/[secure-testing]/bin/tracker_service.py
ViewVC logotype

Contents of /bin/tracker_service.py

Parent Directory Parent Directory | Revision Log Revision Log

Revision 16645 - (hide annotations) (download) (as text)
Sat May 7 12:56:12 2011 UTC (2 years ago) by fw
File MIME type: text/script
File size: 56456 byte(s) 
security_db.DB: enable SQLite WAL mode

This means that we no longer have to copy the database file.
1 fw 2482 #!/usr/bin/python
2    
3     import sys
4     sys.path.insert(0,'../lib/python')
5     import bugs
6     import re
7     import security_db
8     from web_support import *
9    
10 fw 12985 if len(sys.argv) not in (3, 5):
11     print "usage: python tracker_service.py SOCKET-PATH DATABASE-PATH"
12     print " python tracker_service.py URL HOST PORT DATABASE-PATH"
13     sys.exit(1)
14     if len(sys.argv) == 3:
15     socket_name = sys.argv[1]
16     db_name = sys.argv[2]
17     webservice_base_class = WebService
18     else:
19     server_base_url = sys.argv[1]
20     server_address = sys.argv[2]
21     server_port = int(sys.argv[3])
22     socket_name = (server_base_url, server_address, server_port)
23     db_name = sys.argv[4]
24     webservice_base_class = WebServiceHTTP
25    
26 fw 2491 class BugFilter:
27 gilbert-guest 14058 default_action_list = [('show_high_urgency', 'only high urgencies'),
28     ('show_medium_urgency', 'only medium and high urgencies'),
29     ('show_undetermined_urgency', 'issues that may be vulnerable but need to be checked (shown in purple)'),
30     ('show_unimportant_urgency', 'unimportant issues'),
31     ('show_remote_only', 'only remote vulnerabilities')]
32 fw 3859 def __init__(self, params, action_list=None):
33     if action_list is None:
34     self.action_list = self.default_action_list
35     else:
36     self.action_list = action_list
37     self.params = {}
38 fw 3902 for (prop, desc) in self.action_list:
39 fw 3859 self.params[prop] = int(params.get(prop, (0,))[0])
40 fw 2491
41     def actions(self, url):
42     """Returns a HTML snippet which can be used to change the filter."""
43    
44 fw 3859 l = []
45     for (prop, desc) in self.action_list:
46     if self.params[prop]:
47 gilbert-guest 14057 if self.params['show_medium_urgency'] and prop == 'show_medium_urgency':
48     note = 'Restore lower than medium urgencies'
49     elif self.params['show_high_urgency'] and prop == 'show_high_urgency':
50     note = 'Restore lower than high urgencies'
51 gilbert-guest 14116 elif self.params['show_remote_only'] and prop == 'show_remote_only':
52 gilbert-guest 14303 note = 'Restore local vulnerabilities'
53 gilbert-guest 14057 else:
54     note = 'Hide ' + desc
55     l.append(TR(TD(A(url.updateParamsDict({prop : None}), note))))
56 fw 3859 else:
57 gilbert-guest 14057 note = 'Show ' + desc
58     l.append(TR(TD(A(url.updateParamsDict({prop : '1'}), note))))
59 fw 3859
60 gilbert-guest 14057 return TABLE(l)
61 fw 3859
62 gilbert-guest 14057 def urgencyFiltered(self, urg, vuln):
63     """Returns True for urgencies that should be filtered."""
64     filterlow = self.params['show_medium_urgency'] and \
65 gilbert-guest 14058 urg in ('low', 'low**', 'unimportant',
66     'undetermined', 'not yet assigned')
67 gilbert-guest 14057 filtermed = self.params['show_high_urgency'] and \
68 gilbert-guest 14058 urg in ('medium', 'medium**', 'low', 'low**',
69     'unimportant', 'undetermined', 'not yet assigned')
70     filterund = not self.params['show_undetermined_urgency'] and vuln == 2
71     filteruni = not self.params['show_unimportant_urgency'] \
72     and urg == 'unimportant'
73     return filterlow or filtermed or filterund or filteruni
74 fw 2491
75     def remoteFiltered(self, remote):
76 gilbert-guest 14057 """Returns True for only remote flaws if filtered."""
77 gilbert-guest 14303 return self.params['show_remote_only'] and not remote and not remote is None
78 fw 2491
79 fw 3859 class BugFilterNoDSA(BugFilter):
80     def __init__(self, params):
81     BugFilter.__init__(self, params, self.default_action_list
82 gilbert-guest 14058 + [('show_nodsa', 'issues that are not severe enough to warrant a DSA')])
83 fw 3859
84     def nodsaFiltered(self, nodsa):
85 gilbert-guest 14057 """Returns True for no DSA issues if filtered."""
86     return nodsa and not self.params['show_nodsa']
87 fw 3859
88 fw 12985 class TrackerService(webservice_base_class):
89 fw 2482 head_contents = compose(STYLE(
90     """h1 { font-size : 144%; }
91     h2 { font-size : 120%; }
92     h3 { font-size : 100%; }
93    
94     table { padding-left : 1.5em }
95     td, th { text-align : left;
96     padding-left : 0.25em;
97     padding-right : 0.25em; }
98     td { vertical-align: baseline }
99     span.red { color: red; }
100 gilbert-guest 13694 span.purple { color: purple; }
101 fw 2482 span.dangerous { color: rgb(191,127,0); }
102     """), SCRIPT('''var old_query_value = "";
103    
104     function selectSearch() {
105     document.searchForm.query.focus();
106     }
107    
108     function onSearch(query) {
109     if (old_query_value == "") {
110     if (query.length > 5) {
111     old_query_value = query;
112     document.searchForm.submit();
113     } else {
114     old_query_value = query;
115     }
116     }
117     }
118     ''')).toHTML()
119    
120 gilbert-guest 14058 nvd_text = P('''If a "**" is included, the urgency field was automatically
121     assigned by the NVD (National Vulnerability Database). Note that this
122     rating is automatically derived from a set of known factors about the
123     issue (such as access complexity, confidentiality impact, exploitability,
124     remediation level, and others). Human intervention is involved in
125     determining the values of these factors, but the rating itself comes
126     from a fully automated formula.''')
