diff options
author | Raphael Geissert <geissert@debian.org> | 2012-08-20 01:41:26 +0000 |
---|---|---|
committer | Raphael Geissert <geissert@debian.org> | 2012-08-20 01:41:26 +0000 |
commit | 3116267f38fcaeb79cc00ef4521342140c616c83 (patch) | |
tree | be9e8471191e629e01eb68f197846c3349de799b /bin/report-vuln | |
parent | b45d10009160e0f334bef7466b0f48e02fed04e3 (diff) |
Allow report-vuln to report issues without CVE ids
USAGE: bin/report-vuln src-pkg CVE-2012-XXXX
Specify as many CVE-less entries as the number of issues to report.
E.g. to report two issues without CVE id against foo:
bin/report-vuln foo CVE-2012-XXXX CVE-2012-XXXX
NOTE: Make sure you add a description to the CVE/list entries!
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@19983 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/report-vuln')
-rwxr-xr-x | bin/report-vuln | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/bin/report-vuln b/bin/report-vuln index e7fea38daa..675e20fa2b 100755 --- a/bin/report-vuln +++ b/bin/report-vuln @@ -15,23 +15,41 @@ import sys, re, urllib, os +temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX') + def setup_path(): dirname = os.path.dirname base = dirname(dirname(os.path.realpath(sys.argv[0]))) sys.path.insert(0, os.path.join(base, "lib", "python")) -def description_from_list(id): +def description_from_list(id, pkg = '', skip_entries = 0): setup_path() import bugs import debian_support + is_temp = temp_id.match(id) + skipped = 0 + for bug in bugs.CVEFile(debian_support.findresource( *"data CVE list".split())): - if bug.name == id: + if bug.name == id or (is_temp and not bug.isFromCVE()): + if pkg != '': + matches = False + for n in bug.notes: + if n.package == pkg: + matches = True + break + if not matches: + continue + if skipped < skip_entries: + skipped += 1 + continue return bug.description def gen_index(ids): ret = '' for cnt, id in enumerate(ids): + if temp_id.match(id): + continue ret += '\n[' + str(cnt) + '] http://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id + '\n' ret += ' http://security-tracker.debian.org/tracker/' + id @@ -92,6 +110,7 @@ def gen_text(pkg, cveid): vuln_suff = 'y' cve_suff = '' time_w = 'was' + temp_id_cnt = 0 if len(cveid) > 1: cve_suff = 's' @@ -115,12 +134,25 @@ For further information see:''' % (vuln_suff, cve_suff) print header for cnt, cve in enumerate(cveid): - print cve + '[' + str(cnt) + ']:' - print get_cve(cve) + if not temp_id.match(cve): + print cve + '[' + str(cnt) + ']:' + print get_cve(cve) + else: + print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt) + desc = description_from_list(cve, pkg, temp_id_cnt) + if desc: + print desc + '\n' + else: + print 'No description has been specified\n' + temp_id_cnt += 1 print footer print gen_index(cveid) + if temp_id_cnt > 0: + print '\nhttp://security-tracker.debian.org/tracker/source-package/%s' % (pkg) + print '(issues without id are assigned a temporary one that may change over time)\n' + def error(msg): print 'error: ' + msg sys.exit(1) @@ -144,7 +176,7 @@ def main(): error(pkg + ' does not seem to be a valid source package name') for arg in cve: - if not c.match(arg): + if not c.match(arg) and not temp_id.match(arg): error(arg + ' does not seem to be a valid CVE id') gen_text(pkg, cve) |