/[secure-testing]/bin/tracker_service.py
ViewVC logotype

Contents of /bin/tracker_service.py

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18451 - (hide annotations) (download) (as text)
Thu Feb 16 03:07:12 2012 UTC (15 months ago) by pabs
File MIME type: text/script
File size: 57302 byte(s) 
Add links to Ubuntu, Gentoo CVE trackers and to the openwall vendors page
1 fw 2482 #!/usr/bin/python
2    
3     import sys
4     sys.path.insert(0,'../lib/python')
5     import bugs
6     import re
7     import security_db
8     from web_support import *
9    
10 fw 12985 if len(sys.argv) not in (3, 5):
11     print "usage: python tracker_service.py SOCKET-PATH DATABASE-PATH"
12     print " python tracker_service.py URL HOST PORT DATABASE-PATH"
13     sys.exit(1)
14     if len(sys.argv) == 3:
15     socket_name = sys.argv[1]
16     db_name = sys.argv[2]
17     webservice_base_class = WebService
18     else:
19     server_base_url = sys.argv[1]
20     server_address = sys.argv[2]
21     server_port = int(sys.argv[3])
22     socket_name = (server_base_url, server_address, server_port)
23     db_name = sys.argv[4]
24     webservice_base_class = WebServiceHTTP
25    
26 fw 2491 class BugFilter:
27 gilbert-guest 14058 default_action_list = [('show_high_urgency', 'only high urgencies'),
28     ('show_medium_urgency', 'only medium and high urgencies'),
29     ('show_undetermined_urgency', 'issues that may be vulnerable but need to be checked (shown in purple)'),
30     ('show_unimportant_urgency', 'unimportant issues'),
31     ('show_remote_only', 'only remote vulnerabilities')]
32 fw 3859 def __init__(self, params, action_list=None):
33     if action_list is None:
34     self.action_list = self.default_action_list
35     else:
36     self.action_list = action_list
37     self.params = {}
38 fw 3902 for (prop, desc) in self.action_list:
39 fw 3859 self.params[prop] = int(params.get(prop, (0,))[0])
40 fw 2491
41     def actions(self, url):
42     """Returns a HTML snippet which can be used to change the filter."""
43    
44 fw 3859 l = []
45     for (prop, desc) in self.action_list:
46     if self.params[prop]:
47 gilbert-guest 14057 if self.params['show_medium_urgency'] and prop == 'show_medium_urgency':
48     note = 'Restore lower than medium urgencies'
49     elif self.params['show_high_urgency'] and prop == 'show_high_urgency':
50     note = 'Restore lower than high urgencies'
51 gilbert-guest 14116 elif self.params['show_remote_only'] and prop == 'show_remote_only':
52 gilbert-guest 14303 note = 'Restore local vulnerabilities'
53 gilbert-guest 14057 else:
54     note = 'Hide ' + desc
55     l.append(TR(TD(A(url.updateParamsDict({prop : None}), note))))
56 fw 3859 else:
57 gilbert-guest 14057 note = 'Show ' + desc
58     l.append(TR(TD(A(url.updateParamsDict({prop : '1'}), note))))
59 fw 3859
60 gilbert-guest 14057 return TABLE(l)
61 fw 3859
62 gilbert-guest 14057 def urgencyFiltered(self, urg, vuln):
63     """Returns True for urgencies that should be filtered."""
64     filterlow = self.params['show_medium_urgency'] and \
65 gilbert-guest 14058 urg in ('low', 'low**', 'unimportant',
66     'undetermined', 'not yet assigned')
67 gilbert-guest 14057 filtermed = self.params['show_high_urgency'] and \
68 gilbert-guest 14058 urg in ('medium', 'medium**', 'low', 'low**',
69     'unimportant', 'undetermined', 'not yet assigned')
70     filterund = not self.params['show_undetermined_urgency'] and vuln == 2
71     filteruni = not self.params['show_unimportant_urgency'] \
72     and urg == 'unimportant'
73     return filterlow or filtermed or filterund or filteruni
74 fw 2491
75     def remoteFiltered(self, remote):
76 gilbert-guest 14057 """Returns True for only remote flaws if filtered."""
