Florian Weimer
2010-May-08 16:59 UTC
[Secure-testing-commits] r14646 - in lib/python: sectracker sectracker_test
Author: fw
Date: 2010-05-08 16:59:00 +0000 (Sat, 08 May 2010)
New Revision: 14646
Added:
lib/python/sectracker/analyzers.py
Modified:
lib/python/sectracker_test/test_repo.py
Log:
sectracker.analyzers.extractversions(): find all known versions of package
Added: lib/python/sectracker/analyzers.py
==================================================================---
lib/python/sectracker/analyzers.py (rev 0)
+++ lib/python/sectracker/analyzers.py 2010-05-08 16:59:00 UTC (rev 14646)
@@ -0,0 +1,51 @@
+# sectracker.analyzers -- vulnerability analysis
+# Copyright (C) 2010 Florian Weimer <fw at deneb.enyo.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+import apt_pkg as _apt_pkg
+
+# vercmp is the Debian version comparison algorithm
+_apt_pkg.init()
+try:
+ vercmp = _apt_pkg.version_compare
+except AttributeError:
+ vercmp = _apt_pkg.VersionCompare
+
+def extractversions(config, listfiles, diag):
+ """Extracts version information from list files.
+
+ Uses the repository configuration config to obtain a nested
+ dictionary, mapping release names to packages and sets of
+ versions. Then scans the (already parsed) files in listfiles for
+ additional versions for those releases. If an unknown release is
+ encountered, an error message is added to diag."""
+
+ rpv = config.releasepackageversions()
+ for listfile in listfiles:
+ for bug in listfile.list:
+ for ann in bug.annotations:
+ if ann.type == "package" and ann.version is not None
\
+ and ann.release is not None:
+ if ann.release not in rpv:
+ diag.error(file=bug.file, line=ann.line,
+ message="unknown release: %r" %
ann.release)
+ else:
+ pv = rpv[ann.release]
+ if ann.package in pv:
+ pv[ann.package].add(ann.version)
+ else:
+ pv[ann.package] = set((ann.version,))
+ return rpv
Modified: lib/python/sectracker_test/test_repo.py
==================================================================---
lib/python/sectracker_test/test_repo.py 2010-05-08 16:51:43 UTC (rev 14645)
+++ lib/python/sectracker_test/test_repo.py 2010-05-08 16:59:00 UTC (rev 14646)
@@ -20,6 +20,8 @@
import tempfile
from sectracker.repo import *
+import sectracker.analyzers as a
+from sectracker.diagnostics import Diagnostics
import sectracker.parsers as p
tmp = tempfile.mkdtemp()
@@ -50,4 +52,12 @@
rpv = c.releasepackageversions()
assert "sid" in rpv
assert "bash" in rpv["sid"]
-
+diag = Diagnostics()
+rpv = a.extractversions(c, (p.cvelist("../../data/CVE/list"),), diag)
+if False:
+ for r, pv in rpv.items():
+ for p, v in pv.items():
+ if len(v) > 1:
+ print r, p, v
+for err in diag.messages():
+ print "%s:%d: %s: %s" % (err.file, err.line, err.level,
err.message)