[Secure-testing-commits] r58118 - bin
Guido Guenther
agx at moszumanska.debian.org
Wed Nov 29 15:21:40 UTC 2017
Author: agx
Date: 2017-11-29 15:21:40 +0000 (Wed, 29 Nov 2017)
New Revision: 58118
Modified:
bin/report-vuln
Log:
report-vuln: Use spaces instead of tabs
Modified: bin/report-vuln
===================================================================
--- bin/report-vuln 2017-11-29 14:48:58 UTC (rev 58117)
+++ bin/report-vuln 2017-11-29 15:21:40 UTC (rev 58118)
@@ -25,118 +25,118 @@
temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
def setup_path():
- dirname = os.path.dirname
- base = dirname(dirname(os.path.realpath(sys.argv[0])))
- sys.path.insert(0, os.path.join(base, "lib", "python"))
+ dirname = os.path.dirname
+ base = dirname(dirname(os.path.realpath(sys.argv[0])))
+ sys.path.insert(0, os.path.join(base, "lib", "python"))
def description_from_list(id, pkg='', skip_entries=0):
- setup_path()
- import bugs
- import debian_support
- is_temp = temp_id.match(id)
- skipped = 0
+ setup_path()
+ import bugs
+ import debian_support
+ is_temp = temp_id.match(id)
+ skipped = 0
- for bug in bugs.CVEFile(debian_support.findresource(
- *"data CVE list".split())):
- if bug.name == id or (is_temp and not bug.isFromCVE()):
- if pkg != '':
- matches = False
- for n in bug.notes:
- if n.package == pkg and str(n.urgency) != 'unimportant':
- matches = True
- break
- if not matches:
- continue
- if skipped < skip_entries:
- skipped += 1
- continue
- return bug.description
+ for bug in bugs.CVEFile(debian_support.findresource(
+ *"data CVE list".split())):
+ if bug.name == id or (is_temp and not bug.isFromCVE()):
+ if pkg != '':
+ matches = False
+ for n in bug.notes:
+ if n.package == pkg and str(n.urgency) != 'unimportant':
+ matches = True
+ break
+ if not matches:
+ continue
+ if skipped < skip_entries:
+ skipped += 1
+ continue
+ return bug.description
def gen_index(ids):
- ret = ''
- for cnt, id in enumerate(ids):
- if temp_id.match(id):
- continue
- ret += '\n[' + str(cnt) + '] https://security-tracker.debian.org/tracker/' + id + '\n'
- ret += ' https://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id
+ ret = ''
+ for cnt, id in enumerate(ids):
+ if temp_id.match(id):
+ continue
+ ret += '\n[' + str(cnt) + '] https://security-tracker.debian.org/tracker/' + id + '\n'
+ ret += ' https://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id
- return ret
+ return ret
def http_get(id):
- param = urllib.urlencode({'name' : id})
- resp = ''
- try:
- f = urllib.urlopen('https://cve.mitre.org/cgi-bin/cvename.cgi?%s' % param)
- resp = f.read()
- except Exception, e:
- error('on doing HTTP request' + str(e))
-
- f.close()
+ param = urllib.urlencode({'name' : id})
+ resp = ''
+ try:
+ f = urllib.urlopen('https://cve.mitre.org/cgi-bin/cvename.cgi?%s' % param)
+ resp = f.read()
+ except Exception, e:
+ error('on doing HTTP request' + str(e))
- return resp
+ f.close()
+ return resp
+
# this is a hack that parses the cve id description from mitre
def get_cve(id):
- desc = False
- r = re.compile('.*<th\ colspan=.*>Description<.*')
- tag = re.compile('.*</?tr>.*')
- reserved = re.compile(r'\*+\s+(<A HREF=.*>)?RESERVED(</A>)?\s+\*+')
- ret = ''
- resp = http_get(id)
+ desc = False
+ r = re.compile('.*<th\ colspan=.*>Description<.*')
+ tag = re.compile('.*</?tr>.*')
+ reserved = re.compile(r'\*+\s+(<A HREF=.*>)?RESERVED(</A>)?\s+\*+')
+ ret = ''
+ resp = http_get(id)
- for line in resp.rsplit('\n'):
- if r.match(line):
- desc = True
- continue
+ for line in resp.rsplit('\n'):
+ if r.match(line):
+ desc = True
+ continue
- if desc and reserved.search(line):
- break
+ if desc and reserved.search(line):
+ break
- if tag.match(line) and desc:
- continue
+ if tag.match(line) and desc:
+ continue
- if desc and '<td colspan="2">' in line:
- ret += '| ' + re.sub('.*<td colspan="2">', '', line)
- continue
+ if desc and '<td colspan="2">' in line:
+ ret += '| ' + re.sub('.*<td colspan="2">', '', line)
+ continue
- if desc and '</td>' in line:
- break
+ if desc and '</td>' in line:
+ break
- if desc and line != '':
- ret = ret + '\n| ' + line
+ if desc and line != '':
+ ret = ret + '\n| ' + line
- if ret == '':
- ret = description_from_list(id)
+ if ret == '':
+ ret = description_from_list(id)
- if ret == '':
- ret = 'No description was found (try on a search engine)'
+ if ret == '':
+ ret = 'No description was found (try on a search engine)'
- return ret + '\n'
+ return ret + '\n'
def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, cclist=None, src=False):
- vuln_suff = 'y'
- cve_suff = ''
- time_w = 'was'
- temp_id_cnt = 0
+ vuln_suff = 'y'
+ cve_suff = ''
+ time_w = 'was'
+ temp_id_cnt = 0
- if len(cveid) > 1:
- cve_suff = 's'
- vuln_suff = 'ies'
- time_w = 'were'
-
- if src:
- header = '''Source: %s\n''' % (pkg)
- else:
- header = '''Package: %s\n''' % (pkg)
+ if len(cveid) > 1:
+ cve_suff = 's'
+ vuln_suff = 'ies'
+ time_w = 'were'
- if affected is None:
- if blanks:
- header += "Version: FILLINAFFECTEDVERSION\n"
+ if src:
+ header = '''Source: %s\n''' % (pkg)
+ else:
+ header = '''Package: %s\n''' % (pkg)
+
+ if affected is None:
+ if blanks:
+ header += "Version: FILLINAFFECTEDVERSION\n"
else:
- header += "Version: %s\n" % affected
+ header += "Version: %s\n" % affected
if cc and len(cclist) > 0:
- header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
- header += '''Severity: %s
+ header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
+ header += '''Severity: %s
Tags: security
Hi,
@@ -144,38 +144,38 @@
the following vulnerabilit%s %s published for %s.
