diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2010-05-08 16:59:00 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2010-05-08 16:59:00 +0000 |
commit | 32db85294fe062b046ffbd4c0a1137141c7d963d (patch) | |
tree | c05df185ba82000476a405d18257e9b56cd52fe7 /lib | |
parent | 3ceaf3293a27d65a4ea040154f2b6542fcfbcad0 (diff) |
sectracker.analyzers.extractversions(): find all known versions of package
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14646 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/sectracker/analyzers.py | 51 | ||||
-rw-r--r-- | lib/python/sectracker_test/test_repo.py | 12 |
2 files changed, 62 insertions, 1 deletions
diff --git a/lib/python/sectracker/analyzers.py b/lib/python/sectracker/analyzers.py new file mode 100644 index 0000000000..d5119671c2 --- /dev/null +++ b/lib/python/sectracker/analyzers.py @@ -0,0 +1,51 @@ +# sectracker.analyzers -- vulnerability analysis +# Copyright (C) 2010 Florian Weimer <fw@deneb.enyo.de> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +import apt_pkg as _apt_pkg + +# vercmp is the Debian version comparison algorithm +_apt_pkg.init() +try: + vercmp = _apt_pkg.version_compare +except AttributeError: + vercmp = _apt_pkg.VersionCompare + +def extractversions(config, listfiles, diag): + """Extracts version information from list files. + + Uses the repository configuration config to obtain a nested + dictionary, mapping release names to packages and sets of + versions. Then scans the (already parsed) files in listfiles for + additional versions for those releases. If an unknown release is + encountered, an error message is added to diag.""" + + rpv = config.releasepackageversions() + for listfile in listfiles: + for bug in listfile.list: + for ann in bug.annotations: + if ann.type == "package" and ann.version is not None \ + and ann.release is not None: + if ann.release not in rpv: + diag.error(file=bug.file, line=ann.line, + message="unknown release: %r" % ann.release) + else: + pv = rpv[ann.release] + if ann.package in pv: + pv[ann.package].add(ann.version) + else: + pv[ann.package] = set((ann.version,)) + return rpv diff --git a/lib/python/sectracker_test/test_repo.py b/lib/python/sectracker_test/test_repo.py index 740f466d68..c818a8822a 100644 --- a/lib/python/sectracker_test/test_repo.py +++ b/lib/python/sectracker_test/test_repo.py @@ -20,6 +20,8 @@ import shutil import tempfile from sectracker.repo import * +import sectracker.analyzers as a +from sectracker.diagnostics import Diagnostics import sectracker.parsers as p tmp = tempfile.mkdtemp() @@ -50,4 +52,12 @@ c.update() rpv = c.releasepackageversions() assert "sid" in rpv assert "bash" in rpv["sid"] - +diag = Diagnostics() +rpv = a.extractversions(c, (p.cvelist("../../data/CVE/list"),), diag) +if False: + for r, pv in rpv.items(): + for p, v in pv.items(): + if len(v) > 1: + print r, p, v +for err in diag.messages(): + print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) |