|
Lines 11-17
Link Here
|
| 11 |
|
11 |
|
| 12 |
__program__ = "glsa-check" |
12 |
__program__ = "glsa-check" |
| 13 |
__author__ = "Marius Mauch <genone@gentoo.org>" |
13 |
__author__ = "Marius Mauch <genone@gentoo.org>" |
| 14 |
__version__ = "0.5" |
14 |
__version__ = "0.5.1" |
| 15 |
|
15 |
|
| 16 |
optionmap = [ |
16 |
optionmap = [ |
| 17 |
["-l", "--list", "list all unapplied GLSA"], |
17 |
["-l", "--list", "list all unapplied GLSA"], |
|
Lines 24-45
Link Here
|
| 24 |
["-h", "--help", "show this help message"], |
24 |
["-h", "--help", "show this help message"], |
| 25 |
["-V", "--version", "some information about this tool"], |
25 |
["-V", "--version", "some information about this tool"], |
| 26 |
["-v", "--verbose", "print more messages (option)"], |
26 |
["-v", "--verbose", "print more messages (option)"], |
|
|
27 |
["-q", "--quiet", "don't print startup message"], |
| 28 |
["-c", "--cve", "print startup message"], |
| 27 |
] |
29 |
] |
| 28 |
|
30 |
|
| 29 |
# print a warning as this is beta code |
|
|
| 30 |
sys.stderr.write("WARNING: This tool is completely new and not very tested, so it should not be\n") |
| 31 |
sys.stderr.write("used on production systems. It's mainly a test tool for the new GLSA release\n") |
| 32 |
sys.stderr.write("and distribution system, it's functionality will later be merged into emerge\n") |
| 33 |
sys.stderr.write("and equery.\n") |
| 34 |
sys.stderr.write("Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml\n") |
| 35 |
sys.stderr.write("before using this tool AND before reporting a bug.\n\n") |
| 36 |
|
| 37 |
# option parsing |
31 |
# option parsing |
|
|
32 |
quiet = False |
| 33 |
cve = False |
| 38 |
args = [] |
34 |
args = [] |
| 39 |
params = [] |
35 |
params = [] |
| 40 |
try: |
36 |
try: |
| 41 |
args, params = getopt(sys.argv[1:], "dplfchinvVt", \ |
37 |
args, params = getopt(sys.argv[1:], "dplfchinvVtqc", \ |
| 42 |
["dump", "print", "list", "pretend", "fix", "inject", "help", "info", "version", "test", "nocolor"]) |
38 |
["dump", "print", "list", "pretend", "fix", "inject", "help", "info", "version", "test", "nocolor", "quiet", "cve"]) |
| 43 |
args = [a for a,b in args] |
39 |
args = [a for a,b in args] |
| 44 |
|
40 |
|
| 45 |
for option in ["--nocolor", "-n"]: |
41 |
for option in ["--nocolor", "-n"]: |
|
Lines 52-57
Link Here
|
| 52 |
if option in args: |
48 |
if option in args: |
| 53 |
verbose = True |
49 |
verbose = True |
| 54 |
args.remove(option) |
50 |
args.remove(option) |
|
|
51 |
|
| 52 |
for option in ["--quiet", "-q"]: |
| 53 |
if option in args: |
| 54 |
quiet = True |
| 55 |
verbose = False |
| 56 |
args.remove(option) |
| 57 |
|
| 58 |
for option in ["--cve", "-c"]: |
| 59 |
if option in args: |
| 60 |
cve = True |
| 61 |
args.remove(option) |
| 55 |
|
62 |
|
| 56 |
# sanity checking |
63 |
# sanity checking |
| 57 |
if len(args) <= 0: |
64 |
if len(args) <= 0: |
|
Lines 71-76
Link Here
|
| 71 |
print "unknown option given:", e |
78 |
print "unknown option given:", e |
| 72 |
mode = "help" |
79 |
mode = "help" |
| 73 |
|
80 |
|
|
|
81 |
|
| 82 |
# print a warning as this is beta code |
| 83 |
if quiet == False: |
| 84 |
sys.stderr.write("WARNING: This tool is completely new and not very tested, so it should not be\n") |
| 85 |
sys.stderr.write("used on production systems. It's mainly a test tool for the new GLSA release\n") |
| 86 |
sys.stderr.write("and distribution system, it's functionality will later be merged into emerge\n") |
| 87 |
sys.stderr.write("and equery.\n") |
| 88 |
sys.stderr.write("Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml\n") |
