sectracker.analyzers.extractversions(): find all known versions of package

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14646 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 62 insertions, 1 deletions

diff --git a/lib/python/sectracker/analyzers.py b/lib/python/sectracker/analyzers.py
new file mode 100644
index 0000000000..d5119671c2
--- /dev/null
+++ b/lib/python/sectracker/analyzers.py
@@ -0,0 +1,51 @@
+# sectracker.analyzers -- vulnerability analysis
+# Copyright (C) 2010 Florian Weimer <fw@deneb.enyo.de>
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+import apt_pkg as _apt_pkg
+
+# vercmp is the Debian version comparison algorithm
+_apt_pkg.init()
+try:
+    vercmp = _apt_pkg.version_compare
+except AttributeError:
+    vercmp = _apt_pkg.VersionCompare
+
+def extractversions(config, listfiles, diag):
+    """Extracts version information from list files.
+
+    Uses the repository configuration config to obtain a nested
+    dictionary, mapping release names to packages and sets of
+    versions.  Then scans the (already parsed) files in listfiles for
+    additional versions for those releases.  If an unknown release is
+    encountered, an error message is added to diag."""
+
+    rpv = config.releasepackageversions()
+    for listfile in listfiles:
+        for bug in listfile.list:
+            for ann in bug.annotations:
+                if ann.type == "package" and ann.version is not None \
+                        and ann.release is not None:
+                    if ann.release not in rpv:
+                        diag.error(file=bug.file, line=ann.line,
+                                   message="unknown release: %r" % ann.release)
+                    else:
+                        pv = rpv[ann.release]
+                        if ann.package in pv:
+                            pv[ann.package].add(ann.version)
+                        else:
+                            pv[ann.package] = set((ann.version,))
+    return rpv
diff --git a/lib/python/sectracker_test/test_repo.py b/lib/python/sectracker_test/test_repo.py
index 740f466d68..c818a8822a 100644
--- a/lib/python/sectracker_test/test_repo.py
+++ b/lib/python/sectracker_test/test_repo.py
@@ -20,6 +20,8 @@ import shutil
 import tempfile
 
 from sectracker.repo import *
+import sectracker.analyzers as a
+from sectracker.diagnostics import Diagnostics
 import sectracker.parsers as p
 
 tmp = tempfile.mkdtemp()
@@ -50,4 +52,12 @@ c.update()
 rpv = c.releasepackageversions()
 assert "sid" in rpv
 assert "bash" in rpv["sid"]
-
+diag = Diagnostics()
+rpv = a.extractversions(c, (p.cvelist("../../data/CVE/list"),), diag)
+if False:
+    for r, pv in rpv.items():
+        for p, v in pv.items():
+            if len(v) > 1:
+                print r, p, v
+for err in diag.messages():
+    print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message)