Neil McGovern
2005-Sep-03 12:43 UTC
[Secure-testing-commits] r1793 - in data/DTSA: . templates
Author: neilm Date: 2005-09-03 12:43:05 +0000 (Sat, 03 Sep 2005) New Revision: 1793 Modified: data/DTSA/dtsa data/DTSA/templates/footer.html Log: Now exports DTSAs as HTML \o/ Modified: data/DTSA/dtsa ==================================================================--- data/DTSA/dtsa 2005-09-03 12:08:30 UTC (rev 1792) +++ data/DTSA/dtsa 2005-09-03 12:43:05 UTC (rev 1793) @@ -3,14 +3,14 @@ import sys, getopt, os, glob # TODO: -# Create the web overview # Add code for updating a DTSA # Include SHA-1 checksums in advisories # Note: This has to be run inside secure-testing/data/DTSA/ # Prerequisites: -# subdirectories advs/plain-text and advs/html +# subdirectories advs/plain-text, advs/html and templates +# Templates must include header.html and footer.html, but can be blank # mailx package installed announce_mail_address = "secure-testing-announce@lists.alioth.debian.org" @@ -73,10 +73,10 @@ if len(cve) == 0: print "No CVE assignments seem to have been made for this issue" - print "There''s currently not yet support for an HTML representation, but it will" - print "be added soon." - print + export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific) + print "A html representation has been generated as",dtsa_id + ".html" + export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific) print "A textual representation has been generated as", dtsa_id @@ -103,7 +103,75 @@ l_f.write("\tTODO: unreleased\n") l_f.close() -def export_html(src, data, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev): +def export_html(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific): + html = open(os.getcwd() + "/" + id + ".html", "w") + + # Open, read, write and close the header + header = open(os.getcwd() + "/templates/header.html","r") + for line in header.readlines(): + header.write(line); + header.close + + # Write the actual html + + html.write("<h2>"+ id + "</h2>\n") + html.write("<dl>\n") + html.write("<dt>Date Reported:</dt>\n<dd>" + date + "</dd>\n") + html.write("<dt>Affected Package:</dt>\n<dd><a href=''http://packages.debian.org/src:" + src + "''>" + src + "</a></dd>\n") + html.write("<dt>Vulnerability:</dt>\n<dd>" + vuln_type + "</dd>\n") + html.write("<dt>Problem-Scope:</dt>\n<dd>" + scope + "</dd>\n") + html.write("<dt>Debian-specific:</dt>\n<dd>" + yn(debian_specific) + "<br></dd>\n") + +# if len(vendor_advisory) > 0: +# html.write("Vendor advisory: " + vendor_advisory + "\n") +# else: +# html.write("Vendor advisory: Not available\n") + cves = "<dt>CVE:</dt>\n<dd>\n" + if len(cve) > 0: + for i in cve: + cves += "<a href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=" + i +"''>" + cves += i + cves += "</a> \n" + else: + cves += "None so far\n" + html.write(cves + "<br></dd>\n") + + html.write("<br>") + html.write("<dt>More information:</dt>\n") + html.write("<dd>"); + for i in descr: + html.write(i + " <br>\n") + html.write("</dd>\n") + + html.write("<br>") + html.write("<dt>For the testing distribution (etch) this is fixed in version " + testing_fix + "</dt>\n") + + if len(sid_fix) > 0: + html.write("<dt>For the unstable distribution (sid) this is fixed in version " + sid_fix + "</dt>\n") + else: + html.write("<dt>For the unstable distribution this problem will be fixed soon</dt>\n") + + html.write("<br>") + html.write("<dt>This upgrade is recommended if you use " + src + ".<dt>\n") + html.write("<br>") + + html.write("<dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt>\n") + html.write("\n") + + html.write("<dd>apt-get update && apt-get install "+ src + " FIXME, I''m broken </dd>\n") + html.write("<br>\n") + html.write("\n") + # FIXME, use python-crypto for inclusion of SHA-1 checksums + + print "HTML representation has been exported" + # Open, read, write and close the footer + footer = open(os.getcwd() + "/templates/footer.html","r") + for line in footer.readlines(): + html.write(line); + footer.close + + # Be nice and close the html file + html.close; pass Modified: data/DTSA/templates/footer.html ==================================================================--- data/DTSA/templates/footer.html 2005-09-03 12:08:30 UTC (rev 1792) +++ data/DTSA/templates/footer.html 2005-09-03 12:43:05 UTC (rev 1793) @@ -0,0 +1,15 @@ +<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt> + +<br> +<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt> +<br> +<dd>deb http://secure-testing-mirrors.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free</dd> +<dd>deb-src http://secure-testing-mirrors.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free</dd> +<br> +<dt>The archive signing key can be downloaded from<dt> +<dd><a href=''http://secure-testing.debian.net/ziyi-2005-7.asc''>http://secure-testing.debian.net/ziyi-2005-7.asc</a><dd> + +<br> + +<dt>For further information about the Debian testing security team, please refer to <a href=''http://secure-testing.debian.net/''>http://secure-testing.debian.net/</a></dt> +