[Pkg-mozext-maintainers] Bug#818361: xul-ext-debianbuttons: security issues button & pages containing CVEs/DSAs/DLAs

Wed Mar 16 12:18:48 UTC 2016

Package: xul-ext-debianbuttons
Severity: wishlist

I wrote a Greasemonkey script to allow me to easily load all the CVEs
mentioned on a page into new browser tabs. I have been thinking that I
should get this into Debian somehow and debianbuttons looks like the
right place for that.

Essentially the idea would be to have the security issues button check
for CVE/DSA/DLA in the clipboard or selection (or the full document if
there is no clipboard or selection) and open each one in a new tab.

If there are none then fall back to just appending the clipboard
keyword to the end of the URL as usual.

If the user wants to not open new tabs then fall back to just appending
the clipboard to the end of the URL as usual.

This should work for most existing uses as well as my use-case too.

The only case it would mess up is someone on a page with CVEs, having
no clipboard and wanting to visit the front page of the sectracker in a
new tab rather than the current tab. Any thoughts on that?

I don't know JavaScript well but I think it should look like this:

    load_uri: function(in_new, uri) {
        if (in_new) {
            var b = getBrowser();
            var new_tab = b.addTab(uri);
            b.selectedTab = new_tab;
        }
        else {
            loadURI(uri);
        }
    },

    load_keyword: function(in_new, keyword) {
        var uri = "https://security-tracker.debian.org/";
        if (keyword) uri += "tracker/" + keyword;
    },

    lookup_security: function(in_new) {
        var cver = /CVE-[0-9]+-[0-9]+/gi;
        var dsar = /DSA-[0-9]+-[0-9]+/gi;
        var dlar = /DSA-[0-9]+-[0-9]+/gi;
        var cves, dsas, dlas;
        var clip = IceDeb.getClipboardText();
        var keyw = IceDeb.trim_keyword(clip);
        if (clip && clip.length) {
            cves = clip.match(cver);
            dsas = clip.match(dsar);
            dlas = clip.match(dlar);
        } else {
            var doc = content.document.getElementsByTagName('html')[0].innerHTML;
            cves = doc.match(cver);
            dsas = doc.match(dsar);
            dlas = doc.match(dlar);
        }
        var ids = Array.concat(cves, dsas, dlas);
        if (in_new && ids.length) {
            for each (id in ids) {
                IceDeb.load_keyword(in_new, id);
            }
        } else {
            IceDeb.load_keyword(in_new, keyw);
        }
    },

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20160316/89c8d4c1/attachment.sig>