Contents of /bin/check-new-issues

#!/usr/bin/perl

use strict;
use File::Temp;
use Getopt::Std;
#use Smart::Comments;
use Term::ReadLine;

my %opts;
getopts('ln:fhi:t:Tca:e:uU', \%opts);

sub print_commands {
    print <<'EOF';
  * blank line to skip to next issue
  * .fname to do "apt-file search name"
  * .cname to do "apt-cache search name"
  * .wname to look up name in wnpp
  * .mpackage to search data/embedded-code-copies for "package"
  * .rpackage to launch an editor with a report of the issue against "package"
  * !command to execute a command with system() without any escaping
  * v or e to launch an editor with the current item
  * q to save and quit
  * CTRL-C to quit without saving
  * everything else is inserted as product name for a NOT-FOR-US
EOF
}

if ($opts{h}) {
    print <<'EOF';
downloads allitems.txt from cve.mitre.org and shows full decription for each
"TODO: check" item (2003 and newer). Then

- tries to guess product name and php filename and does 
  apt-cache and apt-file search
- waits for input:
EOF
    print_commands;
    print <<'EOF';

Use "svn diff" and "svn revert" as needed ;-)

OPTIONS: [ -l [-n <n>] [-f] ]
-l        : just list issues 
-n <n>    : show max n lines of each description (default 2)
-f        : show full CVE/list entry as well
-i regexp : use regexp to select todos (default: 'CVE-20(?:0[3-9]|1[0-9])' )
-t regexp : use regexp to select todos (default: '^\s+TODO: check$' )
-T        : same as -t '^\s+TODO: check' (note the missing $)
-u        : also show unfixed issues without bug reference
-U        : only show unfixed issues without bug reference instead of TODO items
-c        : only do syntax check of embedded-code-copies
-e <file> : use <file> for embedded-code-copies, "-" for STDIN
-a <n>    : If automatic apt-cache/apt-file search gives more than n results,
            display only the count (default 10)

EOF

    exit(0);
}

# TODO/BUGS:
# - go back to previous issue / undo
# - handle entries with several TODO lines
# - handle claimed-by


my $basedir;
if (-e "secure-testing/data/CVE/list") {
        $basedir="secure-testing";
} elsif (-e "data/CVE/list") {
        $basedir=".";
} elsif (-e "../data/CVE/list") {
        $basedir="..";
}


my $embed_code = {};
my $embed_pkg = {};
my $embed_errors;

read_embedded_copies();

if ($opts{c}) {
        exit($embed_errors);
}


my $datafile="$basedir/data/CVE/list";
my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz|";
my $allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz";
my $removedfile="$basedir/data/packages/removed-packages";
my $wnppurl="http://qa.debian.org/data/bts/wnpp_rm";
my $wnppfile="../wnpp_rm";

my $issue_regexp= $opts{i} || 'CVE-20(?:0[3-9]|1[0-9])';
my $todo_regexp= $opts{t} || ( $opts{T} ? '^\s+TODO: check' : '^\s+TODO: check$' );
my $auto_display_limit = 10;
$auto_display_limit = $opts{a} if defined $opts{a};

my $editor=$ENV{EDITOR} || $ENV{VISUAL} || "vi";

system "cd $basedir/.. ; wget -N $allitemsurl";
system "cd $basedir/.. ; wget -N $wnppurl";


print "Reading data...\n";

my $entries=read_file($datafile, qr/^CVE/ );
my $CVEs=read_file($allitemsfile, qr/^=+$/ );
my $data;
my @todos;
my %afcache;
my $num_todo;
my $num_missing_bug;

foreach my $cve (@{$CVEs}) {
        $cve =~ /^Name:\s*(CVE\S+)/m or next;
        $data->{$1}->{CVE}=\$cve;
}

my %wnpp;
open(WNPP, $wnppfile) or die "could not open $wnppfile";
while (<WNPP>) {
        next unless (m/^([\w.-]+): ((?:ITP|RFP) .+)$/);
        $wnpp{lc $1} = $2;
}
close(WNPP);

