diff options
| author | Stefan Fritsch <sf@sfritsch.de> | 2008-01-14 23:08:05 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2008-01-14 23:08:05 +0000 |
| commit | 20dab791ad9d685a1950bde83526fbf344d0a8ed (patch) | |
| tree | f48a74edc60f4c4bf13308f01d9ebc0b44746c64 /bin | |
| parent | 4554b3632c967d52cd33c5d3f1760f9dbae0b685 (diff) | |
- preliminary support for embedded-code-copies
- minor improvements at guessing the product name
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7925 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/check-new-issues | 109 |
1 files changed, 104 insertions, 5 deletions
diff --git a/bin/check-new-issues b/bin/check-new-issues index aab7db454a..4004d60d79 100755 --- a/bin/check-new-issues +++ b/bin/check-new-issues @@ -7,7 +7,7 @@ use Getopt::Std; use Term::ReadLine; my %opts; -getopts('ln:fhi:t:T', \%opts); +getopts('ln:fhi:t:Tc', \%opts); if ($opts{h}) { print <<'EOF'; @@ -20,6 +20,7 @@ downloads allitems.txt from cve.mitre.org and shows full decription for each * blank line to skip to next issue * .fname to do "apt-file search name" * .cname to do "apt-cache search name" + * .mpackage to search data/embedded-code-copies for "package" * v or e to launch an editor with the current item * q to save and quit * CTRL-C to quit without saving @@ -34,6 +35,7 @@ OPTIONS: [ -l [-n <n>] [-f] ] -i regexp : use regexp to select issues (default: 'CVE-200[3-9]' ) -t regexp : use regexp to select todos (default: '^\s+TODO: check$' ) -T : same as -t '^\s+TODO: check' (note the missing $) +-c : only do syntax check of embedded-code-copies EOF @@ -56,6 +58,18 @@ if (-e "secure-testing/data/CVE/list") { $basedir=".."; } + +my $embed_code = {}; +my $embed_pkg = {}; +my $embed_errors; + +read_embedded_copies(); + +if ($opts{c}) { + exit($embed_errors); +} + + my $datafile="$basedir/data/CVE/list"; my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz|"; my $allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz"; @@ -100,7 +114,9 @@ foreach my $entry (@{$entries}) { } } -print scalar(@{$CVEs}), "/", scalar(@{$entries}), "/", scalar(@todos), "\n"; +print scalar(@{$CVEs}), " CVEs, ", + scalar(@{$entries}) - scalar(@{$CVEs}), " temp issues, ", + scalar(@todos), " todos matching /$todo_regexp/\n"; if ($opts{l}) { #list only @@ -159,6 +175,14 @@ TODO: foreach my $todo (reverse sort @todos) { print "===\n"; next READ; } + elsif ($r=~ /^\.m(.*)$/ ) { + my $s = $1; + $s =~ s/^\s+//; + $s =~ s/\s+$//; + print "references to $s in embedded-code-copies:\n"; + search_embed($s) or print "none\n"; + next READ; + } elsif ($r=~ /^q$/i ) { last TODO; } @@ -247,7 +271,10 @@ sub auto_search { my $file; my $prog; - if ( $desc =~ / in (\S+\.\S+) in (\S+) / ) { + if ( $desc =~ /^(\S+(?: [A-Z]\w*)*) \d/ ) { + $prog = $1; + } + elsif ( $desc =~ / in (\S+\.\S+) in (?:the )?(\S+) / ) { $file = $1; $prog = $2; } @@ -259,11 +286,15 @@ sub auto_search { my $ac=`apt-cache search '$prog' |wc -l`; chomp $ac; print "\r$ac results from apt-cache search $prog\n"; + + foreach my $p (split /\s+/, $prog) { + search_embed($p); + } } - if ( $file eq 'index.php' ) { + if ( $file =~ /^(?:index|default|login|search|admin)\.(?:php3?|asp|cgi|pl)$/i ) { return; } - if ( $file =~ /(php3?|asp|cgi)$/ ) { + if ( $file =~ /(php3?|asp|cgi|pl)$/ ) { if (! exists $afcache{$file}) { print "doing apt-file search..."; $afcache{$file}=`apt-file -i search '$file' |wc -l`; @@ -272,3 +303,71 @@ sub auto_search { print "\r$afcache{$file} results from apt-file -i search $file\n"; } } + +sub read_embedded_copies { + open(my $fh, "$basedir/data/embedded-code-copies"); + + # skip comments + while (<$fh>) { + last if /^---BEGIN/; + } + + my ($code, $pkg); + while (my $line = <$fh>) { + if ($line =~ /^([-\w]+)/) { + $code = lc($1); + $pkg = undef; + if (exists $embed_code->{$code}) { + syntax_error("Duplicate embedded code $code") + } + } + elsif ($line =~ /^\s*$/) { + $code = undef; + $pkg = undef; + } + elsif ($line =~ /^\s+(?:\[\w+\]\s+)?-\s+(\w[\w.-]+)/) { + $pkg = $1; + $line =~ s/^\s+//; + if ($embed_code->{$code}->{$pkg}) { + $embed_code->{$code}->{$pkg} .= $line; + } + else { + $embed_code->{$code}->{$pkg} = $line; + push @{$embed_pkg->{$pkg}}, $code; + } + } + elsif ($line =~ /^\s+(?:NOTE|TODO)/) { + $line =~ s/^\s+//; + if ($pkg) { + $embed_code->{$code}->{$pkg} .= $line; + } + } + else { + syntax_error("Cannot parse $line"); + } + } +} + +sub syntax_error { + $embed_errors=1; + print STDERR "embedded-code-copies:$.: @_\n"; +} + +sub search_embed { + my $text = shift; + my $found = 0; + $text = lc($text); + if (exists $embed_code->{$text}) { + print "$text is embedded by: ", + join(" ", sort keys %{$embed_code->{$text}}), + "\n"; + $found = 1; + } + if (exists $embed_pkg->{$text}) { + print "$text embeds: ", + join(" ", sort @{$embed_pkg->{$text}}), + "\n"; + $found = 1; + } + return $found; +} |