127    
128 fw 2482 def __init__(self, socket_name, db_name):
129 fw 12985 webservice_base_class.__init__(self, socket_name)
130 fw 2482 self.db = security_db.DB(db_name)
131     self.register('', self.page_home)
132     self.register('*', self.page_object)
133 fw 2485 self.register('redirect/*', self.page_redirect)
134 fw 2482 self.register('source-package/*', self.page_source_package)
135 thijs 11216 self.register('status/release/oldstable',
136     self.page_status_release_oldstable)
137 fw 2482 self.register('status/release/stable', self.page_status_release_stable)
138 fw 10607 self.register('status/release/stable-backports',
139     self.page_status_release_stable_backports)
140 fw 11223 self.register('status/release/oldstable-backports',
141     self.page_status_release_oldstable_backports)
142 fw 2482 self.register('status/release/testing',
143     self.page_status_release_testing)
144     self.register('status/release/unstable',
145     self.page_status_release_unstable)
146     self.register('status/dtsa-candidates',
147     self.page_status_dtsa_candidates)
148     self.register('status/todo', self.page_status_todo)
149 gilbert-guest 14059 self.register('status/undetermined', self.page_status_undetermined)
150     self.register('status/unimportant', self.page_status_unimportant)
151 fw 2482 self.register('status/itp', self.page_status_itp)
152     self.register('data/unknown-packages', self.page_data_unknown_packages)
153     self.register('data/missing-epochs', self.page_data_missing_epochs)
154 fw 3136 self.register('data/latently-vulnerable',
155     self.page_data_latently_vulnerable)
156 fw 2482 self.register('data/releases', self.page_data_releases)
157     self.register('data/funny-versions', self.page_data_funny_versions)
158 fw 2554 self.register('data/fake-names', self.page_data_fake_names)
159 fw 12999 self.register('data/pts/1', self.page_data_pts)
160 fw 3051 self.register('debsecan/**', self.page_debsecan)
161 fw 3594 self.register('data/report', self.page_report)
162 fw 2482
163     def page_home(self, path, params, url):
164     query = params.get('query', ('',))[0]
165     if query:
166     if '/' in query:
167     return self.page_not_found(url, query)
168     else:
169     return RedirectResult(url.scriptRelativeFull(query))
170    
171     return self.create_page(
172     url, 'Security Bug Tracker',
173     [P(
174 fw 3594 """The data in this tracker comes solely from the bug database maintained
175     by Debian's security team located in the testing-security Subversion """,
176 geissert 13517 A("http://svn.debian.org/wsvn/secure-testing/data/", "repository"),
177 fw 3594 """. The data represented here is derived from: """,
178     A("http://www.debian.org/security/#DSAS", "DSAs"),
179     """ issued by the Security Team; issues tracked in the """,
180 stef-guest 6467 A("http://cve.mitre.org/cve/", "CVE database"),
181 fw 3594 """, issues tracked in the """,
182     A("http://nvd.nist.gov/", "National Vulnerability Database"),
183     """ (NVD), maintained by NIST; and security issues
184     discovered in Debian packages as reported in the BTS."""),
185 stef-guest 4662 P("""All external data (including Debian bug reports and official Debian
186 fw 3594 security advisories) must be added to this database before it appears
187 fw 3595 here. Please help us keep this information up-to-date by """,
188 fw 3594 A(url.scriptRelative("data/report"), "reporting"),
189     """ any discrepancies or change of states that you are
190     aware of and/or help us improve the quality of this information by """,
191 seanius 4570 A(url.scriptRelative("data/report"), "participating"),
192 fw 3594 "."),
193     make_menu(
194 fw 2482 url.scriptRelative,
195 fw 3071 ('status/release/unstable',
196     'Vulnerable packages in the unstable suite'),
197     ('status/release/testing',
198     'Vulnerable packages in the testing suite'),
199 fw 2482 ('status/release/stable',
200     'Vulnerable packages in the stable suite'),
201 fw 11220 ('status/release/oldstable',
202     'Vulnerable packages in the old stable suite'),
203 fw 10607 ('status/release/stable-backports',
204     'Vulnerable packages in backports for stable'),
205 fw 11223 ('status/release/oldstable-backports',
206     'Vulnerable packages in backports for oldstable'),
207 fw 2482 ('status/dtsa-candidates', "Candidates for DTSAs"),
208     ('status/todo', 'TODO items'),
209 gilbert-guest 14059 ('status/undetermined', 'Packages that may be vulnerable but need to be checked (undetermined issues)'),
210     ('status/unimportant', 'Packages that have open unimportant issues'),
211 fw 2482 ('status/itp', 'ITPs with potential security issues'),
212     ('data/unknown-packages',
213     'Packages names not found in the archive'),
214 fw 2554 ('data/fake-names', 'Tracked issues without a CVE name'),
215 fw 2482 ('data/missing-epochs',
216     'Package versions which might lack an epoch'),
217 fw 3136 ('data/latently-vulnerable',
218     'Packages which are latently vulnerable in unstable'),
219 fw 2482 ('data/funny-versions',
220     'Packages with strange version numbers'),
221     ('data/releases',
222     'Covered Debian releases and architectures (slow)'),
223     self.make_search_button(url)),
224 fw 2495 P("""(You can enter CVE names, Debian bug numbers and package
225 fw 2488 names in the search forms.)"""),
226 fw 2482
227 fw 2488 H2("External interfaces"),
228     P("""If you want to automatically open a relevant web page for
229     some object, use the """,
230     CODE(str(url.scriptRelative("redirect/")), EM("object")),
231     """ URL. If no information is contained in this database,
232     the browser is automatically redirected to the corresponding external
233     data source.""")],
234 fw 2482 search_in_page=True)
235    
236     def page_object(self, path, params, url):
237     obj = path[0]
238 fw 2485 return self.page_object_or_redirect(url, obj, False)
239 fw 2482
240 fw 2485 def page_redirect(self, path, params, url):
241 fw 12993 if path == ():
242     obj = ''
243     else:
244     obj = path[0]
245 fw 2485 return self.page_object_or_redirect(url, obj, True)
246    
247     def page_object_or_redirect(self, url, obj, redirect):
248     c = self.db.cursor()
249    
250 fw 2482 if not obj:
251     # Redirect to start page.
252     return RedirectResult(url.scriptRelativeFull(""))
253    
254 fw 5103 # Attempt to decode a bug number. TEMP-nnn bugs (but not
255     # TEMP-nnn-mmm bugs) are treated as bug references, too.
256 fw 2482 bugnumber = 0
257 fw 3311 fake_bug = False
258 fw 2482 try:
259 fw 5103 if obj[0:5] == 'FAKE-' or obj[0:5] == 'TEMP-':
260 fw 3311 bugnumber = int(obj[5:])
261     fake_bug = True
262     else:
263     bugnumber = int(obj)
264 fw 2482 except ValueError:
265     pass
266     if bugnumber:
267 fw 2485 buglist = list(self.db.getBugsFromDebianBug(c, bugnumber))
268     if buglist:
269 fw 3311 return self.page_debian_bug(url, bugnumber, buglist, fake_bug)
270 fw 2485 if redirect:
271     return RedirectResult(self.url_debian_bug(url, str(bugnumber)),
272     permanent=False)
273 fw 2482
274 fw 3311 if 'A' <= obj[0] <= 'Z':
275     # Bug names start with a capital letter.
276     return self.page_bug(url, obj, redirect)
277    
278 fw 2482 if self.db.isSourcePackage(c, obj):
279     return RedirectResult(self.url_source_package(url, obj, full=True))
280    
281     return self.page_not_found(url, obj)
282    
283 fw 2485 def page_bug(self, url, name, redirect):
284 fw 2511 # FIXME: Normalize CAN-* to CVE-* when redirecting. Too many
285     # people still use CAN.
