[Secure-testing-commits] r50230 - bin

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Mar 31 19:23:10 UTC 2017 

Author: carnil
Date: 2017-03-31 19:23:09 +0000 (Fri, 31 Mar 2017)
New Revision: 50230

Modified:
   bin/report-vuln
Log:
Import improvements to report-vuln done by Antoine Beaupr?\195?\169

Modified: bin/report-vuln
===================================================================
--- bin/report-vuln	2017-03-31 17:47:58 UTC (rev 50229)
+++ bin/report-vuln	2017-03-31 19:23:09 UTC (rev 50230)
@@ -19,6 +19,7 @@
 #
 # export http_proxy if you need to use an http proxy to report bugs
 
+import argparse
 import sys, re, urllib, os
 
 temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
@@ -112,7 +113,7 @@
 
 	return ret + '\n'
 
-def gen_text(pkg, cveid, include_version = False, severity = 'FILLINSEVERITY'):
+def gen_text(pkg, cveid, blanks = False, severity = 'FILLINSEVERITY', affected=None, cc=False, cclist=None):
 	vuln_suff = 'y'
 	cve_suff = ''
 	time_w = 'was'
@@ -124,8 +125,13 @@
 		time_w = 'were'
 	
 	header = '''Package: %s\n''' % (pkg)
-	if include_version:
-		header += 'Version: FILLINAFFECTEDVERSION\n'
+	if affected is None:
+	        if blanks:
+		        header += "Version: FILLINAFFECTEDVERSION\n"
+        else:
+                header += "Version: %s\n" % affected
+        if cc and len(cclist) > 0:
+                header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
 	header += '''Severity: %s
 Tags: security
 
@@ -160,31 +166,54 @@
 		print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
 		print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
 
-	if not include_version:
-		print '''Please adjust the affected versions in the BTS as needed.\n'''
+	if not blanks:
+		print '''\nPlease adjust the affected versions in the BTS as needed.\n'''
 
 def error(msg):
 	print 'error: ' + msg
 	sys.exit(1)
 
-def usage():
-	print sys.argv[0], '[--no-blanks] <pkg> <cve id(s)>'
-	sys.exit(0)
+class NegateAction(argparse.Action):
+    '''add a toggle flag to argparse
 
+    this is similar to 'store_true' or 'store_false', but allows
+    arguments prefixed with --no to disable the default. the default
+    is set depending on the first argument - if it starts with the
+    negative form (define by default as '--no'), the default is False,
+    otherwise True.
+    '''
+
+    negative = '--no'
+
+    def __init__(self, option_strings, *args, **kwargs):
+        '''set default depending on the first argument'''
+        default = not option_strings[0].startswith(self.negative)
+        super(NegateAction, self).__init__(option_strings, *args,
+                                           default=default, nargs=0, **kwargs)
+
+    def __call__(self, parser, ns, values, option):
+        '''set the truth value depending on whether
+        it starts with the negative form'''
+        setattr(ns, self.dest, not option.startswith(self.negative))
+
+
 def main():
-	if len(sys.argv) < 3:
-		usage()
+        parser = argparse.ArgumentParser()
+        parser.add_argument('--no-blanks', '--blanks', dest='blanks', action=NegateAction,
+                            help='include blank fields to be filled (default: %(default)s)')
+        parser.add_argument('--affected', help='affected version (default: unspecified)')
+        parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)')
+        parser.add_argument('--no-cc', '--cc', dest='cc', action=NegateAction,
+                            help='add X-Debbugs-CC header to')
+        parser.add_argument('--cc-list', dest='cclist', default=['team at security.debian.org', 'secure-testing-team at lists.alioth.debian.org'],
+                            help='list of addres to add in CC (default: %(default)s)')
+        parser.add_argument('pkg', help='affected package')
+        parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs')
+        args = parser.parse_args()
 
-	blanks = True
-	if sys.argv[1] == '--no-blanks':
-		if len(sys.argv) < 4:
-			usage()
-		blanks = False
-		pkg = sys.argv[2]
-		cve = sys.argv[3:]
-	else:
-		pkg = sys.argv[1]
-		cve = sys.argv[2:]
+        blanks = args.blanks
+        pkg = args.pkg
+        cve = args.cve
 
 	# check for valid parameters
 	p = re.compile('^[0-9a-z].*')
@@ -197,10 +226,7 @@
 		if not c.match(arg) and not temp_id.match(arg):
 			error(arg + ' does not seem to be a valid CVE id')
 
-	if blanks:
-		gen_text(pkg, cve)
-	else:
-		gen_text(pkg, cve, False, 'grave')
+	gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist)
 
 if __name__ == '__main__':
 	main()

More information about the Secure-testing-commits mailing list