Author: jmm-guest
Date: 2005-09-24 00:54:08 +0000 (Sat, 24 Sep 2005)
New Revision: 2143
Modified:
tsck/tsck.py
Log:
adapt tsck to plain text format, does currently only
support support analysis on a local copy
Modified: tsck/tsck.py
==================================================================---
tsck/tsck.py 2005-09-23 23:22:07 UTC (rev 2142)
+++ tsck/tsck.py 2005-09-24 00:54:08 UTC (rev 2143)
@@ -10,6 +10,7 @@
package = ""
source = ""
version = ""
+installed = False
for i in statlines:
if i.startswith("Package:"):
@@ -18,54 +19,117 @@
source = i.split(": ")[1][0:-1]
if i.startswith("Version:"):
version = i.split(": ")[1][0:-1]
+ if i.startswith("Status:"):
+ if i.find(" installed") > -1:
+ installed = True
+
if i == "\n":
- if source == "":
- source_packages[package] = version
- else:
- source_packages[source] = version
+ if installed:
+ if source == "":
+ source_packages[package] = version
+ else:
+ source_packages[source] = version
package = ""
source = ""
version = ""
+ installed = False
-raw_vulns = open("testing-security.html", "r")
+raw_vulns = open("testing-security.txt", "r")
vulns = raw_vulns.readlines()
unfixed = [] # (pkgname, deb#, cve-id)
-fixed = [] #
+fixed = [] #
+block = False
+unimportant = []
+low = []
+medium = []
+high = []
+
+debbugs = []
+cve = ""
+src = ""
+required = ""
+descript = ""
+pkg_name = ""
+severity = ""
+fix = ""
+
+print "Generating system-specific security overview:"
+
for i in vulns:
- debbug = ""
- cve = ""
- src = ""
- required = ""
- if i.startswith("<li>"):
+ if i.startswith("CAN-"):
- cves = re.findall(r''CAN\-[0-9]{4}\-[0-9]{4}'', i)
- if len(cves) > 0:
- cve = cves[0]
- else:
- if i.find("CAN-2005-XXXX") > -1:
- cve = "to be assigned"
+ if len(cve) > 0 and len(pkg_name) > 0:
+ if source_packages.has_key(pkg_name):
- for j in re.findall(r''.*?unfixed'', i):
- src = j.replace("<li>",
"").replace(" (<b>unfixed", "")
+ if severity != "unimportant":
+ if fix == "<unfixed>":
+ if severity == "low":
+ low.append((pkg_name, cve, debbugs))
+ elif severity == "medium":
+ medium.append((pkg_name, cve, debbugs))
+ elif severity == "high":
+ high.append((pkg_name, cve, debbugs))
- for j in re.findall(r''\<.*?\>'', i):
- if j.find("bugs.debian") > -1:
- debbug = j.replace(''<a href="'',
'''').replace(''">'',
'''')
- required = "unfixed"
+ else:
+ if fix != "<itp>" and fix !=
"<not-affected>":
+ installed = source_packages[pkg_name]
+ if os.system("dpkg --compare-versions " +
installed + " ge " + fix) > 0:
+ if severity == "low":
+ low.append((pkg_name, cve, debbugs))
+ elif severity == "medium":
+ medium.append((pkg_name, cve, debbugs))
+ elif severity == "high":
+ high.append((pkg_name, cve, debbugs))
+
+
+
+ unfixed.append((pkg_name, fix, debbugs, cve))
+ pkg_name = ""
+ severity = ""
+ fix = ""
+ cve = i[0:13]
+ descript = i[14:]
+
+ if i.startswith("\t"):
+ if i[1:].startswith("-"):
+ e = i[2:].strip().split(" ", 2)
+ pkg_name = e[0]
+ block = re.findall(r''\(.*\)'', i)
+ if len(block) > 0:
+ if block[0].find("unfixed") > -1:
+ fix = "unfixed"
+ else:
+ fix = e[1]
+ else:
+ fix = e[1]
+ debbugs = re.findall(r''bug\ \#[0-9]{6}'', i)
+ if i.find("low") > -1:
+ severity = "low"
+ elif i.find("medium") > -1:
+ severity = "medium"
+ elif i.find("high") > -1:
+ severity = "high"
+ elif i.find("unimportant") > -1:
+ severity = "unimportant"
- if source_packages.has_key(src):
- print src, "is vulnerable to", cve
- if required != "unfixed":
- for j in re.findall(r''.*?needed'', i):
- src = j.replace("<li>",
"").replace(" needed", "").split(" ")[0]
- required = j.replace("<li>",
"").replace(" needed", "").split(" ")[1]
- if source_packages.has_key(src):
- installed = source_packages[src]
- print src,"dpkg --compare-versions " + installed + "
ge " + required
- if os.system("dpkg --compare-versions " + installed +
" ge " + required) > 0:
- print src, "is vulnerable to", cve
+for i in low:
+ print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of low severity"
+ for k in i[2]:
+ print " See Debian", k, "for further reference."
+
+for i in medium:
+ print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of medium severity"
+ for k in i[2]:
+ print " See Debian", k, "for further reference."
+
+for i in high:
+ print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of high severity"
+ for k in i[2]:
+ print " See Debian", k, "for further reference."
+
+