# packages that should be ignored by -u/-U
my @ignore_missing_bug_list = qw/linux-2.6 linux-2.6.24
        kfreebsd-source kfreebsd-5 kfreebsd-6 kfreebsd-7
        mozilla mozilla-firefox mozilla-thunderbird firefox
        php4
        gnutls11
        /;
my %ignore_missing_bug;
if ($opts{u} || $opts{U}) {
        push @ignore_missing_bug_list, read_removed_packages_file($removedfile);
        $ignore_missing_bug{$_} = 1 for @ignore_missing_bug_list;
}

foreach my $entry (@{$entries}) {
        my $name;
        if ( $entry =~ /^(CVE-....-\d\d\d\d)/ ) {
                $name=$1;
        }
        elsif ( $entry =~ /^(CVE-....-XXXX.*)\n/ ){
                $name=$1;
        }
        else {
                die "invlid entry:\n$entry";
        }
        $data->{$name}->{entry}=\$entry;
        if ($name =~ /$issue_regexp/) {
                if (!$opts{U} && $entry =~ /$todo_regexp/m ) {
                        push @todos, $name;
                        $num_todo++;
                }
                elsif ( ($opts{u} || $opts{U})
                    && $entry =~ /^\s+-\s+(\S+)\s+<unfixed>(.*)$/m
                    && ! exists $ignore_missing_bug{$1}
                    && $2 !~ /unimportant/
                    && $entry !~ /-\s+$1\s.*?bug #/m
                    ) {
                        push @todos, $name;
                        $num_missing_bug++;
                }
        }
}

print scalar(@{$CVEs}), " CVEs, ",
      scalar(@{$entries}) - scalar(@{$CVEs}),  " temp issues";
print ", $num_todo todos matching /$todo_regexp/" if $num_todo;
print ", $num_missing_bug entries with missing bug reference" if $num_missing_bug;
print "\n";

if ($opts{l}) {
        #list only
        foreach my $todo (reverse sort @todos) {
                my $desc=description($todo);
                if ($desc) {
                        my $lines=$opts{n} || 2;
                        if ($desc =~ /((?:.*\n){1,$lines})/) {
                                $desc = $1;
                                $desc =~ s/^/               /mg;
                                if ($opts{f}) {
                                        print ${$data->{$todo}->{entry}}, $desc;
                                }
                                else {
                                        print "$todo:\n$desc";
                                }
                        }
                }
                else {
                        print "${$data->{$todo}->{entry}}";
                }
        }
        exit 0;
}


my $term = new Term::ReadLine 'check-new-issues';
if ($term->ReadLine() eq 'Term::ReadLine::Stub') {
        print "Install libterm-readline-gnu-perl to get readline support!\n";
}

TODO: foreach my $todo (reverse sort @todos) {
        print ${$data->{$todo}->{CVE}} if $data->{$todo}->{CVE};
        print ${$data->{$todo}->{entry}};

        auto_search($todo);
        