77 gilbert-guest 14303 return self.params['show_remote_only'] and not remote and not remote is None
78 fw 2491
79 fw 3859 class BugFilterNoDSA(BugFilter):
80     def __init__(self, params):
81     BugFilter.__init__(self, params, self.default_action_list
82 gilbert-guest 14058 + [('show_nodsa', 'issues that are not severe enough to warrant a DSA')])
83 fw 3859
84     def nodsaFiltered(self, nodsa):
85 gilbert-guest 14057 """Returns True for no DSA issues if filtered."""
86     return nodsa and not self.params['show_nodsa']
87 fw 3859
88 fw 12985 class TrackerService(webservice_base_class):
89 fw 2482 head_contents = compose(STYLE(
90     """h1 { font-size : 144%; }
91     h2 { font-size : 120%; }
92     h3 { font-size : 100%; }
93    
94     table { padding-left : 1.5em }
95     td, th { text-align : left;
96     padding-left : 0.25em;
97     padding-right : 0.25em; }
98     td { vertical-align: baseline }
99     span.red { color: red; }
100 gilbert-guest 13694 span.purple { color: purple; }
101 fw 2482 span.dangerous { color: rgb(191,127,0); }
102     """), SCRIPT('''var old_query_value = "";
103    
104     function selectSearch() {
105     document.searchForm.query.focus();
106     }
107    
108     function onSearch(query) {
109     if (old_query_value == "") {
110     if (query.length > 5) {
111     old_query_value = query;
112     document.searchForm.submit();
113     } else {
114     old_query_value = query;
115     }
116     }
117     }
118     ''')).toHTML()
119    
120 gilbert-guest 14058 nvd_text = P('''If a "**" is included, the urgency field was automatically
121     assigned by the NVD (National Vulnerability Database). Note that this
122     rating is automatically derived from a set of known factors about the
123     issue (such as access complexity, confidentiality impact, exploitability,
124     remediation level, and others). Human intervention is involved in
125     determining the values of these factors, but the rating itself comes
126     from a fully automated formula.''')
127    
128 fw 2482 def __init__(self, socket_name, db_name):
129 fw 12985 webservice_base_class.__init__(self, socket_name)
130 fw 2482 self.db = security_db.DB(db_name)
131     self.register('', self.page_home)
132     self.register('*', self.page_object)
133 fw 2485 self.register('redirect/*', self.page_redirect)
134 fw 2482 self.register('source-package/*', self.page_source_package)
135 thijs 11216 self.register('status/release/oldstable',
136     self.page_status_release_oldstable)
137 fw 2482 self.register('status/release/stable', self.page_status_release_stable)
138 fw 10607 self.register('status/release/stable-backports',
139     self.page_status_release_stable_backports)
140 fw 11223 self.register('status/release/oldstable-backports',
141     self.page_status_release_oldstable_backports)
142 fw 2482 self.register('status/release/testing',
143     self.page_status_release_testing)
144     self.register('status/release/unstable',
145     self.page_status_release_unstable)
146     self.register('status/dtsa-candidates',
147     self.page_status_dtsa_candidates)
148     self.register('status/todo', self.page_status_todo)
149 gilbert-guest 14059 self.register('status/undetermined', self.page_status_undetermined)
150     self.register('status/unimportant', self.page_status_unimportant)
151 fw 2482 self.register('status/itp', self.page_status_itp)
152     self.register('data/unknown-packages', self.page_data_unknown_packages)
153     self.register('data/missing-epochs', self.page_data_missing_epochs)
154 fw 3136 self.register('data/latently-vulnerable',
155     self.page_data_latently_vulnerable)
156 fw 2482 self.register('data/releases', self.page_data_releases)
157     self.register('data/funny-versions', self.page_data_funny_versions)
158 fw 2554 self.register('data/fake-names', self.page_data_fake_names)
159 fw 12999 self.register('data/pts/1', self.page_data_pts)
160 fw 3051 self.register('debsecan/**', self.page_debsecan)
161 fw 3594 self.register('data/report', self.page_report)
162 fw 2482
163     def page_home(self, path, params, url):
164     query = params.get('query', ('',))[0]
165     if query:
166     if '/' in query:
167     return self.page_not_found(url, query)
168     else:
