diff options
-rw-r--r-- | TODO | 2 | ||||
-rwxr-xr-x | kernel-check.py | 3 | ||||
-rwxr-xr-x | kernellib.py | 45 |
3 files changed, 32 insertions, 18 deletions
@@ -5,6 +5,7 @@ Implementation - Add further error handling - Implement find_cve() (return bugid) - Create a GENERIC-MAP-NOMATCH entry in the cve xml files +- Implement hardend/xen intervall Cleanup and Rework ================== @@ -23,7 +24,6 @@ Whiteboard changes ================== - Move arch into whiteboard e.g. {x86, amd64} - [kernel +<version] -> [+kernel <version] -- Ignore vserver whiteboard Summary changes =============== diff --git a/kernel-check.py b/kernel-check.py index 72959cf..c1e25f6 100755 --- a/kernel-check.py +++ b/kernel-check.py @@ -84,7 +84,8 @@ def main(argv): print '\n>>> Reading all kernel vulnerabilities' - schedule = lib.parse_cve_files(lib.FOLDER['out'], kernel, best, arch) + schedule = lib.parse_cve_files(lib.FOLDER['out'], kernel, + best, genpatch, arch) if schedule is not None: info('%s vulnerabilities read.' % color('GOOD', str(schedule.read))) diff --git a/kernellib.py b/kernellib.py index 922daf2..3f013d7 100755 --- a/kernellib.py +++ b/kernellib.py @@ -8,6 +8,7 @@ from contextlib import closing import xml.etree.cElementTree as et import cStringIO import datetime +import inspect import logging import mmap import os @@ -79,13 +80,10 @@ FOLDER = { 'nvd' : os.path.join(FILEPATH, 'tmp', 'nvd') } -logging.basicConfig(format='%(levelname)-6s[%(asctime)s] : %(message)s', - datefmt='%H:%M:%S', level=logging.DEBUG) - def debug(msg): if DEBUG: - logging.debug(msg) - + print 'DEBUG line %s in %s(): %s' % (inspect.stack()[1][2], + inspect.stack()[1][3], msg) class InvalidWhiteboardError(Exception): def __init__(self, value): @@ -252,8 +250,8 @@ class Interval: pass elif name == 'gp': name = 'genpatches' - elif name[-7:] != 'sources': - name = '%s-sources' % (name) + + name = name.replace('-sources', '') self.name = name self.lower_i = lower_i @@ -331,16 +329,30 @@ def interval_from_xml(root): return Interval(name, lower, upper, lower_i, upper_i, expand) -#TODO add genpatches +#TODO hardened, xen? #TODO short function #TODO Use exceptions -def is_in_interval(interval, kernel): +def is_in_interval(interval, kernel, genpatch, bugid): #FIXME Remove bugid 'Returns True if the given version is inside our specified interval' + + version = str() + + if interval.name == 'linux': + version = kernel.version + + if interval.name == 'genpatches': + version = genpatch.version.replace('-', '.') + + if interval.name == 'vserver': + return False - version = kernel.version #TODO Use revision, source + #TODO Remove + if interval.name not in ['linux', 'genpatches', 'hardened', 'xen']: + debug(interval.name + ' ' + bugid.bugid) #TODO raise exception if version == None: + debug('no version') return False if interval.lower: @@ -357,6 +369,7 @@ def is_in_interval(interval, kernel): if interval.upper: result = portage.versions.vercmp(version, interval.upper) + debug('%s %s %s %s' % (result, version, interval.upper, bugid.bugid)) if result == None: debug('Could not compare %s and %s' % (interval.upper, version)) @@ -625,7 +638,7 @@ def extract_cves(string): #TODO check function -def parse_cve_files(directory, kernel, best, arch): +def parse_cve_files(directory, kernel, best, genpatch, arch): 'Reads all bug files and returns a schedule with vulnerabilty information' files = list() @@ -652,9 +665,9 @@ def parse_cve_files(directory, kernel, best, arch): if item.arch == arch or item.arch == 'all': schedule.match += 1 for interval in item.affected: - if is_in_interval(interval, kernel): + if is_in_interval(interval, kernel, genpatch, item): kernelaffected = True - if is_in_interval(interval, best): + if is_in_interval(interval, best, genpatch, item): bestaffected = True if kernelaffected: @@ -678,7 +691,7 @@ def read_cve_file(directory, bugid): affected = list() filename = os.path.join(directory, bugid + '.xml') - + try: with open(filename, 'r+') as xml_data: memory_map = mmap.mmap(xml_data.fileno(), 0) @@ -898,8 +911,8 @@ def receive_file(directory, path, xml_file, with closing(urllib.urlopen(path + xml_file)) as resource: data.write(resource.read()) - with open(filename, 'w') as output: - output.write(data.getvalue()) + with open(filename, 'w') as output: + output.write(data.getvalue()) except IOError: debug('Download failed!') #FIXME Handle exception |