    READ: while (my $r=$term->readline(">") ) {
                chomp $r;
                if ($r =~ /^\s*$/) {
                        next TODO;
                }
                elsif ($r=~ /^\.c(.*)$/ ) {
                        my $s = $1;
                        $s =~ tr{a-zA-Z0-9_@-}{ }cs;
                        print "=== apt-cache search $s :\n";
                        system("apt-cache search $s|less -FX");
                        print "===\n";
                        next READ;
                }
                elsif ($r=~ /^\.f(.*)$/ ) {
                        my $s = $1;
                        $s =~ s/^\s*(.*?)\s*$/$1/;
                        $s = quotemeta($s);
                        print "=== apt-file search $s:\n";
                        system("apt-file search $s|less -FX");
                        print "===\n";
                        next READ;
                }
                elsif ($r=~ /^\.w(.*)$/ ) {
                        my $s = $1;
                        $s =~ s/^\s*(.*?)\s*$/$1/;
                        print "=== wnpp lookup for '$s':\n";
                        search_wnpp($s);
                        print "===\n";
                        next READ;
                }
                elsif ($r=~ /^\.m(.*)$/ ) {
                        my $s = $1;
                        $s =~ s/^\s+//;
                        $s =~ s/\s+$//;
                        print "references to $s in embedded-code-copies:\n";
                        search_embed($s) or print "none\n";
                        next READ;
                }
                elsif ($r=~ /^.h/i ) {
                        print_commands;
                        next READ;
                }
                elsif ($r=~ /^!(.+)$/ ) {
                        system($1);
                        print "exit status: $?\n";
                        next READ;
                }
                elsif ($r=~ /^q$/i ) {
                        last TODO;
                }
                elsif ($r=~ /^[ve]$/i ) {
                        my $newentry=edit_entry(${$data->{$todo}->{entry}});
                        if ( $newentry eq ${$data->{$todo}->{entry}} ) {
                                print "Not changed.\n";
                                next READ;
                        }
                        else {
                                ${$data->{$todo}->{entry}}=$newentry;
                                print "New entry set to:\n$newentry";
                                next TODO;
                        }
                }
                elsif ($r=~ /^\.r(.*)$/ ) {
                        my $tmp=new File::Temp();
                        my $tmpname=$tmp->filename;
                        system("$basedir/bin/report-vuln $1 $todo > $tmpname");
                        system("$editor $tmpname");
                        close($tmp);
                        next READ;
                }
                else {
                        ${$data->{$todo}->{entry}} =~
                                s/^\s*TODO: check/\tNOT-FOR-US: $r/m ;
                                print "New entry set to:\n${$data->{$todo}->{entry}}";
                        next TODO;
                }
        }
}

open(my $fh, ">", $datafile);
print $fh @{$entries};
close($fh);

sub description {
        my $name=shift;

        defined $data->{$name}->{CVE} or return "";
        
        ${$data->{$name}->{CVE}} =~ /\n\n(.*)^Current Votes:/ms;
        my $desc = $1;
        $desc =~ s/\n\n+/\n/;
        
        return $desc;
}

sub read_file
{
        my $file=shift;
        my $re=shift;
        
        
        open(my $fh, $file) or die "could not open $file";
        
        my @data;
        my $cur="";
        while (my $line=<$fh>) {
                if ($line =~ $re and $cur) {
                        push @data, $cur;
                        $cur = "";
                }
                $cur.=$line;
        }
        push @data, $cur if $cur;
        
        close($fh);
        
        
        return \@data;
}


sub edit_entry {
        my $entry=shift;
        my $tmp=new File::Temp();
        my $tmpname=$tmp->filename;
        print $tmp $entry;
        close $tmp;
        system "$editor $tmpname";
        
        local $/; #slurp
        open($tmp, $tmpname);
        return <$tmp>;
        
}

sub auto_search {
        my $name=shift;
        
        my $desc=description($name);
        $desc =~ s/[\s\n]+/ /g;
        
        my $file;
        my $prog;
        if ( $desc =~ /^(\S+(?: [A-Z]\w*)*) \d/ ) {
                $prog = $1;
        }
        elsif ( $desc =~ / in (\S+\.\S+) in (?:the )?(\S+) / ) {
                $file = $1;
                $prog = $2;
        }
        elsif ( $desc =~ / in (?:the )?(\S+) / ) {
                $prog = $1;
        }
        if ($prog) {
                my $prog_esc =$prog;
                $prog_esc =~ tr{a-zA-Z0-9_@/-}{ }cs;
                print "doing apt-cache search...";
                my @ac=`apt-cache search $prog_esc`;
                if (scalar @ac > $auto_display_limit || scalar @ac == 0) {
                        print "\r", scalar @ac, " results from apt-cache search $prog_esc\n";
                }
                else {
                        print "\r=== apt-cache search $prog_esc:\n", @ac, "===\n";
                }

