stef-guest at alioth.debian.org
2008-Jan-14 23:08 UTC
[Secure-testing-commits] r7925 - bin
Author: stef-guest
Date: 2008-01-14 23:08:05 +0000 (Mon, 14 Jan 2008)
New Revision: 7925
Modified:
bin/check-new-issues
Log:
- preliminary support for embedded-code-copies
- minor improvements at guessing the product name
Modified: bin/check-new-issues
==================================================================---
bin/check-new-issues 2008-01-14 23:05:37 UTC (rev 7924)
+++ bin/check-new-issues 2008-01-14 23:08:05 UTC (rev 7925)
@@ -7,7 +7,7 @@
use Term::ReadLine;
my %opts;
-getopts(''ln:fhi:t:T'', \%opts);
+getopts(''ln:fhi:t:Tc'', \%opts);
if ($opts{h}) {
print <<''EOF'';
@@ -20,6 +20,7 @@
* blank line to skip to next issue
* .fname to do "apt-file search name"
* .cname to do "apt-cache search name"
+ * .mpackage to search data/embedded-code-copies for "package"
* v or e to launch an editor with the current item
* q to save and quit
* CTRL-C to quit without saving
@@ -34,6 +35,7 @@
-i regexp : use regexp to select issues (default:
''CVE-200[3-9]'' )
-t regexp : use regexp to select todos (default: ''^\s+TODO:
check$'' )
-T : same as -t ''^\s+TODO: check'' (note the missing $)
+-c : only do syntax check of embedded-code-copies
EOF
@@ -56,6 +58,18 @@
$basedir="..";
}
+
+my $embed_code = {};
+my $embed_pkg = {};
+my $embed_errors;
+
+read_embedded_copies();
+
+if ($opts{c}) {
+ exit($embed_errors);
+}
+
+
my $datafile="$basedir/data/CVE/list";
my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz|";
my
$allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz";
@@ -100,7 +114,9 @@
}
}
-print scalar(@{$CVEs}), "/", scalar(@{$entries}), "/",
scalar(@todos), "\n";
+print scalar(@{$CVEs}), " CVEs, ",
+ scalar(@{$entries}) - scalar(@{$CVEs}), " temp issues, ",
+ scalar(@todos), " todos matching /$todo_regexp/\n";
if ($opts{l}) {
#list only
@@ -159,6 +175,14 @@
print "===\n";
next READ;
}
+ elsif ($r=~ /^\.m(.*)$/ ) {
+ my $s = $1;
+ $s =~ s/^\s+//;
+ $s =~ s/\s+$//;
+ print "references to $s in embedded-code-copies:\n";
+ search_embed($s) or print "none\n";
+ next READ;
+ }
elsif ($r=~ /^q$/i ) {
last TODO;
}
@@ -247,7 +271,10 @@
my $file;
my $prog;
- if ( $desc =~ / in (\S+\.\S+) in (\S+) / ) {
+ if ( $desc =~ /^(\S+(?: [A-Z]\w*)*) \d/ ) {
+ $prog = $1;
+ }
+ elsif ( $desc =~ / in (\S+\.\S+) in (?:the )?(\S+) / ) {
$file = $1;
$prog = $2;
}
@@ -259,11 +286,15 @@
my $ac=`apt-cache search ''$prog'' |wc -l`;
chomp $ac;
print "\r$ac results from apt-cache search $prog\n";
+
+ foreach my $p (split /\s+/, $prog) {
+ search_embed($p);
+ }
}
- if ( $file eq ''index.php'' ) {
+ if ( $file =~ /^(?:index|default|login|search|admin)\.(?:php3?|asp|cgi|pl)$/i
) {
return;
}
- if ( $file =~ /(php3?|asp|cgi)$/ ) {
+ if ( $file =~ /(php3?|asp|cgi|pl)$/ ) {
if (! exists $afcache{$file}) {
print "doing apt-file search...";
$afcache{$file}=`apt-file -i search ''$file'' |wc -l`;
@@ -272,3 +303,71 @@
print "\r$afcache{$file} results from apt-file -i search $file\n";
}
}
+
+sub read_embedded_copies {
+ open(my $fh, "$basedir/data/embedded-code-copies");
+
+ # skip comments
+ while (<$fh>) {
+ last if /^---BEGIN/;
+ }
+
+ my ($code, $pkg);
+ while (my $line = <$fh>) {
+ if ($line =~ /^([-\w]+)/) {
+ $code = lc($1);
+ $pkg = undef;
+ if (exists $embed_code->{$code}) {
+ syntax_error("Duplicate embedded code $code")
+ }
+ }
+ elsif ($line =~ /^\s*$/) {
+ $code = undef;
+ $pkg = undef;
+ }
+ elsif ($line =~ /^\s+(?:\[\w+\]\s+)?-\s+(\w[\w.-]+)/) {
+ $pkg = $1;
+ $line =~ s/^\s+//;
+ if ($embed_code->{$code}->{$pkg}) {
+ $embed_code->{$code}->{$pkg} .= $line;
+ }
+ else {
+ $embed_code->{$code}->{$pkg} = $line;
+ push @{$embed_pkg->{$pkg}}, $code;
+ }
+ }
+ elsif ($line =~ /^\s+(?:NOTE|TODO)/) {
+ $line =~ s/^\s+//;
+ if ($pkg) {
+ $embed_code->{$code}->{$pkg} .= $line;
+ }
+ }
+ else {
+ syntax_error("Cannot parse $line");
+ }
+ }
+}
+
+sub syntax_error {
+ $embed_errors=1;
+ print STDERR "embedded-code-copies:$.: @_\n";
+}
+
+sub search_embed {
+ my $text = shift;
+ my $found = 0;
+ $text = lc($text);
+ if (exists $embed_code->{$text}) {
+ print "$text is embedded by: ",
+ join(" ", sort keys %{$embed_code->{$text}}),
+ "\n";
+ $found = 1;
+ }
+ if (exists $embed_pkg->{$text}) {
+ print "$text embeds: ",
+ join(" ", sort @{$embed_pkg->{$text}}),
+ "\n";
+ $found = 1;
+ }
+ return $found;
+}