| 89 |
sys.stderr.write("before using this tool AND before reporting a bug.\n\n") |
| 90 |
|
| 74 |
# we need a set of glsa for most operation modes |
91 |
# we need a set of glsa for most operation modes |
| 75 |
if len(params) <= 0 and mode in ["fix", "test", "pretend", "dump", "inject"]: |
92 |
if len(params) <= 0 and mode in ["fix", "test", "pretend", "dump", "inject"]: |
| 76 |
print |
93 |
print |
|
Lines 129-138
Link Here
|
| 129 |
todolist = [e for e in completelist if e not in checklist] |
146 |
todolist = [e for e in completelist if e not in checklist] |
| 130 |
|
147 |
|
| 131 |
glsalist = [] |
148 |
glsalist = [] |
|
|
149 |
new_only = False |
| 132 |
if "new" in params: |
150 |
if "new" in params: |
|
|
151 |
new_only = True |
| 133 |
glsalist = todolist |
152 |
glsalist = todolist |
| 134 |
params.remove("new") |
153 |
params.remove("new") |
| 135 |
if "all" in params: |
154 |
if "all" in params: |
|
|
155 |
new_only = False |
| 136 |
glsalist = completelist |
156 |
glsalist = completelist |
| 137 |
params.remove("all") |
157 |
params.remove("all") |
| 138 |
|
158 |
|
|
Lines 146-155
Link Here
|
| 146 |
|
166 |
|
| 147 |
# list short information for given or new GLSA |
167 |
# list short information for given or new GLSA |
| 148 |
if mode == "list": |
168 |
if mode == "list": |
| 149 |
print white("[A]")+" means this GLSA was already applied," |
169 |
if not (quiet): |
| 150 |
print green("[U]")+" means the system is not affected and" |
170 |
print white("[A]")+" means this GLSA was already applied," |
| 151 |
print red("[N]")+" indicates that the system might be affected." |
171 |
print green("[U]")+" means the system is not affected and" |
| 152 |
print |
172 |
print red("[N]")+" indicates that the system might be affected." |
|
|
173 |
print |
| 153 |
for myid in glsalist: |
174 |
for myid in glsalist: |
| 154 |
try: |
175 |
try: |
| 155 |
myglsa = Glsa(myid, glsaconfig) |
176 |
myglsa = Glsa(myid, glsaconfig) |
|
Lines 157-177
Link Here
|
| 157 |
if verbose: |
178 |
if verbose: |
| 158 |
print "invalid GLSA: %s (error message was: %s)" % (myid, e) |
179 |
print "invalid GLSA: %s (error message was: %s)" % (myid, e) |
| 159 |
continue |
180 |
continue |
|
|
181 |
vuln = False |
| 160 |
if myglsa.isApplied(): |
182 |
if myglsa.isApplied(): |
| 161 |
status = "[A]" |
183 |
status = "[A]" |
| 162 |
color = white |
184 |
color = white |
| 163 |
elif myglsa.isVulnerable(): |
185 |
elif myglsa.isVulnerable(): |
|
|
186 |
vuln = True |
| 164 |
status = "[N]" |
187 |
status = "[N]" |
| 165 |
color = red |
188 |
color = red |
| 166 |
else: |
189 |
else: |
| 167 |
status = "[U]" |
190 |
status = "[U]" |
| 168 |
color = green |
191 |
color = green |
|
|
192 |
if (new_only and not vuln): |
| 193 |
continue; |
| 169 |
print color(myglsa.nr), color(status), myglsa.title, "(", |
194 |
print color(myglsa.nr), color(status), myglsa.title, "(", |
| 170 |
for pkg in myglsa.packages.keys()[:3]: |
195 |
for pkg in myglsa.packages.keys()[:3]: |
| 171 |
print pkg, |
196 |
print pkg, |
| 172 |
if len(myglsa.packages) > 3: |
197 |
if len(myglsa.packages) > 3: |
| 173 |
print "...", |
198 |
print "...", |
| 174 |
print ")" |
199 |
print ")", |
|
|
200 |
if cve: |
| 201 |
for ref in myglsa.references: |
| 202 |
if ref[0:4] == "CAN-": |
| 203 |
print ref[0:13], |
| 204 |
print |
| 205 |
|
| 175 |
sys.exit(0) |
206 |
sys.exit(0) |
| 176 |
|
207 |
|
| 177 |
# dump, fix, inject and fix are nearly the same code, only the glsa method call differs |
208 |
# dump, fix, inject and fix are nearly the same code, only the glsa method call differs |
