/[secure-testing]/bin/check-new-issues
ViewVC logotype

Contents of /bin/check-new-issues

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5190 - (hide annotations) (download)
Wed Dec 27 23:25:37 2006 UTC (6 years, 4 months ago) by stef-guest
File size: 5415 byte(s) 
- change regexp to select TODOs from "TODO: check" to "TODO: check$";
  old behaviour available with -T
  any regexp can be specified with -t
- regexp for selection of issues based on name can be changed with -i
1 stef-guest 4941 #!/usr/bin/perl
2    
3     use strict;
4     use File::Temp;
5     use Getopt::Std;
6     #use Smart::Comments;
7    
8     my %opts;
9 stef-guest 5190 getopts('ln:fhi:t:T', \%opts);
10 stef-guest 4941
11     if ($opts{h}) {
12     print <<"EOF";
13     downloads allitems.txt from cve.mitre.org and shows full decription for each
14     "TODO: check" item (2003 and newer). Then
15    
16     - tries to guess product name and php filename and does
17     apt-cache and apt-file search
18     - waits for input:
19     * blank line to skip to next issue
20     * .fname to do "apt-file search name"
21     * .cname to do "apt-cache search name"
22     * v or e to launch an editor with the current item
23     * q to save and quit
24     * CTRL-C to quit without saving
25     * everything else is inserted as product name for a NOT-FOR-US
26    
27     Use "svn diff" and "svn revert" as needed ;-)
28    
29     OPTIONS: [ -l [-n <n>] [-f] ]
30 stef-guest 5190 -l : just list issues
31     -n <n> : show max n lines of each description (default 2)
32     -f : show full CVE/list entry as well
33     -i regexp : use regexp to select issues (default: 'CVE-200[3-9]' )
34     -t regexp : use regexp to select todos (default: '^\s+TODO: check$' )
35     -T : same as -t '^\s+TODO: check' (note the missing $)
36 stef-guest 4941
37     EOF
38    
39     exit(0);
40     }
41    
42     # TODO/BUGS:
43     # - go back to previous issue / undo
44     # - handle entries with several TODO lines
45     # - handle claimed-by
46     # - look for ITPs?
47    
48     my $datafile="./secure-testing/data/CVE/list";
49     my $allitemsfile="gunzip -c allitems.txt.gz|";
50     my $allitemsurl="http://cve.mitre.org/cve/downloads/allitems.txt.gz";
51    
52 stef-guest 5190 my $issue_regexp= $opts{i} || 'CVE-200[3-9]';
53     my $todo_regexp= $opts{t} || ( $opts{T} ? '^\s+TODO: check' : '^\s+TODO: check$' );
54    
55 stef-guest 4941 my $editor=$ENV{EDITOR} || $ENV{VISUAL} || "vi";
56    
57     system "wget -N $allitemsurl";
58    
59    
60     print "Reading data...\n";
61    
62     my $entries=read_file($datafile, qr/^CVE/ );
63     my $CVEs=read_file($allitemsfile, qr/^=+$/ );
64     my $data;
65     my @todos;
66     my %afcache;
67    
68     foreach my $cve (@{$CVEs}) {
69     $cve =~ /^Name:\s*(CVE\S+)/m or next;
70     $data->{$1}->{CVE}=\$cve;
71     }
72    
73    
74     foreach my $entry (@{$entries}) {
75     my $name;
76     if ( $entry =~ /^(CVE-....-\d\d\d\d)/ ) {
77     $name=$1;
78     }
79     elsif ( $entry =~ /^(CVE-....-XXXX.*)\n/ ){
80     $name=$1;
81     }
82     else {
83     die "invlid entry:\n$entry";
84     }
85     $data->{$name}->{entry}=\$entry;
86 stef-guest 5190 if ( $entry =~ /$todo_regexp/m
87     and $name =~ /$issue_regexp/ ) {
88 stef-guest 4941 push @todos, $name;
89     }
90     }
91    
92     print scalar(@{$CVEs}), "/", scalar(@{$entries}), "/", scalar(@todos), "\n";
93    
94     if ($opts{l}) {
95     #list only
96     foreach my $todo (reverse sort @todos) {
97     my $desc=description($todo);
98     if ($desc) {
99     my $lines=$opts{n} || 2;
100     if ($desc =~ /((?:.*\n){1,$lines})/) {
101     $desc = $1;
102     $desc =~ s/^/ /mg;
103     if ($opts{f}) {
104     print ${$data->{$todo}->{entry}}, $desc;
105     }
106     else {