                foreach my $p (split /\s+/, $prog) {
                        search_embed($p);
                        search_wnpp(qr<^\Q$p\E$>);
                }
        }
        if ( $file =~ /^(?:index|default|login|search|admin)\.(?:php3?|asp|cgi|pl)$/i ) {
                return;
        }
        if ( $file =~ /(php3?|asp|cgi|pl)$/ ) {
                if (! exists $afcache{$file}) {
                        my $file_esc = quotemeta($file);
                        print "doing apt-file search...";
                        $afcache{$file}=[`apt-file -i search $file_esc`];
                        if (scalar @{$afcache{$file}} > $auto_display_limit) {
                                # replace with empty array to save mem
                                my $num = scalar @{$afcache{$file}};
                                $afcache{$file} = [];
                                $afcache{$file}->[$num-1] = undef;
                        }
                }
                if (scalar @{$afcache{$file}} > $auto_display_limit ||
                    scalar @{$afcache{$file}} == 0) {
                        print "\r", scalar @{$afcache{$file}},
                              " results from apt-file -i search $file\n";
                }
                else {
                        print "\r=== apt-file -i search $file:\n", @{$afcache{$file}}, "===\n";
                }
        }
}

sub read_embedded_copies {
        my $emb_file = $opts{e} || "$basedir/data/embedded-code-copies";
        open(my $fh, $emb_file);

        # skip comments
        while (<$fh>) {
                last if /^---BEGIN/; 
        }
        
        my ($code, $pkg);
        while (my $line = <$fh>) {
                if ($line =~ /^([-\w]+)/) {
                        $code = lc($1);
                        $pkg  = undef;
                        if (exists $embed_code->{$code}) {
                                syntax_error("Duplicate embedded code $code")
                        }
                }
                elsif ($line =~ /^\s*$/) {
                        $code = undef;
                        $pkg = undef;
                }
                elsif ($line =~ /^\s+(?:\[\w+\]\s+)?-\s+(\w[\w.-]+)/) {
                        $pkg = $1;
                        $line =~ s/^\s+//;
                        if ($embed_code->{$code}->{$pkg}) {
                                $embed_code->{$code}->{$pkg} .= $line;
                        }
                        else {
                                $embed_code->{$code}->{$pkg} = $line;
                                push @{$embed_pkg->{$pkg}}, $code;
                        }
                }
                elsif ($line =~ /^\s+(?:NOTE|TODO)/) {
                        $line =~ s/^\s+//;
                        if ($pkg) {
                                $embed_code->{$code}->{$pkg} .= $line;
                        }
                }
                else {
                        syntax_error("Cannot parse $line");
                }
        }
}

sub syntax_error {
        $embed_errors=1;
        print STDERR "embedded-code-copies:$.: @_\n";
}

sub search_embed {
        my $text = shift;
        my $found = 0;
        $text = lc($text);
        if (exists $embed_code->{$text}) {
                print "$text is embedded by: ",
                      join(" ", sort keys %{$embed_code->{$text}}),
                      "\n";
                $found = 1;
        }
        if (exists $embed_pkg->{$text}) {
                print "$text embeds: ",
                      join(" ", sort @{$embed_pkg->{$text}}),
                      "\n";
                $found = 1;
        }
        return $found;
}

sub search_wnpp {
        my $s = shift;
        $s = lc $s;
        my $found = 0;
        foreach my $e (keys %wnpp) {
            next unless ($e =~ m/$s/);
            print "$e: $wnpp{$e}\n";
            $found = 1;
        }
        return $found;
}

sub read_removed_packages_file {
        my $file = shift;

