diff options
| author |   Bjoern Tropf <asym@gentoo.org> | 2009-11-14 12:16:25 +0100 |
|---|---|---|
| committer | Bjoern Tropf <asym@gentoo.org> | 2009-11-14 12:16:25 +0100 |
| commit | f12b7f41c2dff37eebedf6027cf5aa33a5994258 (patch) | |
| tree | f92e712abc6dd8f4ec7b14b33e90ba96f7bba425 | |
| parent | Fix some bugs (diff) | |
| download | kernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.tar.gz kernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.tar.bz2 kernel-check-f12b7f41c2dff37eebedf6027cf5aa33a5994258.zip | |
Implement a NOCVE dictionary
Modify BUG_ON to support exception messages
Fix small typo
| -rwxr-xr-x | kernel-check.py | 2 | ||||
| -rw-r--r-- | lib/kernellib.py | 21 | ||||
| -rwxr-xr-x | tools/cron.py | 39 |
3 files changed, 40 insertions, 22 deletions
diff --git a/kernel-check.py b/kernel-check.py index a1ab21d..5241ca3 100755 --- a/kernel-check.py +++ b/kernel-check.py @@ -247,7 +247,7 @@ def print_beta(): 'Prints a beta warning message' print('') - error('%s You are using a early version of kernel-check.' % + error('%s You are using an early version of kernel-check.' % color('BAD', 'IMPORTANT')) error('Please note that this tool might not operate as expected.') diff --git a/lib/kernellib.py b/lib/kernellib.py index bc979cd..6f91ce5 100644 --- a/lib/kernellib.py +++ b/lib/kernellib.py @@ -58,10 +58,10 @@ DIR = { 'nvd' : os.path.join(FILEPATH, 'tmp', 'nvd') } -def BUG_ON(msg): +def BUG_ON(msg, e): if DEBUG: - print 'DEBUG line %s in %s(): %s' % (inspect.stack()[1][2], - inspect.stack()[1][3], msg) + print 'DEBUG line %s in %s(): %s -> %s' % (inspect.stack()[1][2], + inspect.stack()[1][3], msg, e) class Evaluation: @@ -393,8 +393,8 @@ def parse_cve_files(directory): if cve_file is not None: files.append(cve_file) - except AttributeError: - pass + except AttributeError, e: + BUG_ON(item, e) return files @@ -519,7 +519,8 @@ def read_cve_file(directory, bugid): with open(filename, 'r+') as xml_data: memory_map = mmap.mmap(xml_data.fileno(), 0) root = xml.etree.cElementTree.parse(memory_map).getroot() - except IOError: + except IOError, e: + BUG_ON(filename, e) return None bugroot = root.find('bug') @@ -539,10 +540,16 @@ def read_cve_file(directory, bugid): for item in root: if item.tag == 'cve': cve = Cve(item.find('cve').text) + if cve is None: + return None for elem in ['desc', 'published', 'refs', 'severity', 'score', 'vector']: - setattr(cve, elem, item.find(elem).text) + element = item.find(elem) + if element is not None: + setattr(cve, elem, item.find(elem).text) + else: + BUG_ON(filename, '(%s, \'No such element\')' % elem) cves.append(cve) vul.cves = cves diff --git a/tools/cron.py b/tools/cron.py index 17475ab..ddf1792 100755 --- a/tools/cron.py +++ b/tools/cron.py @@ -21,11 +21,20 @@ class CronError(Exception): def __init__(self, value): self.value = value -NOCVE = 'GENERIC-MAP-NOMATCH' -NOCVEDESC = 'This GENERIC identifier is not specific to any vulnerability. '\ - 'GENERIC-MAP-NOMATCH is used by products, databases, and ' \ - 'services to specify when a particular vulnerability element ' \ - 'does not map to a corresponding CVE entry.' +NOCVE = { + 'cve' : 'GENERIC-MAP-NOMATCH', + 'published' : '0000-00-00', + 'desc' : 'This GENERIC identifier is not specific to any ' \ + 'vulnerability. GENERIC-MAP-NOMATCH is used by products, ' \ + 'databases, and services to specify when a particular ' \ + 'vulnerability element does not map to a corresponding ' \ + 'CVE entry.', + 'severity' : 'Low', + 'vector' : '()', + 'score' : '0.0', + 'refs' : et.Element('refs') +} + DELAY = 0.2 SKIP = False MINYEAR = 2002 @@ -120,8 +129,8 @@ def main(argv): vul = parse_bz_dict(DIR['bug'], item) for cve in vul['cvelist']: - if cve == NOCVE: - vul['cves'] = [NOCVE] + if cve == NOCVE['cve']: + vul['cves'] = [NOCVE['cve']] break #TODO Raise exception instead of break else: try: @@ -230,7 +239,7 @@ def parse_bz_dict(directory, bugid): string = string.replace('CAN', 'CVE') if string in REGEX['m_nomatch'].findall(string): - cvelist = [NOCVE] + cvelist = [NOCVE['cve']] for (year, split_cves) in REGEX['grp_all'].findall(string): for cve in REGEX['grp_split'].findall(split_cves): @@ -247,7 +256,7 @@ def parse_bz_dict(directory, bugid): } for item in vul['cvelist']: - if item != NOCVE: + if item != NOCVE['cve']: if item not in CVES: CVES[item] = vul.bugid else: @@ -362,11 +371,13 @@ def write_xml_file(directory, vul): for cve in vul['cves']: cveroot = et.SubElement(root, 'cve') - if cve == NOCVE: - node = et.SubElement(cveroot, 'cve') - node.text = NOCVE - node = et.SubElement(cveroot, 'desc') - node.text = NOCVEDESC + if cve == NOCVE['cve']: + for element in CVEORDER: + if element == 'refs': + cveroot.append(NOCVE[element]) + else: + node = et.SubElement(cveroot, element) + node.text = NOCVE[element] else: for element in CVEORDER: if element == 'refs': |