286     if redirect and name[0:4] == 'CAN-':
287     name = 'CVE-' + name[4:]
288    
289 fw 2482 cursor = self.db.cursor()
290     try:
291     bug = bugs.BugFromDB(cursor, name)
292     except ValueError:
293 fw 2485 if redirect:
294 fw 2495 if name[0:4] == 'CVE-':
295 fw 2485 return RedirectResult(self.url_cve(url, name),
296     permanent=False)
297 fw 2482 return self.page_not_found(url, name)
298 fw 2485 if bug.name <> name or redirect:
299 fw 2482 # Show the normalized bug name in the browser address bar.
300     return RedirectResult(url.scriptRelativeFull(bug.name))
301    
302     page = []
303    
304     def gen_header():
305     yield B("Name"), bug.name
306    
307     source = bug.name.split('-')[0]
308 fw 2495 if source == 'CVE':
309 fw 2488 source_xref = compose(self.make_cve_ref(url, bug.name, 'CVE'),
310 geissert 13767 " (at ",
311 fw 2488 self.make_nvd_ref(url, bug.name,
312 geissert 13767 'NVD'),
313     "; ",
314     self.make_rhbug_ref(url, bug.name,
315     'RH'),
316 fw 2488 ")")
317 fw 2482 elif source == 'DSA':
318     source_xref = self.make_dsa_ref(url, bug.name, 'Debian')
319     elif source == 'DTSA':
320     source_xref = 'Debian Testing Security Team'
321 fw 5103 elif source == 'TEMP':
322 fw 2482 source_xref = (
323     'Automatically generated temporary name. Not for external reference.')
324     else:
325     source_xref = None
326    
327     if source_xref:
328     yield B("Source"), source_xref
329    
330 gilbert-guest 16254 nvd = self.db.getNVD(cursor, bug.name)
331    
332     if nvd and nvd.cve_desc:
333     yield B("Description"), nvd.cve_desc
334     elif bug.description:
335 fw 2482 yield B("Description"), bug.description
336    
337     xref = list(self.db.getBugXrefs(cursor, bug.name))
338     if xref:
339     yield B("References"), self.make_xref_list(url, xref)
340 fw 2488
341     if nvd:
342 fw 3079 nvd_range = nvd.rangeString()
343 fw 2488 if nvd.severity:
344 fw 3079 nvd_severity = nvd.severity.lower()
345     if nvd_range:
346     nvd_severity = "%s (attack range: %s)" \
347     % (nvd_severity, nvd_range)
348     yield B("NVD severity"), nvd_severity
349 fw 2482
350     debian_bugs = bug.getDebianBugs(cursor)
351     if debian_bugs:
352     yield (B("Debian Bugs"),
353     self.make_debian_bug_list(url, debian_bugs))
354    
355     if not bug.not_for_us:
356     for (release, status, reason) in bug.getStatus(cursor):
357 gilbert-guest 13694 if status == 'undetermined':
358     reason = self.make_purple(reason)
359     elif status <> 'fixed':
360 fw 2482 reason = self.make_red(reason)
361 fw 3080 yield B('Debian/%s' % release), reason
362 fw 2482
363     page.append(make_table(gen_header()))
364    
365     if bug.notes:
366     page.append(H2("Vulnerable and fixed packages"))
367    
368     def gen_source():
369     old_pkg = ''
370     for (package, release, version, vulnerable) \
371     in self.db.getSourcePackages(cursor, bug.name):
372     if package == old_pkg:
373     package = ''
374     else:
375     old_pkg = package
376     package = compose(
377     self.make_source_package_ref(url, package),
378     " (", self.make_pts_ref(url, package, 'PTS'), ")")
379 gilbert-guest 13694 if vulnerable == 1:
380 fw 2482 vuln = self.make_red('vulnerable')
381     version = self.make_red(version)
382 gilbert-guest 13694 elif vulnerable == 2:
383     vuln = self.make_purple('undetermined')
384     version = self.make_purple(version)
385 fw 2482 else:
386     vuln = 'fixed'
387    
388     yield package, ', '.join(release), version, vuln
389    
390     page.append(make_table(gen_source(),
391     caption=("Source Package", "Release", "Version", "Status"),
392     introduction=P('The table below lists information on source packages.')))
393    
394     def gen_data():
395     notes_sorted = bug.notes[:]
396     notes_sorted.sort(lambda a, b: cmp(a.package, b.package))
397     for n in notes_sorted:
398     if n.release:
399     rel = str(n.release)
400     else:
401     rel = '(unstable)'
402     urgency = str(n.urgency)
403     if n.fixed_version:
404     ver = str(n.fixed_version)
405     if ver == '0':
406     ver = '(not affected)'
407     urgency = ''
408     else:
409     ver = self.make_red('(unfixed)')
410 gilbert-guest 14058 if urgency == 'not yet assigned':
411     urgency = ''
412 fw 2482
413     pkg = n.package
414     pkg_kind = n.package_kind
415     if pkg_kind == 'source':
416     pkg = self.make_source_package_ref(url, pkg)
417     elif pkg_kind == 'itp':
418     pkg_kind = 'ITP'
419     rel = ''
420     ver = ''
421     urgency = ''
422    
423     bugs = n.bugs
424     bugs.sort()
425     bugs = make_list(
426     map(lambda x: self.make_debian_bug(url, x), bugs))
427     if n.bug_origin:
428     origin = self.make_xref(url, n.bug_origin)
429     else:
430     origin = ''
431     yield (pkg, pkg_kind, rel, ver, urgency, origin, bugs)
432    
433     page.append(
434     make_table(gen_data(),
435     caption=("Package", "Type", "Release", "Fixed Version",
436     "Urgency", "Origin", "Debian Bugs"),
437     introduction=P("The information above is based on the following data on fixed versions.")))
438    
439     if bug.comments:
440     page.append(H2("Notes"))
441     def gen_comments():
442     for (t, c) in bug.comments:
443     yield c
444 geissert 13785 page.append(make_pre(gen_comments()))
445 fw 2482
446     return self.create_page(url, bug.name, page)
447    
448 fw 3311 def page_debian_bug(self, url, bugnumber, buglist, fake_bug):
449     if fake_bug:
450     new_buglist = []
451     for b in buglist:
452     (bug_name, urgency, description) = b
453 fw 5103 if bug_name[0:5] == 'FAKE-' or bug_name[0:5] == 'TEMP-':
454 fw 3311 new_buglist.append(b)
455     if len(new_buglist) > 0:
456     # Only replace the bug list if there are still fake
457     # bug reports.
458     buglist = new_buglist
459    
460 fw 2485 if len(buglist) == 1:
461     # Single issue, redirect.
