeError, e:
+ BUG_ON(item, e)
return files
@@ -519,7 +519,8 @@ def read_cve_file(directory, bugid):
with open(filename, 'r+') as xml_data:
memory_map = mmap.mmap(xml_data.fileno(), 0)
root = xml.etree.cElementTree.parse(memory_map).getroot()
- except IOError:
+ except IOError, e:
+ BUG_ON(filename, e)
return None
bugroot = root.find('bug')
@@ -539,10 +540,16 @@ def read_cve_file(directory, bugid):
for item in root:
if item.tag == 'cve':
cve = Cve(item.find('cve').text)
+ if cve is None:
+ return None
for elem in ['desc', 'published', 'refs',
'severity', 'score', 'vector']:
- setattr(cve, elem, item.find(elem).text)
+ element = item.find(elem)
+ if element is not None:
+ setattr(cve, elem, item.find(elem).text)
+ else:
+ BUG_ON(filename, '(%s, \'No such element\')' % elem)
cves.append(cve)
vul.cves = cves
diff --git a/tools/cron.py b/tools/cron.py
index 17475ab..ddf1792 100755
--- a/tools/cron.py
+++ b/tools/cron.py
@@ -21,11 +21,20 @@ class CronError(Exception):
def __init__(self, value):
self.value = value
-NOCVE = 'GENERIC-MAP-NOMATCH'
-NOCVEDESC = 'This GENERIC identifier is not specific to any vulnerability. '\
- 'GENERIC-MAP-NOMATCH is used by products, databases, and ' \
- 'services to specify when a particular vulnerability element ' \
- 'does not map to a corresponding CVE entry.'
+NOCVE = {
+ 'cve' : 'GENERIC-MAP-NOMATCH',
+ 'published' : '0000-00-00',
+ 'desc' : 'This GENERIC identifier is not specific to any ' \
+ 'vulnerability. GENERIC-MAP-NOMATCH is used by products, ' \
+ 'databases, and services to specify when a particular ' \
+ 'vulnerability element does not map to a corresponding ' \
+ 'CVE entry.',
+ 'severity' : 'Low',
+ 'vector' : '()',
+ 'score' : '0.0',
+ 'refs' : et.Element('refs')
+}
+
DELAY = 0.2
SKIP = False
MINYEAR = 2002
@@ -120,8 +129,8 @@ def main(argv):
vul = parse_bz_dict(DIR['bug'], item)
for cve in vul['cvelist']:
- if cve == NOCVE:
- vul['cves'] = [NOCVE]
+ if cve == NOCVE['cve']:
+ vul['cves'] = [NOCVE['cve']]
break #TODO Raise exception instead of break
else:
try:
@@ -230,7 +239,7 @@ def parse_bz_dict(directory, bugid):
string = string.replace('CAN', 'CVE')
if string in REGEX['m_nomatch'].findall(string):
- cvelist = [NOCVE]
+ cvelist = [NOCVE['cve']]
for (year, split_cves) in REGEX['grp_all'].findall(string):
for cve in REGEX['grp_split'].findall(split_cves):
@@ -247,7 +256,7 @@ def parse_bz_dict(directory, bugid):
}
for item in vul['cvelist']:
- if item != NOCVE:
+ if item != NOCVE['cve']:
if item not in CVES:
CVES[item] = vul.bugid
else:
@@ -362,11 +371,13 @@ def write_xml_file(directory, vul):
for cve in vul['cves']:
cveroot = et.SubElement(root, 'cve')
- if cve == NOCVE:
- node = et.SubElement(cveroot, 'cve')
- node.text = NOCVE
- node = et.SubElement(cveroot, 'desc')
- node.text = NOCVEDESC
+ if cve == NOCVE['cve']:
+ for element in CVEORDER:
+ if element == 'refs':
+ cveroot.append(NOCVE[element])
+ else:
+ node = et.SubElement(cveroot, element)
+ node.text = NOCVE[element]
else:
for element in CVEORDER:
if element == 'refs':