From d68e4cb2969b47e2e126cae635e32602f6f97e4c Mon Sep 17 00:00:00 2001 From: Bjoern Tropf Date: Fri, 20 Nov 2009 10:48:35 +0100 Subject: Implement pending cve in cron.py Fix tabs in setup.py Update TODO --- TODO | 29 +++++++--------------------- setup.py | 4 ++-- tools/cron.py | 61 +++++++++++++++++++++++++++++++++++++++++------------------ 3 files changed, 52 insertions(+), 42 deletions(-) diff --git a/TODO b/TODO index 68ef59c..9c61fcc 100644 --- a/TODO +++ b/TODO @@ -1,30 +1,15 @@ -Implementation -============== - Implement Report -- Implement GUI -- Implement kernel testing framwork +- Implement the testsuite +- Implement kernel testing framework +- Find a way to import '-' or '_' modules - Handle "best kernel not found" - Add further error handling -- Implement hardend/xen intervall - -Cleanup and Rework -================== -- Rework cron.py -- Remove unused code and find better ways -- Check lookaround of 'grp_all' +- Implement hardend/xen interval +- Add parameters to cron.py - Rework interval class -- Rework cves.refs - -Dokumentation -============= +- Split up cves.refs - Use telling function- and variable names - Write a proper documentation -- Implement DTD - -Whiteboard changes -================== +- Implement DTD for vulnerability files - Move arch into whiteboard e.g. {x86, amd64} - -Summary changes -=============== - Explicitly mention the CVSS score e.g. (CVSS-5.6) diff --git a/setup.py b/setup.py index 261275a..4a62ae6 100644 --- a/setup.py +++ b/setup.py @@ -15,7 +15,7 @@ setup( author_email='asym@gentoo.org', url='http://dev.gentoo.org/~asym/guide.xml', package_dir={'': 'src'}, - packages=['kernelcheck', 'kernelcheck.lib'], - scripts=['bin/kernel-check'] + packages=['kernelcheck', 'kernelcheck.lib'], + scripts=['bin/kernel-check'] ) diff --git a/tools/cron.py b/tools/cron.py index ecea3de..2287922 100755 --- a/tools/cron.py +++ b/tools/cron.py @@ -37,7 +37,16 @@ CONST = { 'portdir' : portage.settings['PORTDIR'] } -NOCVE = { +PENDING = { + 'published' : '0000-00-00', + 'desc' : 'Pending', #TODO + 'severity' : 'Low', + 'vector' : '()', + 'score' : '0.0', + 'refs' : et.Element('refs') +} + +NOMATCH = { 'cve' : 'GENERIC-MAP-NOMATCH', 'published' : '0000-00-00', 'desc' : 'This GENERIC identifier is not specific to any ' \ @@ -53,8 +62,8 @@ NOCVE = { PARAM = { 'delay' : 0.2, - 'skip' : False, - 'logfile' : os.path.join(CONST['filepath'], 'cron.log'), + 'skip' : True, + 'logfile' : False, #os.path.join(CONST['filepath'], 'cron.log'), 'tmpdir' : os.path.join(CONST['filepath'], 'tmp'), 'bugdir' : os.path.join(CONST['filepath'], 'tmp', 'bug'), 'nvddir' : os.path.join(CONST['filepath'], 'tmp', 'nvd'), @@ -142,15 +151,17 @@ def main(argv): vul = parse_bz_dict(PARAM['bugdir'], item) for cve in vul['cvelist']: - if cve == NOCVE['cve']: - vul['cves'] = [NOCVE['cve']] + if cve == NOMATCH['cve']: + vul['cves'] = [NOMATCH['cve']] if len(vul['cvelist']) > 1: - raise CronError('\'Nocve\' and valid cve: ' + item) + logging.error('\'Nomatch\' and valid cve: ' + item) else: try: vul['cves'].append(nvd_dict[cve]) except KeyError: - raise CronError('No Nvd entry: ' + cve) + logging.error('No Nvd entry: ' + cve) + vul['cves'].append(cve) + vul['pending'] = True write_xml_file(PARAM['outdir'], vul) created_files += 1 @@ -255,7 +266,7 @@ def parse_bz_dict(directory, bugid): string = string.replace('CAN', 'CVE') if string in REGEX['m_nomatch'].findall(string): - cvelist = [NOCVE['cve']] + cvelist = [NOMATCH['cve']] for (year, split_cves) in REGEX['grp_all'].findall(string): for cve in REGEX['grp_split'].findall(split_cves): @@ -272,10 +283,11 @@ def parse_bz_dict(directory, bugid): 'reporter' : root.find('reporter').text.lower(), 'reported' : root.find('creation_ts').text, 'status' : root.find('bug_status').text.lower(), + 'pending' : False; } for item in vul['cvelist']: - if item != NOCVE['cve']: + if item != NOMATCH['cve']: if item not in CVES: CVES[item] = vul.bugid else: @@ -390,20 +402,33 @@ def write_xml_file(directory, vul): for cve in vul['cves']: cveroot = et.SubElement(root, 'cve') - if cve == NOCVE['cve']: + if cve == NOMATCH['cve']: for element in CONST['cveorder']: if element == 'refs': - cveroot.append(NOCVE[element]) + cveroot.append(NOMATCH[element]) else: node = et.SubElement(cveroot, element) - node.text = NOCVE[element] + node.text = NOMATCH[element] else: - for element in CONST['cveorder']: - if element == 'refs': - cveroot.append(cve[element]) - else: - node = et.SubElement(cveroot, element) - node.text = cve[element] + if vul['pending']: + for element in CONST['cveorder']: + if element == 'refs': + cveroot.append(PENDING[element]) + else: + if element == 'cve': + node = et.SubElement(cveroot, element) + node.text = cve + else: + node = et.SubElement(cveroot, element) + node.text = PENDING[element] + + else: + for element in CONST['cveorder']: + if element == 'refs': + cveroot.append(cve[element]) + else: + node = et.SubElement(cveroot, element) + node.text = cve[element] with open(filename, 'w') as xmlout: __indent__(root) -- cgit v1.2.3-65-gdbad