        open(my $fh, "<", $file) or die "could not open $file";
        my @packages;
        my $line;
        while (defined ($line = <$fh>)) {
                chomp $line;
                $line =~ s/^\s+//;
                $line =~ s/\s+$//;
                next if $line =~ /^$/;
                next if $line =~ /^#/;
                push @packages, $line;
        }
        return @packages;
}
1	#!/usr/bin/perl
2
3	use strict;
4	use File::Temp;
5	use Getopt::Std;
6	#use Smart::Comments;
7	use Term::ReadLine;
8
9	my %opts;
10	getopts('ln:fhi:t:Tca:e:uU', \%opts);
11
12	sub print_commands {
13	print <<'EOF';
14	* blank line to skip to next issue
15	* .fname to do "apt-file search name"
16	* .cname to do "apt-cache search name"
17	* .wname to look up name in wnpp
18	* .mpackage to search data/embedded-code-copies for "package"
19	* .rpackage to launch an editor with a report of the issue against "package"
20	* !command to execute a command with system() without any escaping
21	* v or e to launch an editor with the current item
22	* q to save and quit
23	* CTRL-C to quit without saving
24	* everything else is inserted as product name for a NOT-FOR-US
25	EOF
26	}
27
28	if ($opts{h}) {
29	print <<'EOF';
30	downloads allitems.txt from cve.mitre.org and shows full decription for each
31	"TODO: check" item (2003 and newer). Then
32
33	- tries to guess product name and php filename and does
34	apt-cache and apt-file search
35	- waits for input:
36	EOF
37	print_commands;
38	print <<'EOF';
39
40	Use "svn diff" and "svn revert" as needed ;-)
41
42	OPTIONS: [ -l [-n <n>] [-f] ]
43	-l : just list issues
44	-n <n> : show max n lines of each description (default 2)
45	-f : show full CVE/list entry as well
46	-i regexp : use regexp to select todos (default: 'CVE-20(?:0[3-9]\|1[0-9])' )
47	-t regexp : use regexp to select todos (default: '^\s+TODO: check$' )
48	-T : same as -t '^\s+TODO: check' (note the missing $)
49	-u : also show unfixed issues without bug reference
50	-U : only show unfixed issues without bug reference instead of TODO items
51	-c : only do syntax check of embedded-code-copies
52	-e <file> : use <file> for embedded-code-copies, "-" for STDIN
53	-a <n> : If automatic apt-cache/apt-file search gives more than n results,
54	display only the count (default 10)
55
56	EOF
57
58	exit(0);
59	}
60
61	# TODO/BUGS:
62	# - go back to previous issue / undo
63	# - handle entries with several TODO lines
64	# - handle claimed-by
65
66
67	my $basedir;
68	if (-e "secure-testing/data/CVE/list") {
69	$basedir="secure-testing";
70	} elsif (-e "data/CVE/list") {
71	$basedir=".";
72	} elsif (-e "../data/CVE/list") {
73	$basedir="..";
74	}
75
76
77	my $embed_code = {};
78	my $embed_pkg = {};
79	my $embed_errors;
80
81	read_embedded_copies();
82
83	if ($opts{c}) {
84	exit($embed_errors);
85	}
86
87
88	my $datafile="$basedir/data/CVE/list";
89	my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz\|";
90	my $allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz";
91	my $removedfile="$basedir/data/packages/removed-packages";
92	my $wnppurl="http://qa.debian.org/data/bts/wnpp_rm";
93	my $wnppfile="../wnpp_rm";
94
95	my $issue_regexp= $opts{i} \|\| 'CVE-20(?:0[3-9]\|1[0-9])';
