Author: jmm-guest
Date: 2005-07-31 12:51:50 +0000 (Sun, 31 Jul 2005)
New Revision: 1505
Added:
tsck/
tsck/tsck.py
Log:
Initial version of tsck, to check the list of currently installed
packages against the currently tracked vulnerabilities. I hacked
this yesterday night when I had no internet access against an old
local copy of testing-security.html that didn''t yet have the severity
coloring, which triggers some malparsing. I''ll fix this up tomorrow.
There are also some dupe bugs and the output is not complete, it''s
more of a WIP.
Once all the testing-security infrastructure has stabilised I''ll
rework it against a non-HTML version, which should be generated
against sid as well, so it should suffice as a quick hack for now.
Added: tsck/tsck.py
==================================================================---
tsck/tsck.py 2005-07-30 21:14:15 UTC (rev 1504)
+++ tsck/tsck.py 2005-07-31 12:51:50 UTC (rev 1505)
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+
+import os, re
+
+status = open("/var/lib/dpkg/status", "r")
+statlines = status.readlines()
+
+source_packages = {}
+
+package = ""
+source = ""
+version = ""
+
+for i in statlines:
+ if i.startswith("Package:"):
+ package = i.split(": ")[1][0:-1]
+ if i.startswith("Source:"):
+ source = i.split(": ")[1][0:-1]
+ if i.startswith("Version:"):
+ version = i.split(": ")[1][0:-1]
+ if i == "\n":
+ if source == "":
+ source_packages[package] = version
+ else:
+ source_packages[source] = version
+ package = ""
+ source = ""
+ version = ""
+
+raw_vulns = open("testing-security.html", "r")
+vulns = raw_vulns.readlines()
+
+unfixed = [] # (pkgname, deb#, cve-id)
+fixed = [] #
+
+for i in vulns:
+ debbug = ""
+ cve = ""
+ src = ""
+ required = ""
+ if i.startswith("<li>"):
+
+ cves = re.findall(r''CAN\-[0-9]{4}\-[0-9]{4}'', i)
+ if len(cves) > 0:
+ cve = cves[0]
+ else:
+ if i.find("CAN-2005-XXXX") > -1:
+ cve = "to be assigned"
+
+ for j in re.findall(r''.*?unfixed'', i):
+ src = j.replace("<li>",
"").replace(" (<b>unfixed", "")
+
+ for j in re.findall(r''\<.*?\>'', i):
+ if j.find("bugs.debian") > -1:
+ debbug = j.replace(''<a href="'',
'''').replace(''">'',
'''')
+ required = "unfixed"
+
+
+ if source_packages.has_key(src):
+ print src, "is vulnerable to", cve
+
+ if required != "unfixed":
+ for j in re.findall(r''.*?needed'', i):
+ src = j.replace("<li>",
"").replace(" needed", "").split(" ")[0]
+ required = j.replace("<li>",
"").replace(" needed", "").split(" ")[1]
+
+ if source_packages.has_key(src):
+ installed = source_packages[src]
+ print src,"dpkg --compare-versions " + installed + "
ge " + required
+ if os.system("dpkg --compare-versions " + installed +
" ge " + required) > 0:
+ print src, "is vulnerable to", cve
Property changes on: tsck/tsck.py
___________________________________________________________________
Name: svn:executable
+ *