Author: megabajt
Date: Fri Nov 2 23:37:41 2007
New Revision: 8976
Modified:
security/cve_reader.py
Log:
- move p declaration into proper place
- use parseSPEC only when it is really needed
Modified: security/cve_reader.py
==============================================================================
--- security/cve_reader.py (original)
+++ security/cve_reader.py Fri Nov 2 23:37:41 2007
@@ -3,7 +3,7 @@
# CVE security reader for pld-linux.org purpose
# Basically it parses commits.log and searches for "CVE" keyword, then it
generates a .xml file
#
-# authors: megabajt, shadzik (@pld-linux.org)
+# Authors: megabajt, shadzik (@pld-linux.org)
import os
import sys
@@ -75,38 +75,50 @@
if lines[i] == "$Log$":
cve = []
cvslog = 1
+ foundrange = 0
while (i + cvslog < len(lines) and not
re.match('^Index\:.*\.spec', lines[i + cvslog])):
if re.match('.*Revision.*', lines[i+cvslog]):
- # Set new revison data
- p = lines[i+cvslog].split(" ")
if len(cve) > 0:
- # Save CVEs from the last
revision
- # p[1] is the revision and p[3]
the date of the commit
- if r_rev:
- addCVEnote(rootnode,
spec, cve, r_rev, r_date)
+ # Check if parseSPEC has to be
used
+ if foundrange == 1:
+ psdata =
parseSPEC(spec, mem).split(" ")
+
+ # Save CVEs from the
last revision
+ # psdata[0] is the
revision and psdata[1] is the date of commit
+ addCVEnote(rootnode,
spec, cve, psdata[0], psdata[1])
else:
+ # Save CVEs from the
last revision
+ # p[1] is the revision
and p[3] the date of the commit
addCVEnote(rootnode,
spec, cve, p[1], p[3])
+
+ # Clear cve list
cve = []
+
+ # Set new revison data
+ p = lines[i+cvslog].split(" ")
+
+ foundrange = 0
+
else:
- # Check if in added line exists some
CVE note
- if re.match('^\+.*(CVE-[0-9\-]+)',
lines[i+cvslog]):
- # Good, found CVE entries.
Extract them!
- cve_list =
re.findall("CVE-[0-9\-]+", lines[i+cvslog])
- for iter in
range(len(cve_list)):
-
cve.append(cve_list[iter])
# if CVE entries were added later in
another revision, search for the real revision they
# apply to in the spec not in
commits.log
- if re.findall('^@@', lines[i+cvslog]):
- # remember the next line after
"@@"
+ if re.match('^@@.*', lines[i+cvslog]):
+ foundrange = 1
+
+ # Remember the next line after
"@@" (used by parseSPEC)
mem = lines[i+cvslog+1]
- # and parse the spec instead of
commits.log
- try:
- d = parseSPEC(spec,
mem).split(" ")
- r_rev = d[0]
- r_date = d[1]
- except(AttributeError):
- pass
+ # ...but if next line is empty
(end of the commit log) parseSPEC shouldn't be called
+ if mem == "":
+ foundrange = 0
+ else:
+ # Check if in added line exists
some CVE note
+ if
re.match('^\+.*(CVE-[0-9\-]+)', lines[i+cvslog]):
+ # Good, found CVE
entries. Extract them!
+ cve_list =
re.findall("CVE-[0-9\-]+", lines[i+cvslog])
+ for iter in
range(len(cve_list)):
+
cve.append(cve_list[iter])
+
cvslog = cvslog + 1
if len(cve) > 0:
@@ -126,7 +138,7 @@
fs.write(size[6])
fs.close()
-# parse spec file to getthe real revision of CVE entries that were added later
somewhere in the ChangeLog
+# parse spec file to get the real revision of CVE entries that were added
later somewhere in the ChangeLog
def parseSPEC(spec, mem):
os.popen("cvs -d %s get %s%s" % (CVSROOT, CVSMODULE, spec))
if os.path.isfile("%s%s" % (CVSMODULE, spec)):
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