462     return RedirectResult(url.scriptRelativeFull(buglist[0][0]))
463 fw 2482
464 fw 2485 def gen():
465     for (name, urgency, description) in buglist:
466     if urgency == "unknown":
467     urgency = ""
468     yield self.make_xref(url, name), urgency, description
469 fw 2482
470 fw 3311 if fake_bug:
471     intro = """The URL you used contained a non-stable name
472     based on a Debian bug number. This name cannot be mapped to a specific
473     issue. """
474     else:
475     intro = ""
476    
477 fw 2485 return self.create_page(
478     url, "Information related to Debian bug #%d" % bugnumber,
479 fw 3311 [P(intro + "The following issues reference to Debian bug ",
480 fw 2485 self.make_debian_bug(url, bugnumber), ":"),
481     make_table(gen(),
482     caption=("Name", "Urgency", "Description"))])
483 fw 2482
484     def page_not_found(self, url, query):
485     return self.create_page(url, 'Not found',
486     [P('Your query ',
487     CODE(query),
488     ' matched no results.')],
489     status=404)
490    
491 fw 3594 def page_report(self, path, params, url):
492     return self.create_page(
493     url, 'Reporting discrepancies in the data',
494     [P("""The data in this tracker is always in flux, as bugs are fixed and new
495     issues disclosed, the data contained herein is updated. We strive to
496     maintain complete and accurate state information, and appreciate any
497     updates in status, information or new issues."""),
498     P("There are three ways that you can report updates to this information:"),
499     make_numbered_list(
500     [P("""IRC: We can be found at """,
501     CODE("irc.oftc.net"),
502     ", ",
503     CODE("#debian-security"),
504     """. If you have information to report, please go ahead and join
505     the channel and tell us. Please feel free to state the issue,
506     regardless if there is someone who has acknowledged you. Many of us
507     idle on this channel and may not be around when you join, but we read
508     the backlog and will see what you have said. If you require a
509     response, do not forget to let us know how to get a hold of you."""),
510     P("Mailing list: Our mailing list is: ",
511 stef-guest 6277 A("mailto:debian-security-tracker@lists.debian.org",
512     "debian-security-tracker@lists.debian.org")),
513 fw 3594 P("""Helping out: We welcome people who wish to join us in tracking
514     issues. The process is designed to be easy to learn and participate,
515     please read our """,
516 fw 3595 A("http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0",
517 fw 3594 "Introduction"),
518     """ to get familiar with how things work. Join us on
519     our mailing list, and on IRC and request to be added to the Alioth """,
520     A("http://alioth.debian.org/projects/secure-testing/", "project"),
521     """. We are really quite friendly. If you have a
522     question about how things work, don't be afraid to ask, we would like
523     to improve our documentation and procedures, so feedback is welcome.""")])])
524    
525 fw 2482 def page_source_package(self, path, params, url):
526     pkg = path[0]
527    
528     def gen_versions():
529     for (releases, version) in self.db.getSourcePackageVersions(
530     self.db.cursor(), pkg):
531     yield ', '.join(releases), version
532     def gen_bug_list(lst):
533     for (bug, description) in lst:
534     yield self.make_xref(url, bug), description
535    
536     return self.create_page(
537 gilbert-guest 16214 url, 'Information on source package ' + pkg,
538 fw 2482 [make_menu(lambda x: x,
539     (self.url_pts(url, pkg),
540     pkg + ' in the Package Tracking System'),
541     (self.url_debian_bug_pkg(url, pkg),
542     pkg + ' in the Bug Tracking System'),
543     (self.url_testing_status(url, pkg),
544     pkg + ' in the testing migration checker')),
545 gilbert-guest 16214 H2('Available versions'),
546     make_table(gen_versions(), caption=('Release', 'Version')),
547 fw 2482
548 gilbert-guest 16214 H2('Open issues'),
549 fw 2482 make_table(gen_bug_list(self.db.getBugsForSourcePackage
550 gilbert-guest 16215 (self.db.cursor(), pkg, True, False)),
551 fw 2482 caption=('Bug', 'Description'),
552     replacement='No known open issues.'),
553    
554 gilbert-guest 16215 H2('Open unimportant issues'),
555     make_table(gen_bug_list(self.db.getBugsForSourcePackage
556     (self.db.cursor(), pkg, True, True)),
557     caption=('Bug', 'Description'),
558     replacement='No known unimportant issues.'),
559    
560 gilbert-guest 16214 H2('Resolved issues'),
561 fw 2482 make_table(gen_bug_list(self.db.getBugsForSourcePackage
562 gilbert-guest 16215 (self.db.cursor(), pkg, False, True)),
563 fw 2482 caption=('Bug', 'Description'),
564 gilbert-guest 16214 replacement='No known resolved issues.'),
565    
566 gilbert-guest 16215 H2('Security announcements'),
567 gilbert-guest 16214 make_table(gen_bug_list(self.db.getDSAsForSourcePackage
568     (self.db.cursor(), pkg)),
569     caption=('DSA', 'Description'),
570     replacement='No known security announcements.')
571     ])
572 fw 2482
573 fw 3069 def page_status_release_stable_oldstable(self, release, params, url):
574     assert release in ('stable', 'oldstable')
575    
576 fw 3859 bf = BugFilterNoDSA(params)
577 fw 2491
578 fw 2482 def gen():
579     old_pkg_name = ''
580 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable, remote, no_dsa) in \
581 fw 2482 self.db.cursor().execute(
582 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable, remote, no_dsa
583 fw 3069 FROM %s_status""" % release):
584 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
585 fw 2491 continue
586     if bf.remoteFiltered(remote):
587     continue
588 fw 3859 if bf.nodsaFiltered(no_dsa):
589     continue
590 gilbert-guest 14057
591 fw 2482 if pkg_name == old_pkg_name:
592     pkg_name = ''
593     else:
594     old_pkg_name = pkg_name
595     if archive <> 'main':
596     pkg_name = "%s (%s)" % (pkg_name, archive)
597    
598 fw 2488 if remote is None:
599 gilbert-guest 14303 remote = '???'
