Change license; include class schedule; some bugfixes

author: Bjoern Tropf <asymmail@googlemail.com> 2009-06-14 12:06:01 +0200
committer: Bjoern Tropf <asymmail@googlemail.com> 2009-06-14 12:06:01 +0200
commit: f3c28d33dc8c4327f8563be1be50d92a833471b5 (patch)
tree: 9d42572238e1cf98f2754f4ed8f1e43258b1e9bc
parent: Implement interval_from_xml() (diff)
download: kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.tar.gz
kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.tar.bz2
kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.zip
3 files changed, 90 insertions, 90 deletions
diff --git a/collector.py b/collector.py
index d9b88df..810eb0a 100755
--- a/collector.py
+++ b/collector.py
@@ -1,20 +1,7 @@
-# kernel-check.py -- Kernel security information
-# Copyright (C) 2009  Bjoern Tropf <asymmail@googemail.com>
-# Copyright (C) 2009  Robert Buchholz <rbu@gentoo.org>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#! /usr/bin/env python
+# kernel-check -- Kernel security information
+# Copyright 2009-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
 
 import getopt
 import os
diff --git a/kernel-check.py b/kernel-check.py
index db3abf7..7743d99 100755
--- a/kernel-check.py
+++ b/kernel-check.py
@@ -1,20 +1,7 @@
-# kernel-check.py -- Kernel security information
-# Copyright (C) 2009  Bjoern Tropf <asymmail@googemail.com>
-# Copyright (C) 2009  Robert Buchholz <rbu@gentoo.org>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#! /usr/bin/env python
+# kernel-check -- Kernel security information
+# Copyright 2009-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
 
 import getopt
 import portage.output
@@ -29,6 +16,7 @@ def main(argv):
     warn = portage.output.EOutput().ewarn
     error = portage.output.EOutput().eerror
     color = portage.output.colorize
+    term = portage.output.get_term_size()
 
     try:
         opts, args = getopt.getopt(argv, 'hnr:s:v', ['help', 'nocolor', 'report=', 'show=', 'verbose'])
@@ -52,6 +40,7 @@ def main(argv):
     print '>>> Gathering system information'
 
     kernel = lib.extract_version(os.uname()[2])
+    best = lib.best_version(kernel.source)
     if kernel is not None:
         info('Kernel version: %s' % (color('GOOD', '%s-%s' % (kernel.version, kernel.revision))))
         info('Kernel sources: %s' % color('GOOD', kernel.source))
@@ -72,29 +61,22 @@ def main(argv):
         error('No system architecture found!')
         sys.exit()
 
-    print '\n>>> Reading kernel vulnerabilities'
+    print '\n>>> Reading all kernel vulnerabilities'
 
-    #TODO Implement
-    cve = {
-        'read'   : 345,
-        'match'  : 284,
-        'fixed'  : 274,
-        'canfix' : [1, 2, 3],
-        'notfix' : [1, 2]
-    }
+    schedule = lib.parse_cve_files('out', kernel, best, arch)
 
-    if cve:
-        info('%s files read' % color('GOOD', str(cve['read'])))
-        info('%s match this system' % color('GOOD', str(cve['match'])))
-        info('%s have been fixed' % color('GOOD', str(cve['fixed'])))
+    if schedule is not None:
+        info('%s files read' % color('GOOD', str(schedule.read)))
+        info('%s match this system' % color('GOOD', str(schedule.match)))
+        info('%s have been fixed' % color('GOOD', str(schedule.fixed)))
 
-        if len(cve['canfix']):
-            error('%s can be fixed by upgrading' % color('BAD', str(len(cve['canfix']))))
+        if len(schedule.canfix):
+            error('%s can be fixed by upgrading' % color('BAD', str(len(schedule.canfix))))
         else:
             info('No vulnerability can be fixed by upgrading')
 
-        if len(cve['notfix']):
-            warn('%s have not been fixed yet' % color('WARN', str(len(cve['notfix']))))
+        if len(schedule.notfix):
+            warn('%s have not been fixed yet' % color('WARN', str(len(schedule.notfix))))
         else:
             info('No vulnerability have not been fixed yet')
 
@@ -102,24 +84,21 @@ def main(argv):
         error('No vulnerability files found!')
         sys.exit()
 
-    best = lib.best_version(kernel.source)
-    if len(cve['canfix']):
-        info('')
-        info('These could be fixed by upgrading:')
-        info('')
-        #TODO Print bugs
-        '''200000 - This is a insidious kernel bug... - critical'''
-        info('')
-        info('To print information about a vulnerability try:')
-        info('$ %s -i [id]' % sys.argv[0])
+    if len(schedule.canfix):
+        print '\nThese could be fixed by upgrading:'
+        for item in schedule.canfix:
+            print '\n   Bugid %s:' % item.bugid
+            for cve in item.cves:
+                print '      %s - %s\n      \"%s...\"' % (cve.cve, cve.severity, cve.desc[:term[1]-14])
+        print ''
+        info('To print more information about a vulnerability try:')
+        info('   $ %s -i [bugid]' % sys.argv[0])
         info('')
-        info('Upgrading to the latest version')
-        info('[%s]' % color('GOOD', best))
-        info('is recommended!')
+        info('It is recommended to upgrade your kernel to [%s]' % color('GOOD', best))
     else:
         info('')
         info('Your kernel is not affected by any known')
-        info('and alread fixed vulnerabilities!')
+        info('and fixed vulnerabilities!')
 