169     return RedirectResult(url.scriptRelativeFull(query))
170    
171     return self.create_page(
172     url, 'Security Bug Tracker',
173     [P(
174 fw 3594 """The data in this tracker comes solely from the bug database maintained
175     by Debian's security team located in the testing-security Subversion """,
176 geissert 13517 A("http://svn.debian.org/wsvn/secure-testing/data/", "repository"),
177 fw 3594 """. The data represented here is derived from: """,
178     A("http://www.debian.org/security/#DSAS", "DSAs"),
179     """ issued by the Security Team; issues tracked in the """,
180 stef-guest 6467 A("http://cve.mitre.org/cve/", "CVE database"),
181 fw 3594 """, issues tracked in the """,
182     A("http://nvd.nist.gov/", "National Vulnerability Database"),
183     """ (NVD), maintained by NIST; and security issues
184     discovered in Debian packages as reported in the BTS."""),
185 stef-guest 4662 P("""All external data (including Debian bug reports and official Debian
186 fw 3594 security advisories) must be added to this database before it appears
187 fw 3595 here. Please help us keep this information up-to-date by """,
188 fw 3594 A(url.scriptRelative("data/report"), "reporting"),
189     """ any discrepancies or change of states that you are
190     aware of and/or help us improve the quality of this information by """,
191 seanius 4570 A(url.scriptRelative("data/report"), "participating"),
192 fw 3594 "."),
193     make_menu(
194 fw 2482 url.scriptRelative,
195 fw 3071 ('status/release/unstable',
196     'Vulnerable packages in the unstable suite'),
197     ('status/release/testing',
198     'Vulnerable packages in the testing suite'),
199 fw 2482 ('status/release/stable',
200     'Vulnerable packages in the stable suite'),
201 fw 11220 ('status/release/oldstable',
202     'Vulnerable packages in the old stable suite'),
203 fw 10607 ('status/release/stable-backports',
204     'Vulnerable packages in backports for stable'),
205 fw 11223 ('status/release/oldstable-backports',
206     'Vulnerable packages in backports for oldstable'),
207 fw 2482 ('status/dtsa-candidates', "Candidates for DTSAs"),
208     ('status/todo', 'TODO items'),
209 gilbert-guest 14059 ('status/undetermined', 'Packages that may be vulnerable but need to be checked (undetermined issues)'),
210     ('status/unimportant', 'Packages that have open unimportant issues'),
211 fw 2482 ('status/itp', 'ITPs with potential security issues'),
212     ('data/unknown-packages',
213     'Packages names not found in the archive'),
214 fw 2554 ('data/fake-names', 'Tracked issues without a CVE name'),
215 fw 2482 ('data/missing-epochs',
216     'Package versions which might lack an epoch'),
217 fw 3136 ('data/latently-vulnerable',
218     'Packages which are latently vulnerable in unstable'),
219 fw 2482 ('data/funny-versions',
220     'Packages with strange version numbers'),
221     ('data/releases',
222     'Covered Debian releases and architectures (slow)'),
223     self.make_search_button(url)),
224 fw 2495 P("""(You can enter CVE names, Debian bug numbers and package
225 fw 2488 names in the search forms.)"""),
226 fw 2482
227 fw 2488 H2("External interfaces"),
228     P("""If you want to automatically open a relevant web page for
229     some object, use the """,
230     CODE(str(url.scriptRelative("redirect/")), EM("object")),
231     """ URL. If no information is contained in this database,
232     the browser is automatically redirected to the corresponding external
233     data source.""")],
234 fw 2482 search_in_page=True)
235    
236     def page_object(self, path, params, url):
237     obj = path[0]
238 fw 2485 return self.page_object_or_redirect(url, obj, False)
239 fw 2482
240 fw 2485 def page_redirect(self, path, params, url):
241 fw 12993 if path == ():
242     obj = ''
243     else:
244     obj = path[0]
245 fw 2485 return self.page_object_or_redirect(url, obj, True)
246    
247     def page_object_or_redirect(self, url, obj, redirect):
248     c = self.db.cursor()
249    
250 fw 2482 if not obj:
251     # Redirect to start page.
252     return RedirectResult(url.scriptRelativeFull(""))
253    
254 fw 5103 # Attempt to decode a bug number. TEMP-nnn bugs (but not
255     # TEMP-nnn-mmm bugs) are treated as bug references, too.