600 fw 2488 elif remote:
601     remote = 'yes'
602     else:
603     remote = 'no'
604    
605 gilbert-guest 14058 if urgency.startswith('high'):
606     urgency = self.make_red(urgency)
607     elif vulnerable == 2:
608 gilbert-guest 14057 urgency = self.make_purple(urgency)
609 fw 3859 else:
610     if no_dsa:
611     urgency = urgency + '*'
612 fw 2482
613 fw 2488 yield pkg_name, self.make_xref(url, bug_name), urgency, remote
614 fw 2482
615     return self.create_page(
616 fw 3069 url, 'Vulnerable source packages in the %s suite' % release,
617 gilbert-guest 14057 [bf.actions(url), BR(),
618 gilbert-guest 14058 make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")),
619     P('''If a "*" is included in the urgency field, no DSA is planned
620     for this vulnerability.'''),
621     self.nvd_text])
622 fw 3069
623     def page_status_release_stable(self, path, params, url):
624     return self.page_status_release_stable_oldstable('stable', params, url)
625 thijs 11216 def page_status_release_oldstable(self, path, params, url):
626     return self.page_status_release_stable_oldstable('oldstable',
627     params, url)
628 fw 2482
629     def page_status_release_testing(self, path, params, url):
630 fw 5100 bf = BugFilterNoDSA(params)
631 fw 2491
632 fw 2482 def gen():
633     old_pkg_name = ''
634 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable,
635 fw 5100 sid_vulnerable, ts_fixed, remote, no_dsa) \
636     in self.db.cursor().execute(
637 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable,
638     unstable_vulnerable, testing_security_fixed, remote, no_dsa
639 fw 2482 FROM testing_status"""):
640 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
641 fw 2491 continue
642     if bf.remoteFiltered(remote):
643     continue
644 fw 5100 if bf.nodsaFiltered(no_dsa):
645     continue
646 fw 2491
647 fw 2482 if pkg_name == old_pkg_name:
648     pkg_name = ''
649     else:
650     old_pkg_name = pkg_name
651     if archive <> 'main':
652     pkg_name = "%s (%s)" % (pkg_name, archive)
653    
654 fw 2488 if remote is None:
655 gilbert-guest 14303 remote = '???'
656 fw 2488 elif remote:
657     remote = 'yes'
658     else:
659     remote = 'no'
660    
661 fw 2482 if ts_fixed:
662     status = 'fixed in testing-security'
663     else:
664     if sid_vulnerable:
665     status = self.make_red('unstable is vulnerable')
666     else:
667     status = self.make_dangerous('fixed in unstable')
668    
669 gilbert-guest 14058 if urgency.startswith('high'):
670     urgency = self.make_red(urgency)
671     elif vulnerable == 2:
672     urgency = self.make_purple(urgency)
673    
674 fw 2482 yield (pkg_name, self.make_xref(url, bug_name),
675 fw 2488 urgency, remote, status)
676 fw 2482
677     return self.create_page(
678     url, 'Vulnerable source packages in the testing suite',
679     [make_menu(url.scriptRelative,
680     ("status/dtsa-candidates", "Candidates for DTSAs")),
681 gilbert-guest 14057 bf.actions(url), BR(),
682 gilbert-guest 14058 make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")),
683     self.nvd_text])
684 fw 2482
685 fw 10607 def page_status_release_unstable_like(self, path, params, url,
686     rel, title):
687 fw 2491 bf = BugFilter(params)
688    
689 fw 2482 def gen():
690     old_pkg_name = ''
691 gilbert-guest 14057 for (pkg_name, bug_name, section, urgency, vulnerable, remote) \
692 fw 2482 in self.db.cursor().execute(
693     """SELECT DISTINCT sp.name, st.bug_name,
694 gilbert-guest 14057 sp.archive, st.urgency, st.vulnerable,
695 fw 2491 (SELECT range_remote FROM nvd_data
696     WHERE cve_name = st.bug_name)
697 fw 2482 FROM source_package_status AS st, source_packages AS sp
698 gilbert-guest 14057 WHERE st.vulnerable AND sp.rowid = st.package
699     AND sp.release = ? AND sp.subrelease = ''
700 fw 10607 ORDER BY sp.name, st.bug_name""", (rel,)):
701 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
702 fw 2491 continue
703     if bf.remoteFiltered(remote):
704     continue
705    
706 fw 2482 if pkg_name == old_pkg_name:
707     pkg_name = ''
708     else:
709     old_pkg_name = pkg_name
710     if section <> 'main':
711     pkg_name = "%s (%s)" % (pkg_name, section)
712     else:
713     pkg_name = self.make_xref(url, pkg_name)
714    
715 fw 2491 if remote is None:
716 gilbert-guest 14303 remote = '???'
717 fw 2491 elif remote:
718     remote = 'yes'
719     else:
720     remote = 'no'
721    
722 gilbert-guest 14058 if urgency.startswith('high'):
723 fw 2482 urgency = self.make_red(urgency)
724 gilbert-guest 14057 elif vulnerable == 2:
725 gilbert-guest 13694 urgency = self.make_purple(urgency)
726 fw 2482
727 fw 2491 yield pkg_name, self.make_xref(url, bug_name), urgency, remote
728 gilbert-guest 14057
729 fw 2482 return self.create_page(
730 fw 10607 url, title,
731 fw 2482 [P("""Note that the list below is based on source packages.
732     This means that packages are not listed here once a new,
733     fixed source version has been uploaded to the archive, even
734     if there are still some vulnerably binary packages present
735     in the archive."""),
736 gilbert-guest 14057 bf.actions(url), BR(),
737 gilbert-guest 14058 make_table(gen(), caption=('Package', 'Bug', 'Urgency', 'Remote')),
738     self.nvd_text])
739 fw 2482
740 fw 10607 def page_status_release_unstable(self, path, params, url):
741     return self.page_status_release_unstable_like(
742     path, params, url,
743     title='Vulnerable source packages in the unstable suite',
744     rel='sid')
745    
746     def page_status_release_stable_backports(self, path, params, url):
747     return self.page_status_release_unstable_like(
748     path, params, url,
749     title='Vulnerable source packages among backports for stable',
750 thijs 16070 rel='squeeze-backports')
751 fw 10607
752 fw 11223 def page_status_release_oldstable_backports(self, path, params, url):
753     return self.page_status_release_unstable_like(
754     path, params, url,
755     title='Vulnerable source packages among backports for oldstable',
756 thijs 16070 rel='lenny-backports')
757 fw 11223
758 fw 2482 def page_status_dtsa_candidates(self, path, params, url):
759 fw 2491 bf = BugFilter(params)
760    
761 fw 2482 def gen():
762     old_pkg_name = ''
763 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable,
764     stable_later, remote) \
765 fw 2482 in self.db.cursor().execute(
766 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable,
767 fw 2482 (SELECT testing.version_id < stable.version_id
768     FROM source_packages AS testing, source_packages AS stable
769     WHERE testing.name = testing_status.package
770 thijs 16070 AND testing.release = 'wheezy'
771 fw 2482 AND testing.subrelease = ''
772     AND testing.archive = testing_status.section
773     AND stable.name = testing_status.package
774 thijs 16070 AND stable.release = 'squeeze'
775 fw 2482 AND stable.subrelease = 'security'
776 fw 2491 AND stable.archive = testing_status.section),
777     (SELECT range_remote FROM nvd_data
778     WHERE cve_name = bug)
779 fw 2482 FROM testing_status
780     WHERE (NOT unstable_vulnerable)
781     AND (NOT testing_security_fixed)"""):
782 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
783 fw 2491 continue
784     if bf.remoteFiltered(remote):
785     continue
786    
787 fw 2482 if pkg_name == old_pkg_name:
788     pkg_name = ''
789     migration = ''
790     else:
791     old_pkg_name = pkg_name
792     migration = A(self.url_testing_status(url, pkg_name),
793     "check")
794     if archive <> 'main':
795     pkg_name = "%s (%s)" % (pkg_name, archive)
796     else:
797     pkg_name = self.make_source_package_ref(url, pkg_name)
798    
799 fw 2491 if remote is None:
800 gilbert-guest 14303 remote = '???'