 
 def usage():
diff --git a/kernellib.py b/kernellib.py
index a08ab08..241985e 100755
--- a/kernellib.py
+++ b/kernellib.py
@@ -1,20 +1,7 @@
-# kernel-check.py -- Kernel security information
-# Copyright (C) 2009  Bjoern Tropf <asymmail@googemail.com>
-# Copyright (C) 2009  Robert Buchholz <rbu@gentoo.org>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#! /usr/bin/env python
+# kernel-check -- Kernel security information
+# Copyright 2009-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
 
 from __future__ import with_statement
 from contextlib import closing
@@ -59,7 +46,7 @@ GENERAL_KERNEL_TYPES = ['aa', 'acpi', 'ac', 'alpha', 'arm', 'as', 'cell', 'ck',
 GENTOO_KERNEL_TYPES = ['cell', 'mips', 'tuxonice', 'mm', 'usermode', 'gentoo', 'vanilla', 'git',
     'openvz', 'vserver', 'hardened', 'sh', 'xbox', 'sparc', 'xen']
 
-VERSION = '0.5'
+VERSION = '0.51'
 VERBOSE = False
 FORCE = False
 
@@ -74,6 +61,20 @@ def debug(msg):
 def error(msg):
     logging.error(msg)
 
+
+class Schedule:
+    'Schedule class'
+
+    read   = int()
+    match  = int()
+    fixed  = int()
+    canfix = list()
+    notfix = list()
+
+    def __init__(self, read):
+        self.read = read
+
+
 class Cve:
     'Cve class'
 
@@ -253,20 +254,21 @@ def interval_from_xml(root):
     return Interval(name, lower, upper, lower_i, upper_i, expand)
 
 
-def is_in_interval(self, version):
+def is_in_interval(interval, version):
     'Returns True if the given version is inside our specified interval, False otherwise.'
 
     if not version:
         return True
 
     for item in ('lower', 'upper'):
-        if getattr(self, item):
-            if not portage_versions.vercmp(version, getattr(self, item)):
-                error("Could not compare %s and %s" % (getattr(self, item), version, str(self)))
+        if getattr(interval, item):
+            result = portage.versions.vercmp(version, getattr(interval, item))
+            if result == None:
+                error("Could not compare %s and %s - %s" % (getattr(interval, item), version, str(interval)))#FIXME
 
-            if not result and not getattr(self, item + '_i'):
+            if not result and not getattr(interval, item + '_i'):
                 return False
-            if not result and getattr(self, item + '_i'):
+            if not result and getattr(interval, item + '_i'):
                 return True
             if result < 0:
                 return False
@@ -492,6 +494,38 @@ def extract_cves(string):
     return cves
 
 
+def parse_cve_files(directory, kernel, best, arch):
+    'Reads all bug files and returns a schedule with vulnerabilty information'
+
+    files = list()
+
+    for item in os.listdir(directory):
+        try:
+            files.append(read_cve_file(directory, item[:-4]))
+        except: #FIXME specify
+            pass
+
+    schedule = Schedule(len(files))
+
+    for item in files:
+        if item.arch.lower() != 'all':
+            #print 'arch: ' + item.arch.lower()
+            #print 'id: ' + item.bugid
+            schedule.canfix.append(item)
+        """
+        if item.arch.lower() == arch or item.arch.lower() == 'all': #FIXME check!
+            schedule.match += 1
+            for interval in item.affected:
+                if is_in_interval(interval, kernel.version): #TODO check!
+                    print "%s < %s < %s" % (interval.lower, kernel.version, interval.upper)
+        """
+
+    #arch, affected, cves
+    #schedule = read, match, fixed, canfix, notfix
+
+    return schedule
+
+
 def read_cve_file(directory, bugid):
     'Read a bug file created by collector'
 
@@ -527,7 +561,7 @@ def read_cve_file(directory, bugid):
             cve.refs = item.find('refs').text #FIXME
             cve.severity = item.find('severity').text
             cve.score = item.find('score').text
-            cve.severity = item.find('vector').text
+            cve.vector = item.find('vector').text
 
             cves.append(cve)
     vul.cves = cves
author	Bjoern Tropf <asymmail@googlemail.com>	2009-06-14 12:06:01 +0200
committer	Bjoern Tropf <asymmail@googlemail.com>	2009-06-14 12:06:01 +0200
commit	f3c28d33dc8c4327f8563be1be50d92a833471b5 (patch)
tree	9d42572238e1cf98f2754f4ed8f1e43258b1e9bc
parent	Implement interval_from_xml() (diff)
download	kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.tar.gz kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.tar.bz2 kernel-check-f3c28d33dc8c4327f8563be1be50d92a833471b5.zip