SVN: security/cve_reader.py
shadzik
shadzik at pld-linux.org
Fri Nov 2 16:43:55 CET 2007
Author: shadzik
Date: Fri Nov 2 16:43:54 2007
New Revision: 8965
Modified:
security/cve_reader.py
Log:
- try to get the real revision and date of CVE entry when it was
added later somewhere in the changelog (use parseSPEC() function to do that)
Modified: security/cve_reader.py
==============================================================================
--- security/cve_reader.py (original)
+++ security/cve_reader.py Fri Nov 2 16:43:54 2007
@@ -76,12 +76,25 @@
cvslog = 1
while (i + cvslog < len(lines) and not re.match('^Index\:.*\.spec', lines[i + cvslog])):
+ # if CVE entries were added later in another revision, search for the real revision they
+ # apply to in the spec not in commits.log
+ if re.findall('^@@', lines[i+cvslog]):
+ # remember the next line after "@@"
+ mem = lines[i+cvslog+1]
+ # and parse the spec instead of commits.log
+ d = parseSPEC(spec, mem).split(" ")
+ r_rev = d[0]
+ r_date = d[1]
if re.match('.*Revision.*', lines[i+cvslog]):
# Set new revison data
p = lines[i+cvslog].split(" ")
if len(cve) > 0:
# Save CVEs from the last revision
- addCVEnote(rootnode, spec, cve, p[1], p[3])
+ # p[1] is the revision and p[3] the date of the commit
+ if r_rev:
+ addCVEnote(rootnode, spec, cve, r_rev, r_date)
+ else:
+ addCVEnote(rootnode, spec, cve, p[1], p[3])
cve = []
else:
# Check if in added line exists some CVE note
@@ -110,6 +123,27 @@
fs.write(size[6])
fs.close()
+# parse spec file to getthe real revision of CVE entries that were added later somewhere in the ChangeLog
+def parseSPEC(spec, mem):
+ os.popen("cvs -d %s get %s%s", CVSROOT, CVSMODULE, spec)
+ f = open("%s%s",CVSMODULE, spec)
+ read = f.xreadlines()
+ for l in read:
+ l = l.strip()
+ lines.append(l)
+ for i in range(lines_len):
+ ind = 1
+ if lines[i] == mem:
+ while not lines[i-ind] == "$Log$":
+ if re.match('.*Revision.*', lines[i-ind]):
+ p = lines[i-ind].split(" ")
+ real_rev = p[1]
+ date = p[3]
+ ind = ind + 1
+ f.close()
+ os.remove("%s%s", CVSMODULE, spec)
+ return real_rev + " " + date
+
# adds new <package> into the XML tree
def addCVEnote(rootnode, spec, cve, revision, date):
More information about the pld-cvs-commit
mailing list