801 fw 2491 elif remote:
802     remote = 'yes'
803     else:
804     remote = 'no'
805    
806 fw 14298 if urgency.startswith('high'):
807 fw 2482 urgency = self.make_red(urgency)
808 gilbert-guest 14058 elif vulnerable == 2:
809     urgency = self.make_purple(urgency)
810 fw 2482
811     if stable_later:
812     notes = "(fixed in stable?)"
813     else:
814     notes = ''
815    
816     yield (pkg_name, migration, self.make_xref(url, bug_name),
817 fw 2491 urgency, remote, notes)
818 fw 2482
819     return self.create_page(
820     url, "Candidates for DTSAs",
821     [P("""The table below lists packages which are fixed
822     in unstable, but unfixed in testing. Use the testing migration
823 fw 2679 checker to find out why they have not entered testing yet."""),
824 fw 2482 make_menu(url.scriptRelative,
825     ("status/release/testing",
826     "List of vulnerable packages in testing")),
827 gilbert-guest 14057 bf.actions(url), BR(),
828 fw 2482 make_table(gen(),
829 fw 2491 caption=("Package", "Migration", "Bug", "Urgency",
830     "Remote"))])
831 fw 2482
832     def page_status_todo(self, path, params, url):
833 fw 4005 hide_check = params.get('hide_check', False)
834     if hide_check:
835     flags = A(url.updateParamsDict({'hide_check' : None}),
836     'Show "check" TODOs')
837     else:
838     flags = A(url.updateParamsDict({'hide_check' : '1'}),
839     'Hide "check" TODOs')
840    
841 fw 2482 def gen():
842 gilbert-guest 16134 for (bug, description, note) in self.db.getTODOs(hide_check=hide_check):
843     yield self.make_xref(url, bug), description, note
844 fw 2482 return self.create_page(
845 gilbert-guest 16134 url, 'Bugs with TODO items',
846     [P(flags), make_table(gen(), caption=('Bug', 'Description', 'Note'))])
847 fw 2482
848 gilbert-guest 14059 def page_status_undetermined(self, path, params, url):
849     def gen():
850     outrel = []
851     old_bug = ''
852     old_pkg = ''
853     old_dsc = ''
854     last_displayed = ''
855 thijs 16070 releases = ('sid', 'wheezy', 'squeeze', 'lenny')
856 gilbert-guest 14059 for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
857     """SELECT DISTINCT sp.name, st.bug_name, sp.release,
858     bugs.description
859     FROM source_package_status AS st, source_packages AS sp, bugs
860     WHERE st.vulnerable == 2 AND sp.rowid = st.package
861     AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
862     OR sp.release = ? )
863     AND sp.subrelease = '' AND st.bug_name == bugs.name
864     ORDER BY sp.name, st.bug_name""", releases):
865    
866     if old_bug == '':
867     old_bug = bug_name
868     old_pkg = pkg_name
869     old_dsc = desc
870     elif old_bug != bug_name:
871     if old_pkg == last_displayed:
872     to_display = ''
873     else:
874     to_display = old_pkg
875     yield to_display, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
876     last_displayed = old_pkg
877     old_bug = bug_name
878     old_pkg = pkg_name
879     old_dsc = desc
880     outrel = []
881     outrel.append( release )
882     yield old_pkg, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
883    
884     return self.create_page(url, 'Packages that may be vulnerable but need to be checked (undetermined issues)',
885     [P("""This page lists packages that may or may not be affected
886     by known issues. This means that some additional work needs to
887     be done to determined whether the package is actually
888     vulnerable or not. This list is a good area for new
889     contributors to make quick and meaningful contributions."""),
890     make_table(gen(), caption=('Package', 'Bug', 'Description', 'Releases'))])
891    
892     def page_status_unimportant(self, path, params, url):
893     def gen():
894     outrel = []
895     old_bug = ''
896     old_pkg = ''
897     old_dsc = ''
898     old_name = ''
899     last_displayed = ''
900 thijs 16070 releases = ('sid', 'wheezy', 'squeeze', 'lenny')
901 gilbert-guest 14059 for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
902     """SELECT DISTINCT sp.name, st.bug_name, sp.release,
903     bugs.description
904     FROM source_package_status AS st, source_packages AS sp, bugs
905     WHERE st.vulnerable > 0 AND sp.rowid = st.package
906     AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
907     OR sp.release = ? ) AND st.urgency == 'unimportant'
908     AND sp.subrelease = '' AND st.bug_name == bugs.name
909     ORDER BY sp.name, st.bug_name""", releases):
910    
911     if old_bug == '':
912     old_bug = bug_name
913     old_pkg = pkg_name
914     old_dsc = desc
915     elif old_bug != bug_name:
916     if old_pkg == last_displayed:
917     to_display = ''
918     else:
919     to_display = old_pkg
920     yield to_display, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
921     last_displayed = old_pkg
922     old_bug = bug_name
923     old_pkg = pkg_name
924     old_dsc = desc
925     outrel = []
926     outrel.append( release )
927     yield old_pkg, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
928    
929     return self.create_page(url, 'Packages that have open unimportant issues',
930     [P("""This page lists packages that are affected by issues
931     that are considered unimportant from a security perspective.
932     These issues are thought to be unexploitable or uneffective
933     in most situations (for example, browser denial-of-services)."""),
934     make_table(gen(), caption=('Package', 'Bug', 'Description', 'Releases'))])
935    
936 fw 2482 def page_status_itp(self, path, params, url):
937     def gen():
938     old_pkg = ''
939     for pkg, bugs, debian_bugs in self.db.getITPs(self.db.cursor()):
940     if pkg == old_pkg:
941     pkg = ''
942     else:
943     old_pkg = pkg
944     yield (pkg, self.make_xref_list(url, bugs),
945     self.make_debian_bug_list(url, debian_bugs))
946     return self.create_page(
947     url, "ITPs with potential security issues",
948     [make_table(gen(), caption=("Package", "Issue", "Debian Bugs"),
949     replacement="No ITP bugs are currently known.")])
950    
951     def page_data_unknown_packages(self, path, params, url):
952     def gen():
953     for name, bugs in self.db.getUnknownPackages(self.db.cursor()):
954     yield name, self.make_xref_list(url, bugs)
955     return self.create_page(
956     url, "Unknown packages",
957     [P("""Sometimes, a package referenced in a bug report
958     cannot be found in the database. This can be the result of a spelling
959 thijs 6389 error, or a historic entry refers to a
960     package which is no longer in the archive."""),
961 fw 2482 make_table(gen(), caption=("Package", "Bugs"),
962     replacement="No unknown packages are referenced in the database.")])