96	my $todo_regexp= $opts{t} \|\| ( $opts{T} ? '^\s+TODO: check' : '^\s+TODO: check$' );
97	my $auto_display_limit = 10;
98	$auto_display_limit = $opts{a} if defined $opts{a};
99
100	my $editor=$ENV{EDITOR} \|\| $ENV{VISUAL} \|\| "vi";
101
102	system "cd $basedir/.. ; wget -N $allitemsurl";
103	system "cd $basedir/.. ; wget -N $wnppurl";
104
105
106	print "Reading data...\n";
107
108	my $entries=read_file($datafile, qr/^CVE/ );
109	my $CVEs=read_file($allitemsfile, qr/^=+$/ );
110	my $data;
111	my @todos;
112	my %afcache;
113	my $num_todo;
114	my $num_missing_bug;
115
116	foreach my $cve (@{$CVEs}) {
117	$cve =~ /^Name:\s*(CVE\S+)/m or next;
118	$data->{$1}->{CVE}=\$cve;
119	}
120
121	my %wnpp;
122	open(WNPP, $wnppfile) or die "could not open $wnppfile";
123	while (<WNPP>) {
124	next unless (m/^([\w.-]+): ((?:ITP\|RFP) .+)$/);
125	$wnpp{lc $1} = $2;
126	}
127	close(WNPP);
128
129	# packages that should be ignored by -u/-U
130	my @ignore_missing_bug_list = qw/linux-2.6 linux-2.6.24
131	kfreebsd-source kfreebsd-5 kfreebsd-6 kfreebsd-7
132	mozilla mozilla-firefox mozilla-thunderbird firefox
133	php4
134	gnutls11
135	/;
136	my %ignore_missing_bug;
137	if ($opts{u} \|\| $opts{U}) {
138	push @ignore_missing_bug_list, read_removed_packages_file($removedfile);
139	$ignore_missing_bug{$_} = 1 for @ignore_missing_bug_list;
140	}
141
142	foreach my $entry (@{$entries}) {
143	my $name;
144	if ( $entry =~ /^(CVE-....-\d\d\d\d)/ ) {
145	$name=$1;
146	}
147	elsif ( $entry =~ /^(CVE-....-XXXX.*)\n/ ){
148	$name=$1;
149	}
150	else {
151	die "invlid entry:\n$entry";
152	}
153	$data->{$name}->{entry}=\$entry;
154	if ($name =~ /$issue_regexp/) {
155	if (!$opts{U} && $entry =~ /$todo_regexp/m ) {
156	push @todos, $name;
157	$num_todo++;
158	}
159	elsif ( ($opts{u} \|\| $opts{U})
160	&& $entry =~ /^\s+-\s+(\S+)\s+<unfixed>(.*)$/m
161	&& ! exists $ignore_missing_bug{$1}
162	&& $2 !~ /unimportant/
163	&& $entry !~ /-\s+$1\s.*?bug #/m
164	) {
165	push @todos, $name;
166	$num_missing_bug++;
167	}
168	}
169	}
170
171	print scalar(@{$CVEs}), " CVEs, ",
172	scalar(@{$entries}) - scalar(@{$CVEs}), " temp issues";
173	print ", $num_todo todos matching /$todo_regexp/" if $num_todo;
174	print ", $num_missing_bug entries with missing bug reference" if $num_missing_bug;
175	print "\n";
176
177	if ($opts{l}) {
178	#list only
179	foreach my $todo (reverse sort @todos) {
180	my $desc=description($todo);
181	if ($desc) {
182	my $lines=$opts{n} \|\| 2;
183	if ($desc =~ /((?:.*\n){1,$lines})/) {
184	$desc = $1;
185	$desc =~ s/^/ /mg;
186	if ($opts{f}) {
187	print ${$data->{$todo}->{entry}}, $desc;
188	}
189	else {
190	print "$todo:\n$desc";
191	}
192	}
193	}
194	else {
195	print "${$data->{$todo}->{entry}}";
196	}
197	}
198	exit 0;
199	}
200
201
202	my $term = new Term::ReadLine 'check-new-issues';
203	if ($term->ReadLine() eq 'Term::ReadLine::Stub') {
204	print "Install libterm-readline-gnu-perl to get readline support!\n";
205	}
206
207	TODO: foreach my $todo (reverse sort @todos) {
208	print ${$data->{$todo}->{CVE}} if $data->{$todo}->{CVE};
209	print ${$data->{$todo}->{entry}};
210
211	auto_search($todo);
212
213	READ: while (my $r=$term->readline(">") ) {
214	chomp $r;
215	if ($r =~ /^\s*$/) {
216	next TODO;
217	}
218	elsif ($r=~ /^\.c(.*)$/ ) {
219	my $s = $1;
