[Secure-testing-commits] r1793 - in data/DTSA: . templates

Neil McGovern neilm at costa.debian.org
Sat Sep 3 12:43:05 UTC 2005 

Author: neilm
Date: 2005-09-03 12:43:05 +0000 (Sat, 03 Sep 2005)
New Revision: 1793

Modified:
   data/DTSA/dtsa
   data/DTSA/templates/footer.html
Log:
Now exports DTSAs as HTML \o/


Modified: data/DTSA/dtsa
===================================================================
--- data/DTSA/dtsa	2005-09-03 12:08:30 UTC (rev 1792)
+++ data/DTSA/dtsa	2005-09-03 12:43:05 UTC (rev 1793)
@@ -3,14 +3,14 @@
 import sys, getopt, os, glob
 
 # TODO:
-# Create the web overview
 # Add code for updating a DTSA
 # Include SHA-1 checksums in advisories
 
 # Note: This has to be run inside secure-testing/data/DTSA/
 
 # Prerequisites:
-# subdirectories advs/plain-text and advs/html
+# subdirectories advs/plain-text, advs/html and templates
+# Templates must include header.html and footer.html, but can be blank
 # mailx package installed
 
 announce_mail_address = "secure-testing-announce at lists.alioth.debian.org"
@@ -73,10 +73,10 @@
 	if len(cve) == 0:
 		print "No CVE assignments seem to have been made for this issue"
 
-	print "There's currently not yet support for an HTML representation, but it will"
-	print "be added soon."
-	print
+	export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific)  
 	
+	print "A html representation has been generated as",dtsa_id + ".html"
+	
 	export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific)  
 
 	print "A textual representation has been generated as", dtsa_id
@@ -103,7 +103,75 @@
 	l_f.write("\tTODO: unreleased\n")
 	l_f.close()
 
-def export_html(src, data, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev):
+def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific):
+	html = open(os.getcwd() + "/" + id + ".html", "w")
+	
+	# Open, read, write and close the header
+	header = open(os.getcwd() + "/templates/header.html","r")
+	for line in header.readlines():
+		header.write(line);
+	header.close
+
+	# Write the actual html
+
+	html.write("<h2>"+ id + "</h2>\n")
+	html.write("<dl>\n")
+	html.write("<dt>Date Reported:</dt>\n<dd>" + date + "</dd>\n")
+	html.write("<dt>Affected Package:</dt>\n<dd><a href='http://packages.debian.org/src:" + src + "'>" + src + "</a></dd>\n")
+	html.write("<dt>Vulnerability:</dt>\n<dd>" + vuln_type + "</dd>\n")
+	html.write("<dt>Problem-Scope:</dt>\n<dd>" + scope + "</dd>\n")
+	html.write("<dt>Debian-specific:</dt>\n<dd>" + yn(debian_specific) + "<br></dd>\n")
+
+#	if len(vendor_advisory) > 0:
+#		html.write("Vendor advisory: " + vendor_advisory + "\n")
+#	else:
+#		html.write("Vendor advisory: Not available\n")
+	cves = "<dt>CVE:</dt>\n<dd>\n"
+	if len(cve) > 0:
+		for i in cve:
+			cves += "<a href='http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=" + i +"'>"
+			cves += i
+			cves += "</a> \n"
+	else:
+		cves += "None so far\n"
+	html.write(cves + "<br></dd>\n")
+	
+	html.write("<br>")
+	html.write("<dt>More information:</dt>\n")
+	html.write("<dd>");
+	for i in descr:
+		html.write(i + "&nbsp;<br>\n")
+	html.write("</dd>\n")
+
+	html.write("<br>")
+	html.write("<dt>For the testing distribution (etch) this is fixed in version " + testing_fix + "</dt>\n")
+
+	if len(sid_fix) > 0:
+		html.write("<dt>For the unstable distribution (sid) this is fixed in version " + sid_fix + "</dt>\n")
+	else:
+		html.write("<dt>For the unstable distribution this problem will be fixed soon</dt>\n")
+
+	html.write("<br>")
+	html.write("<dt>This upgrade is recommended if you use " + src + ".<dt>\n")
+	html.write("<br>")
+
+	html.write("<dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt>\n")
+	html.write("\n")
+
+	html.write("<dd>apt-get update && apt-get install "+ src + " FIXME, I'm broken </dd>\n")
+	html.write("<br>\n")
+	html.write("\n")
+	# FIXME, use python-crypto for inclusion of SHA-1 checksums
+
+	print "HTML representation has been exported"
+	# Open, read, write and close the footer
+	footer = open(os.getcwd() + "/templates/footer.html","r")
+	for line in footer.readlines():
+		html.write(line);
+	footer.close
+
+	# Be nice and close the html file
+	html.close;
 	pass
 
 

Modified: data/DTSA/templates/footer.html
===================================================================
--- data/DTSA/templates/footer.html	2005-09-03 12:08:30 UTC (rev 1792)
+++ data/DTSA/templates/footer.html	2005-09-03 12:43:05 UTC (rev 1793)
@@ -0,0 +1,15 @@
+<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt>
+
+<br>
+<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt>
+<br>
+<dd>deb http://secure-testing-mirrors.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free</dd>
+<dd>deb-src http://secure-testing-mirrors.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free</dd>
+<br>
+<dt>The archive signing key can be downloaded from<dt>
+<dd><a href='http://secure-testing.debian.net/ziyi-2005-7.asc'>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd>
+
+<br>
+  
+<dt>For further information about the Debian testing security team, please refer to <a href='http://secure-testing.debian.net/'>http://secure-testing.debian.net/</a></dt>
+

More information about the Secure-testing-commits mailing list