On Friday 26 February 2010 21:00:19 Holger Hans Peter Freyther wrote:
> i try to merge that all with python and spit out a list of vulnerable
> software in our tree...
I will probably rewrite this with GNU smalltalk in the next days but here is
the first version of a python script...
It needs the output of "bitbake -s" (minus the first three lines), it needs the
uncompressed/untared auditfiles.tbz and then it will list some stuff... It is
not yet comparing the package versions...
#!/usr/bin/env python
def read_available(filename):
"""
Parses the output of bitbake -s
minus the first few lines
"""
f = open(filename)
packages = {}
for line in f:
# str.split can not be used as we have multiple whitespace
first_space = line.find(" ")
package = line[0:first_space]
rest = line[first_space+1:]
pv = rest.strip().split(" ")[0]
packages[package] = pv
return packages
class freebsd_info:
"""
Handles an entry like the one below:
vulnerability-test-port>=2000<2010.02.26|http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/|Not vulnerable, just a test port (database: 2010-02-26)
"""
def __init__(self, line):
split = line.split("|")
for i in range(0, len(split[0])):
c = split[0][i]
if c != '<' and c != '=' and c != '>':
continue
self.name = split[0][0:i]
self.versions = self.split_versions(split[0][i:])
break
self.link = split[1]
self.kind = split[2]
@classmethod
def split_versions(self, input):
"""
Split versions by <, >, >=, >=
"""
versions = []
last_pos = 0
# Try to determine <, >, >=, <=
# we will have to carry stuff on to find the
# version..
i = 0
while i < len(input) - 1:
c1 = input[i]
c2 = input[i+1]
if c1 != '<' and c1 != '>' and c1 != '=':
i = i + 1
continue
# is a '=' coming behind it?
next = i + 1
if c2 == '=':
next = next + 1
# submit
if last_pos != 0:
versions.append((next_type, input[last_pos:i]))
# remember stuff
next_type = input[i:next]
last_pos = next
i = next
assert last_pos != 0
versions.append((next_type, input[last_pos:len(input)]))
return versions
def __repr__(self):
return "%s: %s" % (self.name, self.versions)
def read_auditfile(filename):
"""
Read an uncompressed audit file from freebsd
"""
f = open(filename)
packages = {}
for line in f:
if line.startswith("#"):
continue
info = freebsd_info(line)
try:
packages[info.name].append(info)
except:
packages[info.name] = []
packages[info.name].append(info)
return packages
def compare_versions(oe, freebsd, not_known):
for package in freebsd.keys():
if not package in oe:
print >> not_known, "%s is not in OE" % package
continue
for ver in freebsd[package]:
str = []
for (cmp, ver) in ver.versions:
str.append("%s %s %s" % (package, cmp, ver))
print " && ".join(str)
oe_packages = read_available("available")
freebsd_vuln = read_auditfile("auditfile")
buggy = open("not_in_oe.bugs", "w+")
compare_versions(oe=oe_packages, freebsd=freebsd_vuln, not_known=buggy)
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
