SVN: security/cve_reader.py
megabajt
megabajt at pld-linux.org
Fri Nov 2 23:37:41 CET 2007
Author: megabajt
Date: Fri Nov 2 23:37:41 2007
New Revision: 8976
Modified:
security/cve_reader.py
Log:
- move p declaration into proper place
- use parseSPEC only when it is really needed
Modified: security/cve_reader.py
==============================================================================
--- security/cve_reader.py (original)
+++ security/cve_reader.py Fri Nov 2 23:37:41 2007
@@ -3,7 +3,7 @@
# CVE security reader for pld-linux.org purpose
# Basically it parses commits.log and searches for "CVE" keyword, then it generates a .xml file
#
-# authors: megabajt, shadzik (@pld-linux.org)
+# Authors: megabajt, shadzik (@pld-linux.org)
import os
import sys
@@ -75,38 +75,50 @@
if lines[i] == "$Log$":
cve = []
cvslog = 1
+ foundrange = 0
while (i + cvslog < len(lines) and not re.match('^Index\:.*\.spec', lines[i + cvslog])):
if re.match('.*Revision.*', lines[i+cvslog]):
- # Set new revison data
- p = lines[i+cvslog].split(" ")
if len(cve) > 0:
- # Save CVEs from the last revision
- # p[1] is the revision and p[3] the date of the commit
- if r_rev:
- addCVEnote(rootnode, spec, cve, r_rev, r_date)
+ # Check if parseSPEC has to be used
+ if foundrange == 1:
+ psdata = parseSPEC(spec, mem).split(" ")
+
+ # Save CVEs from the last revision
+ # psdata[0] is the revision and psdata[1] is the date of commit
+ addCVEnote(rootnode, spec, cve, psdata[0], psdata[1])
else:
+ # Save CVEs from the last revision
+ # p[1] is the revision and p[3] the date of the commit
addCVEnote(rootnode, spec, cve, p[1], p[3])
+
+ # Clear cve list
cve = []
+
+ # Set new revison data
+ p = lines[i+cvslog].split(" ")
+
+ foundrange = 0
+
else:
- # Check if in added line exists some CVE note
- if re.match('^\+.*(CVE-[0-9\-]+)', lines[i+cvslog]):
- # Good, found CVE entries. Extract them!
- cve_list = re.findall("CVE-[0-9\-]+", lines[i+cvslog])
- for iter in range(len(cve_list)):
- cve.append(cve_list[iter])
# if CVE entries were added later in another revision, search for the real revision they
# apply to in the spec not in commits.log
- if re.findall('^@@', lines[i+cvslog]):
- # remember the next line after "@@"
+ if re.match('^@@.*', lines[i+cvslog]):
+ foundrange = 1
+
+ # Remember the next line after "@@" (used by parseSPEC)
mem = lines[i+cvslog+1]
- # and parse the spec instead of commits.log
- try:
- d = parseSPEC(spec, mem).split(" ")
- r_rev = d[0]
- r_date = d[1]
- except(AttributeError):
- pass
+ # ...but if next line is empty (end of the commit log) parseSPEC shouldn't be called
+ if mem == "":
+ foundrange = 0
+ else:
+ # Check if in added line exists some CVE note
+ if re.match('^\+.*(CVE-[0-9\-]+)', lines[i+cvslog]):
+ # Good, found CVE entries. Extract them!
+ cve_list = re.findall("CVE-[0-9\-]+", lines[i+cvslog])
+ for iter in range(len(cve_list)):
+ cve.append(cve_list[iter])
+
cvslog = cvslog + 1
if len(cve) > 0:
@@ -126,7 +138,7 @@
fs.write(size[6])
fs.close()
-# parse spec file to getthe real revision of CVE entries that were added later somewhere in the ChangeLog
+# parse spec file to get the real revision of CVE entries that were added later somewhere in the ChangeLog
def parseSPEC(spec, mem):
os.popen("cvs -d %s get %s%s" % (CVSROOT, CVSMODULE, spec))
if os.path.isfile("%s%s" % (CVSMODULE, spec)):
More information about the pld-cvs-commit
mailing list