[Secure-testing-commits] r2143 - tsck

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Sep 24 00:54:09 UTC 2005 

Author: jmm-guest
Date: 2005-09-24 00:54:08 +0000 (Sat, 24 Sep 2005)
New Revision: 2143

Modified:
   tsck/tsck.py
Log:
adapt tsck to plain text format, does currently only
  support support analysis on a local copy


Modified: tsck/tsck.py
===================================================================
--- tsck/tsck.py	2005-09-23 23:22:07 UTC (rev 2142)
+++ tsck/tsck.py	2005-09-24 00:54:08 UTC (rev 2143)
@@ -10,6 +10,7 @@
 package = ""
 source = ""
 version = ""
+installed = False
 
 for i in statlines:
     if i.startswith("Package:"):
@@ -18,54 +19,117 @@
         source = i.split(": ")[1][0:-1]
     if i.startswith("Version:"):
         version = i.split(": ")[1][0:-1]
+    if i.startswith("Status:"):
+        if i.find(" installed") > -1:
+            installed = True
+        
     if i == "\n":
-        if source == "":
-            source_packages[package] = version
-        else:
-            source_packages[source] = version
+        if installed:
+            if source == "":
+                source_packages[package] = version
+            else:
+                source_packages[source] = version
         package = ""
         source = ""
         version = ""
+        installed = False
 
-raw_vulns = open("testing-security.html", "r")
+raw_vulns = open("testing-security.txt", "r")
 vulns = raw_vulns.readlines()
 
 unfixed = [] # (pkgname, deb#, cve-id)
-fixed = []   # 
+fixed = []   #
+block = False
 
+unimportant = []
+low = []
+medium = []
+high = []
+
+debbugs = []
+cve = ""
+src = ""
+required = ""
+descript = ""
+pkg_name = ""
+severity = ""
+fix = ""
+
+print "Generating system-specific security overview:"
+
 for i in vulns:
-    debbug = ""
-    cve = ""
-    src = ""
-    required = ""
-    if i.startswith("<li>"):
+    if i.startswith("CAN-"):
 
-        cves = re.findall(r'CAN\-[0-9]{4}\-[0-9]{4}', i)
-        if len(cves) > 0:
-            cve = cves[0]
-        else:
-            if i.find("CAN-2005-XXXX") > -1:
-                cve = "to be assigned"
+        if len(cve) > 0 and len(pkg_name) > 0:
+            if source_packages.has_key(pkg_name):
 
-        for j in re.findall(r'.*?unfixed', i):
-            src = j.replace("<li>", "").replace(" (<b>unfixed", "")
+                if severity != "unimportant":
+                    if fix == "<unfixed>":
+                        if severity == "low":
+                            low.append((pkg_name, cve, debbugs))
+                        elif severity == "medium":
+                            medium.append((pkg_name, cve, debbugs))
+                        elif severity == "high":
+                            high.append((pkg_name, cve, debbugs))
 
-            for j in re.findall(r'\<.*?\>', i):
-                if j.find("bugs.debian") > -1:
-                    debbug = j.replace('<a href="', '').replace('">', '')
-            required = "unfixed"
+                    else:
+                        if fix != "<itp>" and fix != "<not-affected>":
+                            installed = source_packages[pkg_name]
+                            if os.system("dpkg --compare-versions " + installed + " ge " + fix) > 0:
+                                if severity == "low":
+                                    low.append((pkg_name, cve, debbugs))
+                                elif severity == "medium":
+                                    medium.append((pkg_name, cve, debbugs))
+                                elif severity == "high":
+                                    high.append((pkg_name, cve, debbugs))
+                                    
+                                    
+                    
+            unfixed.append((pkg_name, fix, debbugs, cve))
+            pkg_name = ""
+            severity = ""
+            fix = ""
 
+        cve = i[0:13]
+        descript = i[14:]
+        
+    if i.startswith("\t"):
+        if i[1:].startswith("-"):
+            e = i[2:].strip().split(" ", 2)
+            pkg_name = e[0]
+            block = re.findall(r'\(.*\)', i)
+            if len(block) > 0:
+                if block[0].find("unfixed") > -1:
+                    fix = "unfixed"
+                else:
+                    fix = e[1]
+            else:
+                fix = e[1]
+            debbugs = re.findall(r'bug\ \#[0-9]{6}', i)
+            if i.find("low") > -1:
+                severity = "low"
+            elif i.find("medium") > -1:
+                severity = "medium"
+            elif i.find("high") > -1:
+                severity = "high"
+            elif i.find("unimportant") > -1:
+                severity = "unimportant"
 
-        if source_packages.has_key(src):
-            print src, "is vulnerable to", cve
 
-        if required != "unfixed":
-            for j in re.findall(r'.*?needed', i):
-                src = j.replace("<li>", "").replace(" needed", "").split(" ")[0]
-                required = j.replace("<li>", "").replace(" needed", "").split(" ")[1]
 
-        if source_packages.has_key(src):
-            installed = source_packages[src]
-            print src,"dpkg --compare-versions " + installed + " ge " + required
-            if os.system("dpkg --compare-versions " + installed + " ge " + required) > 0:
-                print src, "is vulnerable to", cve
+for i in low:
+    print "*", i[0], "is vulnerable to", i[1], "; a vulnerability of low severity"
+    for k in i[2]:
+        print "  See Debian", k, "for further reference."
+
+for i in medium:
+    print "*", i[0], "is vulnerable to", i[1], "; a vulnerability of medium severity"
+    for k in i[2]:
+        print "  See Debian", k, "for further reference."
+
+for i in high:
+    print "*", i[0], "is vulnerable to", i[1], "; a vulnerability of high severity"
+    for k in i[2]:
+        print "  See Debian", k, "for further reference."
+
+

More information about the Secure-testing-commits mailing list