107     print "$todo:\n$desc";
108     }
109     }
110     }
111     else {
112     print "${$data->{$todo}->{entry}}";
113     }
114     }
115     exit 0;
116     }
117    
118     TODO: foreach my $todo (reverse sort @todos) {
119     print ${$data->{$todo}->{CVE}} if $data->{$todo}->{CVE};
120     print ${$data->{$todo}->{entry}};
121    
122     auto_search($todo);
123    
124     READ: while (my $r=<STDIN>) {
125     chomp $r;
126     if ($r =~ /^\s*$/) {
127     next TODO;
128     }
129     elsif ($r=~ /^\.c(.*)$/ ) {
130     my $s = $1;
131     $s =~ tr{a-zA-Z0-9_@-}{ }cs;
132     print "=== apt-cache search $s :\n";
133     system("apt-cache search $s|less -FX");
134     print "===\n";
135     next READ;
136     }
137     elsif ($r=~ /^\.f(.*)$/ ) {
138     my $s = $1;
139     $s =~ s/^\s*(.*?)\s*$/$1/;
140     print "=== apt-file search '$s':\n";
141     system("apt-file search '$s'|less -FX");
142     print "===\n";
143     next READ;
144     }
145     elsif ($r=~ /^q$/i ) {
146     last TODO;
147     }
148     elsif ($r=~ /^[ve]$/i ) {
149     my $newentry=edit_entry(${$data->{$todo}->{entry}});
150     if ( $newentry eq ${$data->{$todo}->{entry}} ) {
151     print "Not changed.\n";
152     next READ;
153     }
154     else {
155     ${$data->{$todo}->{entry}}=$newentry;
156     print "New entry set to:\n$newentry";
157     next TODO;
158     }
159     }
160     else {
161     ${$data->{$todo}->{entry}} =~
162     s/^\s*TODO: check/\tNOT-FOR-US: $r/m ;
163     print "New entry set to:\n${$data->{$todo}->{entry}}";
164     next TODO;
165     }
166     }
167     }
168    
169     open(my $fh, ">", $datafile);
170     print $fh @{$entries};
171     close($fh);
172    
173     sub description {
174     my $name=shift;
175    
176     defined $data->{$name}->{CVE} or return "";
177    
178     ${$data->{$name}->{CVE}} =~ /\n\n(.*)^Current Votes:/ms;
179     my $desc = $1;
180     $desc =~ s/\n\n+/\n/;
181    
182     return $desc;
183     }
184    
185     sub read_file
186     {
187     my $file=shift;
188     my $re=shift;
189    
190    
191     open(my $fh, $file) or die "could not open $file";
192    
193     my @data;
194     my $cur="";
195     while (my $line=<$fh>) {
196     if ($line =~ $re and $cur) {
197     push @data, $cur;
198     $cur = "";
199     }
200     $cur.=$line;
201     }
202     push @data, $cur if $cur;
203    
204     close($fh);
205    
206    
207     return \@data;
208     }
209    
210    
211     sub edit_entry {
212     my $entry=shift;
213     my $tmp=new File::Temp();
214     my $tmpname=$tmp->filename;
215     print $tmp $entry;
216     close $tmp;
217     system "$editor $tmpname";
218    
219     local $/; #slurp
220     open($tmp, $tmpname);
221     return <$tmp>;
222    
223     }
224    
225     sub auto_search {
226     my $name=shift;
227    
228     my $desc=description($name);
229     $desc =~ s/[\s\n]+/ /g;
230    
231     my $file;
232     my $prog;
233     if ( $desc =~ / in (\S+\.\S+) in (\S+) / ) {
234     $file = $1;
235     $prog = $2;
236     }
237     elsif ( $desc =~ / in (?:the )?(\S+) / ) {
238     $prog = $1;
239     }
240     if ($prog) {
241     print "doing apt-cache search...";
242     my $ac=`apt-cache search '$prog' |wc -l`;
243     chomp $ac;
244     print "\r$ac results from apt-cache search $prog\n";
245     }
246     if ( $file eq 'index.php' ) {
247     return;
248     }
249     if ( $file =~ /(php3?|asp|cgi)$/ ) {
250     if (! exists $afcache{$file}) {
251     print "doing apt-file search...";
252     $afcache{$file}=`apt-file -i search '$file' |wc -l`;
253     chomp $afcache{$file};
254     }
255     print "\r$afcache{$file} results from apt-file -i search $file\n";
256     }
257     }

Properties

Name Value
svn:executable *
  ViewVC Help
Powered by ViewVC 1.1.5