''' % (severity, vuln_suff, time_w, pkg)
- footer = '''If you fix the vulnerabilit%s please also make sure to include the
+ footer = '''If you fix the vulnerabilit%s please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry.
For further information see:''' % (vuln_suff, cve_suff)
- print header
- for cnt, cve in enumerate(cveid):
- if not temp_id.match(cve):
- print cve + '[' + str(cnt) + ']:'
- print get_cve(cve)
- else:
- print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt)
- desc = description_from_list(cve, pkg, temp_id_cnt)
- if desc:
- print desc + '\n'
- else:
- print 'No description has been specified\n'
- temp_id_cnt += 1
+ print header
+ for cnt, cve in enumerate(cveid):
+ if not temp_id.match(cve):
+ print cve + '[' + str(cnt) + ']:'
+ print get_cve(cve)
+ else:
+ print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt)
+ desc = description_from_list(cve, pkg, temp_id_cnt)
+ if desc:
+ print desc + '\n'
+ else:
+ print 'No description has been specified\n'
+ temp_id_cnt += 1
- print footer
- print gen_index(cveid)
+ print footer
+ print gen_index(cveid)
- if temp_id_cnt > 0:
- print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
- print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
+ if temp_id_cnt > 0:
+ print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
+ print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
- if not blanks:
- print '''\nPlease adjust the affected versions in the BTS as needed.\n'''
+ if not blanks:
+ print '''\nPlease adjust the affected versions in the BTS as needed.\n'''
def error(msg):
- print 'error: ' + msg
- sys.exit(1)
+ print 'error: ' + msg
+ sys.exit(1)
class NegateAction(argparse.Action):
'''add a toggle flag to argparse
@@ -202,36 +202,36 @@
def main():
- parser = argparse.ArgumentParser()
- parser.add_argument('--no-blanks', '--blanks', dest='blanks', action=NegateAction,
- help='include blank fields to be filled (default: %(default)s)')
- parser.add_argument('--affected', help='affected version (default: unspecified)')
- parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)')
- parser.add_argument('--cc', '--no-cc', dest='cc', action=NegateAction,
- help='add X-Debbugs-CC header to')
- parser.add_argument('--cc-list', dest='cclist', default=['team at security.debian.org', 'secure-testing-team at lists.alioth.debian.org'],
- help='list of addresses to add in CC (default: %(default)s)')
- parser.add_argument('--src', action="store_true", help='report against source package')
- parser.add_argument('pkg', help='affected package')
- parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs')
- args = parser.parse_args()
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--no-blanks', '--blanks', dest='blanks', action=NegateAction,
+ help='include blank fields to be filled (default: %(default)s)')
+ parser.add_argument('--affected', help='affected version (default: unspecified)')
+ parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)')
+ parser.add_argument('--cc', '--no-cc', dest='cc', action=NegateAction,
+ help='add X-Debbugs-CC header to')
+ parser.add_argument('--cc-list', dest='cclist', default=['team at security.debian.org', 'secure-testing-team at lists.alioth.debian.org'],
+ help='list of addresses to add in CC (default: %(default)s)')
+ parser.add_argument('--src', action="store_true", help='report against source package')
+ parser.add_argument('pkg', help='affected package')
+ parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs')
+ args = parser.parse_args()
- blanks = args.blanks
- pkg = args.pkg
- cve = args.cve
+ blanks = args.blanks
+ pkg = args.pkg
+ cve = args.cve
- # check for valid parameters
- p = re.compile('^[0-9a-z].*')
- c = re.compile('(CVE|cve)\-[0-9]{4}-[0-9]{4,}')
+ # check for valid parameters
+ p = re.compile('^[0-9a-z].*')
+ c = re.compile('(CVE|cve)\-[0-9]{4}-[0-9]{4,}')
- if not p.match(pkg):
- error(pkg + ' does not seem to be a valid source package name')
+ if not p.match(pkg):
+ error(pkg + ' does not seem to be a valid source package name')
- for arg in cve:
- if not c.match(arg) and not temp_id.match(arg):
- error(arg + ' does not seem to be a valid CVE id')
+ for arg in cve:
+ if not c.match(arg) and not temp_id.match(arg):
+ error(arg + ' does not seem to be a valid CVE id')
- gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src)
+ gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src)
if __name__ == '__main__':
- main()
+ main()
More information about the Secure-testing-commits
mailing list