summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TODO2
-rwxr-xr-xkernel-check.py3
-rwxr-xr-xkernellib.py45
3 files changed, 32 insertions, 18 deletions
diff --git a/TODO b/TODO
index 68855c8..725adb3 100644
--- a/TODO
+++ b/TODO
@@ -5,6 +5,7 @@ Implementation
- Add further error handling
- Implement find_cve() (return bugid)
- Create a GENERIC-MAP-NOMATCH entry in the cve xml files
+- Implement hardend/xen intervall
Cleanup and Rework
==================
@@ -23,7 +24,6 @@ Whiteboard changes
==================
- Move arch into whiteboard e.g. {x86, amd64}
- [kernel +<version] -> [+kernel <version]
-- Ignore vserver whiteboard
Summary changes
===============
diff --git a/kernel-check.py b/kernel-check.py
index 72959cf..c1e25f6 100755
--- a/kernel-check.py
+++ b/kernel-check.py
@@ -84,7 +84,8 @@ def main(argv):
print '\n>>> Reading all kernel vulnerabilities'
- schedule = lib.parse_cve_files(lib.FOLDER['out'], kernel, best, arch)
+ schedule = lib.parse_cve_files(lib.FOLDER['out'], kernel,
+ best, genpatch, arch)
if schedule is not None:
info('%s vulnerabilities read.' %
color('GOOD', str(schedule.read)))
diff --git a/kernellib.py b/kernellib.py
index 922daf2..3f013d7 100755
--- a/kernellib.py
+++ b/kernellib.py
@@ -8,6 +8,7 @@ from contextlib import closing
import xml.etree.cElementTree as et
import cStringIO
import datetime
+import inspect
import logging
import mmap
import os
@@ -79,13 +80,10 @@ FOLDER = {
'nvd' : os.path.join(FILEPATH, 'tmp', 'nvd')
}
-logging.basicConfig(format='%(levelname)-6s[%(asctime)s] : %(message)s',
- datefmt='%H:%M:%S', level=logging.DEBUG)
-
def debug(msg):
if DEBUG:
- logging.debug(msg)
-
+ print 'DEBUG line %s in %s(): %s' % (inspect.stack()[1][2],
+ inspect.stack()[1][3], msg)
class InvalidWhiteboardError(Exception):
def __init__(self, value):
@@ -252,8 +250,8 @@ class Interval:
pass
elif name == 'gp':
name = 'genpatches'
- elif name[-7:] != 'sources':
- name = '%s-sources' % (name)
+
+ name = name.replace('-sources', '')
self.name = name
self.lower_i = lower_i
@@ -331,16 +329,30 @@ def interval_from_xml(root):
return Interval(name, lower, upper, lower_i, upper_i, expand)
-#TODO add genpatches
+#TODO hardened, xen?
#TODO short function
#TODO Use exceptions
-def is_in_interval(interval, kernel):
+def is_in_interval(interval, kernel, genpatch, bugid): #FIXME Remove bugid
'Returns True if the given version is inside our specified interval'
+
+ version = str()
+
+ if interval.name == 'linux':
+ version = kernel.version
+
+ if interval.name == 'genpatches':
+ version = genpatch.version.replace('-', '.')
+
+ if interval.name == 'vserver':
+ return False
- version = kernel.version #TODO Use revision, source
+ #TODO Remove
+ if interval.name not in ['linux', 'genpatches', 'hardened', 'xen']:
+ debug(interval.name + ' ' + bugid.bugid)
#TODO raise exception
if version == None:
+ debug('no version')
return False
if interval.lower:
@@ -357,6 +369,7 @@ def is_in_interval(interval, kernel):
if interval.upper:
result = portage.versions.vercmp(version, interval.upper)
+ debug('%s %s %s %s' % (result, version, interval.upper, bugid.bugid))
if result == None:
debug('Could not compare %s and %s' % (interval.upper, version))
@@ -625,7 +638,7 @@ def extract_cves(string):
#TODO check function
-def parse_cve_files(directory, kernel, best, arch):
+def parse_cve_files(directory, kernel, best, genpatch, arch):
'Reads all bug files and returns a schedule with vulnerabilty information'
files = list()
@@ -652,9 +665,9 @@ def parse_cve_files(directory, kernel, best, arch):
if item.arch == arch or item.arch == 'all':
schedule.match += 1
for interval in item.affected:
- if is_in_interval(interval, kernel):
+ if is_in_interval(interval, kernel, genpatch, item):
kernelaffected = True
- if is_in_interval(interval, best):
+ if is_in_interval(interval, best, genpatch, item):
bestaffected = True
if kernelaffected:
@@ -678,7 +691,7 @@ def read_cve_file(directory, bugid):
affected = list()
filename = os.path.join(directory, bugid + '.xml')
-
+
try:
with open(filename, 'r+') as xml_data:
memory_map = mmap.mmap(xml_data.fileno(), 0)
@@ -898,8 +911,8 @@ def receive_file(directory, path, xml_file,
with closing(urllib.urlopen(path + xml_file)) as resource:
data.write(resource.read())
- with open(filename, 'w') as output:
- output.write(data.getvalue())
+ with open(filename, 'w') as output:
+ output.write(data.getvalue())
except IOError:
debug('Download failed!') #FIXME Handle exception