220	$s =~ tr{a-zA-Z0-9_@-}{ }cs;
221	print "=== apt-cache search $s :\n";
222	system("apt-cache search $s\|less -FX");
223	print "===\n";
224	next READ;
225	}
226	elsif ($r=~ /^\.f(.*)$/ ) {
227	my $s = $1;
228	$s =~ s/^\s(.?)\s*$/$1/;
229	$s = quotemeta($s);
230	print "=== apt-file search $s:\n";
231	system("apt-file search $s\|less -FX");
232	print "===\n";
233	next READ;
234	}
235	elsif ($r=~ /^\.w(.*)$/ ) {
236	my $s = $1;
237	$s =~ s/^\s(.?)\s*$/$1/;
238	print "=== wnpp lookup for '$s':\n";
239	search_wnpp($s);
240	print "===\n";
241	next READ;
242	}
243	elsif ($r=~ /^\.m(.*)$/ ) {
244	my $s = $1;
245	$s =~ s/^\s+//;
246	$s =~ s/\s+$//;
247	print "references to $s in embedded-code-copies:\n";
248	search_embed($s) or print "none\n";
249	next READ;
250	}
251	elsif ($r=~ /^.h/i ) {
252	print_commands;
253	next READ;
254	}
255	elsif ($r=~ /^!(.+)$/ ) {
256	system($1);
257	print "exit status: $?\n";
258	next READ;
259	}
260	elsif ($r=~ /^q$/i ) {
261	last TODO;
262	}
263	elsif ($r=~ /^[ve]$/i ) {
264	my $newentry=edit_entry(${$data->{$todo}->{entry}});
265	if ( $newentry eq ${$data->{$todo}->{entry}} ) {
266	print "Not changed.\n";
267	next READ;
268	}
269	else {
270	${$data->{$todo}->{entry}}=$newentry;
271	print "New entry set to:\n$newentry";
272	next TODO;
273	}
274	}
275	elsif ($r=~ /^\.r(.*)$/ ) {
276	my $tmp=new File::Temp();
277	my $tmpname=$tmp->filename;
278	system("$basedir/bin/report-vuln $1 $todo > $tmpname");
279	system("$editor $tmpname");
280	close($tmp);
281	next READ;
282	}
283	else {
284	${$data->{$todo}->{entry}} =~
285	s/^\s*TODO: check/\tNOT-FOR-US: $r/m ;
286	print "New entry set to:\n${$data->{$todo}->{entry}}";
287	next TODO;
288	}
289	}
290	}
291
292	open(my $fh, ">", $datafile);
293	print $fh @{$entries};
294	close($fh);
295
296	sub description {
297	my $name=shift;
298
299	defined $data->{$name}->{CVE} or return "";
300
301	${$data->{$name}->{CVE}} =~ /\n\n(.*)^Current Votes:/ms;
302	my $desc = $1;
303	$desc =~ s/\n\n+/\n/;
304
305	return $desc;
306	}
307
308	sub read_file
309	{
310	my $file=shift;
311	my $re=shift;
312
313
314	open(my $fh, $file) or die "could not open $file";
315
316	my @data;
317	my $cur="";
318	while (my $line=<$fh>) {
319	if ($line =~ $re and $cur) {
320	push @data, $cur;
321	$cur = "";
322	}
323	$cur.=$line;
324	}
325	push @data, $cur if $cur;
326
327	close($fh);
328
329
330	return \@data;
331	}
332
333
334	sub edit_entry {
335	my $entry=shift;
336	my $tmp=new File::Temp();
337	my $tmpname=$tmp->filename;
338	print $tmp $entry;
339	close $tmp;
340	system "$editor $tmpname";
341
342	local $/; #slurp
343	open($tmp, $tmpname);
344	return <$tmp>;
345
346	}
347
348	sub auto_search {
349	my $name=shift;
350
351	my $desc=description($name);
352	$desc =~ s/[\s\n]+/ /g;
353
354	my $file;
355	my $prog;
356	if ( $desc =~ /^(\S+(?: [A-Z]\w)) \d/ ) {
357	$prog = $1;
358	}
359	elsif ( $desc =~ / in (\S+\.\S+) in (?:the )?(\S+) / ) {
360	$file = $1;
361	$prog = $2;
362	}
363	elsif ( $desc =~ / in (?:the )?(\S+) / ) {
364	$prog = $1;
365	}
366	if ($prog) {
367	my $prog_esc =$prog;
368	$prog_esc =~ tr{a-zA-Z0-9_@/-}{ }cs;
369	print "doing apt-cache search...";
370	my @ac=`apt-cache search $prog_esc`;
371	if (scalar @ac > $auto_display_limit \|\| scalar @ac == 0) {
