[Secure-testing-commits] r3078 - bin lib/python

Florian Weimer fw at costa.debian.org
Sat Dec 17 11:17:22 UTC 2005 

Author: fw
Date: 2005-12-17 11:17:21 +0000 (Sat, 17 Dec 2005)
New Revision: 3078

Modified:
   bin/tracker_service.py
   bin/update-nvd
   lib/python/nvd.py
   lib/python/security_db.py
Log:
Store CVE descriptions in the nvd_data table.  Enable incremental
NVD updates.

lib/python/security_db.py (DB):
  Bump schema version.  Add cve_desc column to the nvd_data table.
(DB.updateNVD):
  New method.

bin/update-nvd:
  If the -i option is specified, use updateNVD instead of replaceNVD.

lib/python/nvd.py (_Parser):
  Add new member variable path.
(_Parser.characters):
  New method.
(_Parser.endElement):
  Store cve_desc variable.

bin/tracker_service.py (TrackerService.page_bug):
  Use NVD description if available.


Modified: bin/tracker_service.py
===================================================================
--- bin/tracker_service.py	2005-12-16 22:34:46 UTC (rev 3077)
+++ bin/tracker_service.py	2005-12-17 11:17:21 UTC (rev 3078)
@@ -253,14 +253,17 @@
             if source_xref:
                 yield B("Source"), source_xref
         
-            if bug.description:
+            nvd = self.db.getNVD(cursor, bug.name)
+
+            if nvd and nvd.cve_desc:
+                yield B("Description"), nvd.cve_desc
+            elif bug.description:
                 yield B("Description"), bug.description
 
             xref = list(self.db.getBugXrefs(cursor, bug.name))
             if xref:
                 yield B("References"), self.make_xref_list(url, xref)
 
-            nvd = self.db.getNVD(cursor, bug.name)
             if nvd:
                 if nvd.severity:
                     yield B("NVD severity"), nvd.severity.lower()

Modified: bin/update-nvd
===================================================================
--- bin/update-nvd	2005-12-16 22:34:46 UTC (rev 3077)
+++ bin/update-nvd	2005-12-17 11:17:21 UTC (rev 3078)
@@ -24,12 +24,19 @@
 db_file = 'data/security.db'
 db = security_db.DB(db_file)
 
+incremental = False
 data = []
 for name in sys.argv[1:]:
+    if name == '-i':
+        incremental = True
+        continue
     f = file(name)
     data += nvd.parse(f)
     f.close()
 
 cursor = db.writeTxn()
-db.replaceNVD(cursor, data)
+if incremental:
+    db.updateNVD(cursor, data)
+else:
+    db.replaceNVD(cursor, data)
 db.commit(cursor)

Modified: lib/python/nvd.py
===================================================================
--- lib/python/nvd.py	2005-12-16 22:34:46 UTC (rev 3077)
+++ lib/python/nvd.py	2005-12-17 11:17:21 UTC (rev 3078)
@@ -31,11 +31,13 @@
         for x in ('entry', 'local', 'range', 'remote', 'user_init',
                   'avail', 'conf', 'int', 'sec_prot'):
              self.start_dispatcher[x] = getattr(self, 'TAG_' + x)
+        self.path = []
 
     def _noop(*args):
         pass
 
     def startElement(self, name, attrs):
+        self.path.append((name, attrs))
         self.start_dispatcher.get(name, self._noop)(name, attrs)
 
     def TAG_entry(self, name, attrs):
@@ -44,6 +46,7 @@
         self.severity = attrs.get('severity', u'').encode('utf-8')
         self.discovered = attrs.get('discovered', u'').encode('utf-8')
 
+        self.cve_desc = ""
         self.range_local = self.range_remote = self.range_user_init = None
 
         self.loss_avail = self.loss_conf = self.loss_int \
@@ -82,6 +85,7 @@
             if name[0:4] == 'CAN-':
                 name = 'CVE-' + name[4:]
             self.result.append((name,
+                                self.cve_desc,
                                 self.discovered,
                                 self.published,
                                 self.severity,
@@ -94,7 +98,13 @@
                                 self.loss_sec_prot_user,
                                 self.loss_sec_prot_admin,
                                 self.loss_sec_prot_other))
+        del self.path[-1]
 
+    def characters(self, content):
+        (name, attrs) = self.path[-1]
+        if name == 'descript' and attrs['source'] == 'cve':
+            self.cve_desc = content
+
 def parse(file):
     """Parses the indicated file object.  Returns a list of tuples,
     containing the following elements:

Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py	2005-12-16 22:34:46 UTC (rev 3077)
+++ lib/python/security_db.py	2005-12-17 11:17:21 UTC (rev 3078)
@@ -113,7 +113,7 @@
         self.db = apsw.Connection(name)
         self.verbose = verbose
 
-        self.schema_version = 19
+        self.schema_version = 20
         self._initFunctions()
 
         c = self.cursor()
@@ -297,6 +297,7 @@
         cursor.execute(
             """CREATE TABLE nvd_data
             (cve_name TEXT NOT NULL PRIMARY KEY,
+            cve_desc TEXT NOT NULL,
             discovered TEXT NOT NULL,
             published TEXT NOT NULL,
             severity TEXT NOT NULL,
@@ -1362,6 +1363,13 @@
                            + (", ?" * (len(data[0]) - 1))
                            + ")", data)
 
+    def updateNVD(self, cursor, data):
+        """Adds (and overwrites) NVD data stored in the database.
+        This can be used for incremental updates."""
+        cursor.executemany("INSERT OR REPLACE INTO nvd_data VALUES (?"
+                           + (", ?" * (len(data[0]) - 1))
+                           + ")", data)
+
     def getNVD(self, cursor, cve_name):
         """Returns a dictionary with NVD data corresponding to the CVE name,
         or None."""

More information about the Secure-testing-commits mailing list