[Secure-testing-commits] r14646 - in lib/python: sectracker sectracker_test

Sat May 8 16:59:00 UTC 2010

Author: fw
Date: 2010-05-08 16:59:00 +0000 (Sat, 08 May 2010)
New Revision: 14646

Added:
   lib/python/sectracker/analyzers.py
Modified:
   lib/python/sectracker_test/test_repo.py
Log:
sectracker.analyzers.extractversions(): find all known versions of package


Added: lib/python/sectracker/analyzers.py
===================================================================

--- lib/python/sectracker/analyzers.py	                        (rev 0)
+++ lib/python/sectracker/analyzers.py	2010-05-08 16:59:00 UTC (rev 14646)
@@ -0,0 +1,51 @@
+# sectracker.analyzers -- vulnerability analysis
+# Copyright (C) 2010 Florian Weimer <fw at deneb.enyo.de>
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+import apt_pkg as _apt_pkg
+
+# vercmp is the Debian version comparison algorithm
+_apt_pkg.init()
+try:
+    vercmp = _apt_pkg.version_compare
+except AttributeError:
+    vercmp = _apt_pkg.VersionCompare
+
+def extractversions(config, listfiles, diag):
+    """Extracts version information from list files.
+
+    Uses the repository configuration config to obtain a nested
+    dictionary, mapping release names to packages and sets of
+    versions.  Then scans the (already parsed) files in listfiles for
+    additional versions for those releases.  If an unknown release is
+    encountered, an error message is added to diag."""
+
+    rpv = config.releasepackageversions()
+    for listfile in listfiles:
+        for bug in listfile.list:
+            for ann in bug.annotations:
+                if ann.type == "package" and ann.version is not None \
+                        and ann.release is not None:
+                    if ann.release not in rpv:
+                        diag.error(file=bug.file, line=ann.line,
+                                   message="unknown release: %r" % ann.release)
+                    else:
+                        pv = rpv[ann.release]
+                        if ann.package in pv:
+                            pv[ann.package].add(ann.version)
+                        else:
+                            pv[ann.package] = set((ann.version,))
+    return rpv

Modified: lib/python/sectracker_test/test_repo.py
===================================================================
--- lib/python/sectracker_test/test_repo.py	2010-05-08 16:51:43 UTC (rev 14645)
+++ lib/python/sectracker_test/test_repo.py	2010-05-08 16:59:00 UTC (rev 14646)
@@ -20,6 +20,8 @@
 import tempfile
 
 from sectracker.repo import *
+import sectracker.analyzers as a
+from sectracker.diagnostics import Diagnostics
 import sectracker.parsers as p
 
 tmp = tempfile.mkdtemp()
@@ -50,4 +52,12 @@
 rpv = c.releasepackageversions()
 assert "sid" in rpv
 assert "bash" in rpv["sid"]
-
+diag = Diagnostics()
+rpv = a.extractversions(c, (p.cvelist("../../data/CVE/list"),), diag)
+if False:
+    for r, pv in rpv.items():
+        for p, v in pv.items():
+            if len(v) > 1:
+                print r, p, v
+for err in diag.messages():
+    print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message)


