SVN: security/cve_reader.py

shadzik Fri, 02 Nov 2007 07:43:19 -0800

Author: shadzik
Date: Fri Nov  2 16:43:54 2007
New Revision: 8965

Modified:
   security/cve_reader.py
Log:
- try to get the real revision and date of CVE entry when it was
  added later somewhere in the changelog (use parseSPEC() function to do that)



Modified: security/cve_reader.py
==============================================================================
--- security/cve_reader.py      (original)
+++ security/cve_reader.py      Fri Nov  2 16:43:54 2007
@@ -76,12 +76,25 @@
                        cvslog = 1
                        
                        while (i + cvslog < len(lines) and not 
re.match('^Index\:.*\.spec', lines[i + cvslog])):
+                               # if CVE entries were added later in another 
revision, search for the real revision they
+                               # apply to in the spec not in commits.log
+                               if re.findall('^@@', lines[i+cvslog]):
+                                       # remember the next line after "@@"
+                                       mem = lines[i+cvslog+1]
+                                       # and parse the spec instead of 
commits.log
+                                       d = parseSPEC(spec, mem).split(" ")
+                                       r_rev = d[0]
+                                       r_date = d[1]
                                if re.match('.*Revision.*', lines[i+cvslog]):
                                        # Set new revison data
                                        p = lines[i+cvslog].split(" ")
                                        if len(cve) > 0:
                                                # Save CVEs from the last 
revision
-                                               addCVEnote(rootnode, spec, cve, 
p[1], p[3])
+                                               # p[1] is the revision and p[3] 
the date of the commit
+                                               if r_rev:
+                                                       addCVEnote(rootnode, 
spec, cve, r_rev, r_date)
+                                               else:
+                                                       addCVEnote(rootnode, 
spec, cve, p[1], p[3])
                                                cve = []
                                else:
                                        # Check if in added line exists some 
CVE note
@@ -110,6 +123,27 @@
        fs.write(size[6])
        fs.close()
 
+# parse spec file to getthe real revision of CVE entries that were added later 
somewhere in the ChangeLog
+def parseSPEC(spec, mem):
+       os.popen("cvs -d %s get %s%s", CVSROOT, CVSMODULE, spec)
+       f = open("%s%s",CVSMODULE, spec)
+       read = f.xreadlines()
+       for l in read:
+               l = l.strip()
+               lines.append(l)
+       for i in range(lines_len):
+               ind = 1
+               if lines[i] == mem:
+                       while not lines[i-ind] == "$Log$":
+                               if re.match('.*Revision.*', lines[i-ind]):
+                                       p = lines[i-ind].split(" ")
+                                       real_rev = p[1]
+                                       date = p[3]
+                               ind = ind + 1
+       f.close()
+       os.remove("%s%s", CVSMODULE, spec)
+       return real_rev + " " + date
+
 # adds new <package> into the XML tree
 def addCVEnote(rootnode, spec, cve, revision, date):
 
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SVN: security/cve_reader.py

Reply via email to