963    
964     def page_data_missing_epochs(self, path, params, url):
965     def gen():
966     old_bug = ''
967     old_pkg = ''
968     for bug, pkg, ver1, ver2 in self.db.cursor().execute(
969     """SELECT DISTINCT bug_name, n.package,
970     n.fixed_version, sp.version
971     FROM package_notes AS n, source_packages AS sp
972     WHERE n.package_kind = 'source'
973     AND n.fixed_version NOT LIKE '%:%'
974     AND n.fixed_version <> '0'
975     AND n.bug_origin = ''
976     AND sp.name = n.package
977     AND sp.version LIKE '%:%'
978     ORDER BY bug_name, package"""):
979     if bug == old_bug:
980     bug = ''
981     else:
982     old_bug = bug
983     old_pkg = ''
984     bug = self.make_xref(url, bug)
985     if pkg == old_pkg:
986     pkg = ''
987     else:
988     old_pkg = pkg
989     pkg = self.make_source_package_ref(url, pkg)
990     yield bug, pkg, ver1, ver2
991    
992     return self.create_page(
993     url, "Missing epochs in package versions",
994     [make_table(gen(),
995     caption=("Bug", "Package", "Version 1", "Version 2"),
996     replacement="No source package version with missing epochs.")])
997    
998 fw 3136 def page_data_latently_vulnerable(self, path, params, url):
999     def gen():
1000     for pkg, bugs in self.db.cursor().execute(
1001     """SELECT package, string_set(bug_name)
1002     FROM package_notes AS p1
1003     WHERE release <> ''
1004 fw 5103 AND (bug_name LIKE 'CVE-%' OR bug_name LIKE 'TEMP-%')
1005 fw 3136 AND NOT EXISTS (SELECT 1 FROM package_notes AS p2
1006     WHERE p2.bug_name = p1.bug_name
1007     AND p2.package = p1.package
1008     AND release = '')
1009     AND EXISTS (SELECT 1 FROM source_packages
1010     WHERE name = p1.package AND release = 'sid')
1011     GROUP BY package
1012     ORDER BY package"""):
1013     pkg = self.make_source_package_ref(url, pkg)
1014     bugs = bugs.split(',')
1015     yield pkg, self.make_xref_list(url, bugs)
1016    
1017 fw 3166 def gen_unimportant():
1018     for pkg, bugs in self.db.cursor().execute(
1019     """SELECT package, string_set(bug_name)
1020     FROM package_notes AS p1
1021     WHERE release <> ''
1022     AND urgency <> 'unimportant'
1023 fw 5103 AND (bug_name LIKE 'CVE-%' OR bug_name LIKE 'TEMP-%')
1024 fw 3166 AND EXISTS (SELECT 1 FROM package_notes AS p2
1025     WHERE p2.bug_name = p1.bug_name
1026     AND p2.package = p1.package
1027     AND release = '')
1028     AND NOT EXISTS (SELECT 1 FROM package_notes AS p2
1029     WHERE p2.bug_name = p1.bug_name
1030     AND p2.package = p1.package
1031     AND urgency <> 'unimportant'
1032     AND release = '')
1033     AND EXISTS (SELECT 1 FROM source_packages
1034     WHERE name = p1.package AND release = 'sid')
1035     GROUP BY package
1036     ORDER BY package"""):
1037     pkg = self.make_source_package_ref(url, pkg)
1038     bugs = bugs.split(',')
1039     yield pkg, self.make_xref_list(url, bugs)
1040    
1041 fw 3136 return self.create_page(
1042     url, "Latently vulnerable packages in unstable",
1043     [P(
1044     """A package is latently vulnerable in unstable if it is vulnerable in
1045     any release, and there is no package note for the same vulnerability
1046     and package in unstable (and the package is still available in
1047     unstable, of course)."""),
1048     make_table(gen(),
1049     caption=("Package", "Bugs"),
1050 fw 3166 replacement="No latently vulnerable packages were found."),
1051     P(
1052     """The next table lists issues which are marked unimportant for
1053     unstable, but for which release-specific annotations exist which are
1054     not unimportant."""),
1055     make_table(gen_unimportant(),
1056     caption=("Package", "Bugs"),
1057     replacement=
1058     "No packages with unimportant latent vulnerabilities were found."),
1059     ])
1060 fw 3136
1061 fw 2482 def page_data_releases(self, path, params, url):
1062     def gen():
1063     for (rel, subrel, archive, sources, archs) \
1064     in self.db.availableReleases():
1065     if sources:
1066     sources = 'yes'
1067     else:
1068     sources = 'no'
1069     yield rel, subrel, archive, sources, make_list(archs)
1070     return self.create_page(
1071     url, "Available releases",
1072     [P("""The security issue database is checked against
1073     the Debian releases listed in the table below."""),
1074     make_table(gen(),
1075     caption=("Release", "Subrelease", "Archive",
1076     "Sources", "Architectures"))])
1077    
1078     def page_data_funny_versions(self, path, params, url):
1079     def gen():
1080     for name, release, archive, version, source_version \
1081     in self.db.getFunnyPackageVersions():
1082     yield name, release, archive, source_version, version
1083    
1084     return self.create_page(
1085     url, "Version conflicts between source/binary packages",
1086     [P("""The table below lists source packages
1087     which have a binary package of the same name, but with a different
1088     version. This means that extra care is necessary to determine
1089     the version of a package which has been fixed. (Note that
1090     the bug tracker prefers source versions to binary versions
1091     in this case.)"""),
1092     make_table(gen(),
1093     caption=("Package",
1094     "Release",
1095     "Archive",
1096     "Source Version",
1097     "Binary Version")),
1098     P("""Technically speaking, these version numbering is fine,
1099     but it makes version-based bug tracking quite difficult for these packages."""),
1100     P("""There are many binary packages which are built from source
1101     packages with different version numbering schemes. However, as
1102     long as none of the binary packages carries the same name as the
1103     source package, most confusion is avoided or can be easily
1104     explained.""")])
1105    
1106 fw 2554 def page_data_fake_names(self, path, params, url):
1107     def gen():
1108     for (bug, description) in self.db.getFakeBugs():
1109     yield self.make_xref(url, bug), description
1110     return self.create_page(
1111     url, "Automatically generated issue names",
1112     [P("""Some issues have not been assigned CVE names, but are still
1113     tracked by this database. In this case, the system automatically assigns
1114     a unique name. These names are not stable and can change when the database
1115     is updated, so they should not be used in external references."""),
1116     P('''The automatically generated names come in two flavors:
1117 fw 5103 the first kind starts with the string "''', CODE("TEMP-000000-"),
1118 fw 2554 '''". This means that no Debian bug has been assigned to this
1119     issue (or a bug has been created and is not recorded in this database).
