From 40fb1bc95de317567bd36aace2149061743d9598 Mon Sep 17 00:00:00 2001 From: Bjoern Tropf Date: Mon, 7 Dec 2009 22:03:08 +0100 Subject: Implement kernel updates --- TODO | 1 + pym/kernelcheck/kernelcheck.py | 24 ++++++++++++++++++------ pym/kernelcheck/lib/kernellib.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 47 insertions(+), 7 deletions(-) diff --git a/TODO b/TODO index d108ac4..0985d67 100644 --- a/TODO +++ b/TODO @@ -16,3 +16,4 @@ - Implement sync properly - Sort print_items - Port cron.py to python3 +- Move arch and genpatch to kernel class diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py index 45914d6..0f08425 100755 --- a/pym/kernelcheck/kernelcheck.py +++ b/pym/kernelcheck/kernelcheck.py @@ -3,7 +3,7 @@ # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -from portage.output import blue, bold, colorize, EOutput, darkgreen #FIXME +from portage.output import blue, bold, colorize, EOutput, darkgreen, teal #TODO try: from _emerge.userquery import userquery @@ -112,12 +112,20 @@ def main(argv): error('No kernel vulnerability files found!') return + kernel_updates = lib.eval_kernel_updates(kernel, evaluation, arch) #FIXME + if len(evaluation.affected) is not 0: - print_summary(evaluation.affected) + print_summary(evaluation.affected, kernel_updates) - print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f\n' % ( + print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % ( len(evaluation.affected), repr(evaluation), evaluation.avg_cvss)) + if kernel_updates: + print('Kernel updates:') + for key in kernel_updates.keys(): + print(' %s %s' % (teal('[%s]' % kernel_updates[key]), key)) + + print('') prompt = "Would you like to upgrade your kernel?" if userquery(prompt, None) == 'No': print('') @@ -150,7 +158,7 @@ def print_items(category, header): print('%s%s' % (' ' * 23, string)) -def print_summary(vullist): +def print_summary(vullist, kernel_updates): 'Prints the vulnerability summary' for item in vullist: @@ -177,9 +185,13 @@ def print_summary(vullist): if 'A:P' in cve.vector or 'A:C' in cve.vector: cvetype += '%s%s' % (' ', blue('-availability')) - print ('[%s %26s] %s %s TYPE="%s"') % (darkgreen('bugid'), + index = str() + if repr(item.fixed) in kernel_updates: + index = teal('[%s]' % kernel_updates[repr(item.fixed)]) + + print('[%s %26s] %s %s TYPE="%s" %s') % (darkgreen('bugid'), colorize('GOOD', item.bugid), darkgreen(cve.cve), - blue('[%s]' % cve.score), cvetype) + blue('[%s]' % cve.score), cvetype, index) print('') diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py index 2dcd8cd..384026f 100644 --- a/pym/kernelcheck/lib/kernellib.py +++ b/pym/kernelcheck/lib/kernellib.py @@ -211,6 +211,7 @@ class Vulnerability: reported = str() reporter = str() status = str() + fixed = None def __init__(self, bugid): self.bugid = bugid @@ -593,7 +594,7 @@ def extract_version(release): match = REGEX['k_version'].match(release) if not match: - BUG_ON('[Error] Release %s contains no valid information' % release) + BUG_ON('Contains no valid information', release) return None version, rest = match.groups() @@ -643,6 +644,32 @@ def all_version(source): return versions + +def eval_kernel_updates(kernel, kernel_eval, arch, spin=None): #TODO + "" + + index = 0 + kernel_dict = dict() + + for compare in all_version(kernel.source): + if compare.version > kernel.version or \ + (compare.version == kernel.version and \ + compare.revision > kernel.revision): + compare.genpatch = get_genpatch(PORTDIR, compare) + compare_eval = eval_cve_files(DIR['out'], compare, arch, None) + comparison = compare_evaluation(kernel_eval, compare_eval) + + for item in comparison.fixed: + if item.fixed is None: + item.fixed = compare + + if repr(compare) not in kernel_dict: + kernel_dict[repr(compare)] = index + index += 1 + + return kernel_dict + + def gather_configuration(): "" -- cgit v1.2.3-65-gdbad