Author: jmm-guest
Date: 2005-12-23 21:11:42 +0000 (Fri, 23 Dec 2005)
New Revision: 3137
Removed:
tsck/tsck.py
Log:
remove tsck (obsoleted by debsecan)
Deleted: tsck/tsck.py
==================================================================---
tsck/tsck.py 2005-12-23 21:09:32 UTC (rev 3136)
+++ tsck/tsck.py 2005-12-23 21:11:42 UTC (rev 3137)
@@ -1,171 +0,0 @@
-#!/usr/bin/python
-
-import os, re, httplib, getopt, sys
-
-def print_usage():
- print "tsck [-s suite]"
- sys.exit(-1)
-
-opts = []
-pargs = []
-suite = ""
-
-try:
- opts, pargs = getopt.getopt(sys.argv[1:], ''s:'')
-except:
- print_usage()
- sys.exit(-1)
-
-for i in opts:
- if i[0] == ''-s'':
- suite = i[1]
-
-if suite == "":
- suite = "testing"
-elif suite == "testing" or suite == "sarge":
- suite = "testing"
-elif suite == "sid" or suite == "unstable":
- suite = "unstable"
-else:
- print "Unsupported suite."
- sys.exit(-1)
-
-conn = httplib.HTTPConnection("spohr.debian.org")
-conn.request("GET", "/~joeyh/testing-security.raw")
-r1 = conn.getresponse()
-print r1.status, r1.reason
-data1 = r1.read()
-print data1
-conn.close()
-
-status = open("/var/lib/dpkg/status", "r")
-statlines = status.readlines()
-
-source_packages = {}
-
-package = ""
-source = ""
-version = ""
-installed = False
-
-for i in statlines:
- if i.startswith("Package:"):
- package = i.split(": ")[1][0:-1]
- if i.startswith("Source:"):
- source = i.split(": ")[1][0:-1]
- if i.startswith("Version:"):
- version = i.split(": ")[1][0:-1]
- if i.startswith("Status:"):
- if i.find(" installed") > -1:
- installed = True
-
- if i == "\n":
- if installed:
- if source == "":
- source_packages[package] = version
- else:
- source_packages[source] = version
- package = ""
- source = ""
- version = ""
- installed = False
-
-raw_vulns = open("testing-security.txt", "r")
-vulns = raw_vulns.readlines()
-
-unfixed = [] # (pkgname, deb#, cve-id)
-fixed = [] #
-block = False
-
-unimportant = []
-low = []
-medium = []
-high = []
-
-debbugs = []
-cve = ""
-src = ""
-required = ""
-descript = ""
-pkg_name = ""
-severity = ""
-fix = ""
-
-print "Generating system-specific security overview for " + suite
-
-for i in vulns:
- if i.startswith("CVE-"):
-
- if len(cve) > 0 and len(pkg_name) > 0:
- if source_packages.has_key(pkg_name):
-
- if severity != "unimportant":
- if fix == "<unfixed>":
- if severity == "low":
- low.append((pkg_name, cve, debbugs))
- elif severity == "medium":
- medium.append((pkg_name, cve, debbugs))
- elif severity == "high":
- high.append((pkg_name, cve, debbugs))
-
- else:
- if fix != "<itp>" and fix !=
"<not-affected>":
- installed = source_packages[pkg_name]
- if os.system("/usr/bin/dpkg --compare-versions
" + installed + " ge " + fix) > 0:
- if severity == "low":
- low.append((pkg_name, cve, debbugs))
- elif severity == "medium":
- medium.append((pkg_name, cve, debbugs))
- elif severity == "high":
- high.append((pkg_name, cve, debbugs))
-
-
-
- unfixed.append((pkg_name, fix, debbugs, cve))
- pkg_name = ""
- severity = ""
- fix = ""
-
- cve = i[0:13]
- descript = i[14:]
-
- if i.startswith("\t"):
- if i[1:].startswith("-"):
- e = i[2:].strip().split(" ", 2)
- pkg_name = e[0]
- block = re.findall(r''\(.*\)'', i)
- if len(block) > 0:
- if block[0].find("unfixed") > -1:
- fix = "unfixed"
- else:
- fix = e[1]
- else:
- fix = e[1]
- debbugs = re.findall(r''bug\ \#[0-9]{6}'', i)
- if i.find("low") > -1:
- severity = "low"
- elif i.find("medium") > -1:
- severity = "medium"
- elif i.find("high") > -1:
- severity = "high"
- elif i.find("unimportant") > -1:
- severity = "unimportant"
-
-
-
-for i in low:
- print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of low severity"
- for k in i[2]:
- print " See Debian", k, "for further reference."
-
-for i in medium:
- print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of medium severity"
- for k in i[2]:
- print " See Debian", k, "for further reference."
-
-for i in high:
- print "*", i[0], "is vulnerable to", i[1], "; a
vulnerability of high severity"
- for k in i[2]:
- print " See Debian", k, "for further reference."
-
-