1120     In the second kind of names, there is a Debian bug for the issue, and the "''',
1121     CODE("000000"), '''"part of the name is replaced with the
1122     Debian bug number.'''),
1123     make_table(gen(),
1124     caption=("Bug", "Description"))])
1125    
1126 fw 12999 def page_data_pts(self, path, params, url):
1127     data = []
1128     for pkg, bugs in self.db.cursor().execute(
1129     """SELECT package, COUNT(DISTINCT bug) FROM
1130 geissert 14909 (SELECT package, bug, urgency FROM stable_status
1131     UNION ALL SELECT DISTINCT sp.name, st.bug_name, st.urgency
1132 fw 12999 FROM source_package_status AS st, source_packages AS sp
1133     WHERE st.vulnerable AND st.urgency <> 'unimportant'
1134     AND sp.rowid = st.package AND sp.release = 'sid'
1135 geissert 14909 AND sp.subrelease = '') x WHERE urgency <> 'unimportant'
1136 fw 12999 GROUP BY package ORDER BY package"""):
1137     data.append(pkg)
1138     data.append(':')
1139     data.append(str(bugs))
1140     data.append('\n')
1141     return BinaryResult(''.join(data))
1142    
1143 fw 3051 def page_debsecan(self, path, params, url):
1144     obj = '/'.join(path)
1145     data = self.db.getDebsecan(obj)
1146     if data:
1147     return BinaryResult(data)
1148     else:
1149     return self.create_page(
1150     url, "Object not found",
1151     [P("The requested debsecan object has not been found.")],
1152     status=404)
1153    
1154 fw 2482 def create_page(self, url, title, body, search_in_page=False, status=200):
1155     append = body.append
1156     append(HR())
1157     if not search_in_page:
1158     append(self.make_search_button(url))
1159     append(P(A(url.scriptRelative(""), "Home"),
1160     " - ", A(url.absolute("http://secure-testing.debian.net/"),
1161     "Testing Security Team"),
1162     " - ", A(url.absolute("http://www.debian.org/security/"),
1163     "Debian Security"),
1164     " - ", A(url.absolute
1165     ("http://www.enyo.de/fw/impressum.html"),
1166     "Imprint")))
1167     if search_in_page:
1168     on_load = "selectSearch()"
1169     else:
1170     on_load = None
1171     return HTMLResult(self.add_title(title, body,
1172     head_contents=self.head_contents,
1173     body_attribs={'onload': on_load}),
1174     doctype=self.html_dtd(),
1175     status=status)
1176    
1177     def make_search_button(self, url):
1178     return FORM("Search for package or bug name: ",
1179     INPUT(type='text', name='query',
1180     onkeyup="onSearch(this.value)",
1181     onmousemove="onSearch(this.value)"),
1182     INPUT(type='submit', value='Go'),
1183 fw 3597 ' ',
1184 fw 3596 A(url.scriptRelative("data/report"), "Reporting problems"),
1185 fw 2482 method='get',
1186     action=url.scriptRelative(''))
1187    
1188     def url_cve(self, url, name):
1189     return url.absolute("http://cve.mitre.org/cgi-bin/cvename.cgi",
1190     name=name)
1191 fw 2488 def url_nvd(self, url, name):
1192 thijs 9808 return url.absolute("http://web.nvd.nist.gov/view/vuln/detail",
1193     vulnId=name)
1194 geissert 13767 def url_rhbug(self, url, name):
1195     return url.absolute("https://bugzilla.redhat.com/show_bug.cgi",
1196     id=name)
1197 fw 2488
1198 fw 2482 def url_dsa(self, url, dsa, re_dsa=re.compile(r'^DSA-(\d+)(?:-\d+)?$')):
1199     match = re_dsa.match(dsa)
1200     if match:
1201     # We must determine the year because there is no generic URL.
1202     (number,) = match.groups()
1203     for (date,) in self.db.cursor().execute(
1204     "SELECT release_date FROM bugs WHERE name = ?", (dsa,)):
1205     (y, m, d) = date.split('-')
1206     return url.absolute("http://www.debian.org/security/%d/dsa-%d"
1207     % (int(y), int(number)))
1208     return None
1209    
1210     def url_debian_bug(self, url, debian):
1211     return url.absolute("http://bugs.debian.org/cgi-bin/bugreport.cgi",
1212     bug=str(debian))
1213     def url_debian_bug_pkg(self, url, debian):
1214     return url.absolute("http://bugs.debian.org/cgi-bin/pkgreport.cgi",
1215     pkg=debian)
1216     def url_pts(self, url, package):
1217     return url.absolute("http://packages.qa.debian.org/common/index.html",
1218     src=package)
1219     def url_testing_status(self, url, package):
1220 thijs 8112 return url.absolute("http://release.debian.org/migration/testing.pl",
1221 fw 2482 package=package)
1222     def url_source_package(self, url, package, full=False):
1223     if full:
1224     return url.scriptRelativeFull("source-package/" + package)
1225     else:
1226     return url.scriptRelative("source-package/" + package)
1227    
1228     def make_xref(self, url, name):
1229     return A(url.scriptRelative(name), name)
1230    
1231     def make_xref_list(self, url, lst, separator=', '):
1232     return make_list(map(lambda x: self.make_xref(url, x), lst), separator)
1233    
1234     def make_debian_bug(self, url, debian):
1235     return A(self.url_debian_bug(url, debian), str(debian))
1236     def make_debian_bug_list(self, url, lst):
1237     return make_list(map(lambda x: self.make_debian_bug(url, x), lst))
1238    
1239     def make_cve_ref(self, url, cve, name=None):
1240     if name is None:
1241     name = cve
1242     return A(self.url_cve(url, cve), name)
1243    
1244 fw 2488 def make_nvd_ref(self, url, cve, name=None):
1245     if name is None:
1246     name = cve
1247     return A(self.url_nvd(url, cve), name)
1248 geissert 13767
1249     def make_rhbug_ref(self, url, cve, name=None):
1250     if name is None:
1251     name = cve
1252     return A(self.url_rhbug(url, cve), name)
1253 fw 2488
1254 fw 2482 def make_dsa_ref(self, url, dsa, name=None):
1255     if name is None:
1256     name = dsa
1257     u = self.url_dsa(url, dsa)
1258     if u:
1259     return A(u, name)
1260     else:
1261     return name
1262    
1263     def make_pts_ref(self, url, pkg, name=None):
1264     if name is None:
1265     name = pkg
1266     return A(self.url_pts(url, pkg), name)
1267    
1268     def make_source_package_ref(self, url, pkg, title=None):
1269     if title is None:
1270     title = pkg
1271     return A(self.url_source_package(url, pkg), title)
1272    
1273     def make_red(self, contents):
1274     return SPAN(contents, _class="red")
1275 gilbert-guest 13694
1276     def make_purple(self, contents):
1277     return SPAN(contents, _class="purple")
1278 fw 2482
1279     def make_dangerous(self, contents):
1280     return SPAN(contents, _class="dangerous")
1281    
1282     def pre_dispatch(self):
1283 fw 16645 pass
1284 fw 2482
1285     TrackerService(socket_name, db_name).run()

Properties

Name Value
svn:mime-type text/script
  ViewVC Help
Powered by ViewVC 1.1.5