372	print "\r", scalar @ac, " results from apt-cache search $prog_esc\n";
373	}
374	else {
375	print "\r=== apt-cache search $prog_esc:\n", @ac, "===\n";
376	}
377
378	foreach my $p (split /\s+/, $prog) {
379	search_embed($p);
380	search_wnpp(qr<^\Q$p\E$>);
381	}
382	}
383	if ( $file =~ /^(?:index\|default\|login\|search\|admin)\.(?:php3?\|asp\|cgi\|pl)$/i ) {
384	return;
385	}
386	if ( $file =~ /(php3?\|asp\|cgi\|pl)$/ ) {
387	if (! exists $afcache{$file}) {
388	my $file_esc = quotemeta($file);
389	print "doing apt-file search...";
390	$afcache{$file}=[`apt-file -i search $file_esc`];
391	if (scalar @{$afcache{$file}} > $auto_display_limit) {
392	# replace with empty array to save mem
393	my $num = scalar @{$afcache{$file}};
394	$afcache{$file} = [];
395	$afcache{$file}->[$num-1] = undef;
396	}
397	}
398	if (scalar @{$afcache{$file}} > $auto_display_limit \|\|
399	scalar @{$afcache{$file}} == 0) {
400	print "\r", scalar @{$afcache{$file}},
401	" results from apt-file -i search $file\n";
402	}
403	else {
404	print "\r=== apt-file -i search $file:\n", @{$afcache{$file}}, "===\n";
405	}
406	}
407	}
408
409	sub read_embedded_copies {
410	my $emb_file = $opts{e} \|\| "$basedir/data/embedded-code-copies";
411	open(my $fh, $emb_file);
412
413	# skip comments
414	while (<$fh>) {
415	last if /^---BEGIN/;
416	}
417
418	my ($code, $pkg);
419	while (my $line = <$fh>) {
420	if ($line =~ /^([-\w]+)/) {
421	$code = lc($1);
422	$pkg = undef;
423	if (exists $embed_code->{$code}) {
424	syntax_error("Duplicate embedded code $code")
425	}
426	}
427	elsif ($line =~ /^\s*$/) {
428	$code = undef;
429	$pkg = undef;
430	}
431	elsif ($line =~ /^\s+(?:\[\w+\]\s+)?-\s+(\w[\w.-]+)/) {
432	$pkg = $1;
433	$line =~ s/^\s+//;
434	if ($embed_code->{$code}->{$pkg}) {
435	$embed_code->{$code}->{$pkg} .= $line;
436	}
437	else {
438	$embed_code->{$code}->{$pkg} = $line;
439	push @{$embed_pkg->{$pkg}}, $code;
440	}
441	}
442	elsif ($line =~ /^\s+(?:NOTE\|TODO)/) {
443	$line =~ s/^\s+//;
444	if ($pkg) {
445	$embed_code->{$code}->{$pkg} .= $line;
446	}
447	}
448	else {
449	syntax_error("Cannot parse $line");
450	}
451	}
452	}
453
454	sub syntax_error {
455	$embed_errors=1;
456	print STDERR "embedded-code-copies:$.: @_\n";
457	}
458
459	sub search_embed {
460	my $text = shift;
461	my $found = 0;
462	$text = lc($text);
463	if (exists $embed_code->{$text}) {
464	print "$text is embedded by: ",
465	join(" ", sort keys %{$embed_code->{$text}}),
466	"\n";
467	$found = 1;
468	}
469	if (exists $embed_pkg->{$text}) {
470	print "$text embeds: ",
471	join(" ", sort @{$embed_pkg->{$text}}),
472	"\n";
473	$found = 1;
474	}
475	return $found;
476	}
477
478	sub search_wnpp {
479	my $s = shift;
480	$s = lc $s;
481	my $found = 0;
482	foreach my $e (keys %wnpp) {
483	next unless ($e =~ m/$s/);
484	print "$e: $wnpp{$e}\n";
485	$found = 1;
486	}
487	return $found;
488	}
489
490	sub read_removed_packages_file {
491	my $file = shift;
492
493	open(my $fh, "<", $file) or die "could not open $file";
494	my @packages;
495	my $line;
496	while (defined ($line = <$fh>)) {
497	chomp $line;
498	$line =~ s/^\s+//;
499	$line =~ s/\s+$//;
500	next if $line =~ /^$/;
501	next if $line =~ /^#/;
502	push @packages, $line;
503	}
504	return @packages;
505	}