256 fw 2482 bugnumber = 0
257 fw 3311 fake_bug = False
258 fw 2482 try:
259 fw 5103 if obj[0:5] == 'FAKE-' or obj[0:5] == 'TEMP-':
260 fw 3311 bugnumber = int(obj[5:])
261     fake_bug = True
262     else:
263     bugnumber = int(obj)
264 fw 2482 except ValueError:
265     pass
266     if bugnumber:
267 fw 2485 buglist = list(self.db.getBugsFromDebianBug(c, bugnumber))
268     if buglist:
269 fw 3311 return self.page_debian_bug(url, bugnumber, buglist, fake_bug)
270 fw 2485 if redirect:
271     return RedirectResult(self.url_debian_bug(url, str(bugnumber)),
272     permanent=False)
273 fw 2482
274 fw 3311 if 'A' <= obj[0] <= 'Z':
275     # Bug names start with a capital letter.
276     return self.page_bug(url, obj, redirect)
277    
278 fw 2482 if self.db.isSourcePackage(c, obj):
279     return RedirectResult(self.url_source_package(url, obj, full=True))
280    
281     return self.page_not_found(url, obj)
282    
283 fw 2485 def page_bug(self, url, name, redirect):
284 fw 2511 # FIXME: Normalize CAN-* to CVE-* when redirecting. Too many
285     # people still use CAN.
286     if redirect and name[0:4] == 'CAN-':
287     name = 'CVE-' + name[4:]
288    
289 fw 2482 cursor = self.db.cursor()
290     try:
291     bug = bugs.BugFromDB(cursor, name)
292     except ValueError:
293 fw 2485 if redirect:
294 fw 2495 if name[0:4] == 'CVE-':
295 fw 2485 return RedirectResult(self.url_cve(url, name),
296     permanent=False)
297 fw 2482 return self.page_not_found(url, name)
298 fw 2485 if bug.name <> name or redirect:
299 fw 2482 # Show the normalized bug name in the browser address bar.
300     return RedirectResult(url.scriptRelativeFull(bug.name))
301    
302     page = []
303    
304     def gen_header():
305     yield B("Name"), bug.name
306    
307     source = bug.name.split('-')[0]
308 fw 2495 if source == 'CVE':
309 fw 2488 source_xref = compose(self.make_cve_ref(url, bug.name, 'CVE'),
310 geissert 13767 " (at ",
311 fw 2488 self.make_nvd_ref(url, bug.name,
312 geissert 13767 'NVD'),
313     "; ",
314     self.make_rhbug_ref(url, bug.name,
315     'RH'),
316 pabs 18451 self.make_ubuntu_bug_ref(url, bug.name, 'Ubuntu'),
317     self.make_gentoo_bug_ref(url, bug.name, 'Gentoo'),
318     A(url.absolute('http://oss-security.openwall.org/wiki/vendors'), 'more')
319 fw 2488 ")")
320 fw 2482 elif source == 'DSA':
321     source_xref = self.make_dsa_ref(url, bug.name, 'Debian')
322     elif source == 'DTSA':
323     source_xref = 'Debian Testing Security Team'
324 fw 5103 elif source == 'TEMP':
325 fw 2482 source_xref = (
326     'Automatically generated temporary name. Not for external reference.')
327     else:
328     source_xref = None
329    
330     if source_xref:
331     yield B("Source"), source_xref
332    
333 gilbert-guest 16254 nvd = self.db.getNVD(cursor, bug.name)
334    
335     if nvd and nvd.cve_desc:
336     yield B("Description"), nvd.cve_desc
337     elif bug.description:
338 fw 2482 yield B("Description"), bug.description
339    
340     xref = list(self.db.getBugXrefs(cursor, bug.name))
341     if xref:
342     yield B("References"), self.make_xref_list(url, xref)
343 fw 2488
344     if nvd:
345 fw 3079 nvd_range = nvd.rangeString()
346 fw 2488 if nvd.severity:
347 fw 3079 nvd_severity = nvd.severity.lower()
348     if nvd_range:
349     nvd_severity = "%s (attack range: %s)" \
350     % (nvd_severity, nvd_range)
351     yield B("NVD severity"), nvd_severity
352 fw 2482
353     debian_bugs = bug.getDebianBugs(cursor)
354     if debian_bugs:
355     yield (B("Debian Bugs"),
356     self.make_debian_bug_list(url, debian_bugs))
357    
358     if not bug.not_for_us:
359     for (release, status, reason) in bug.getStatus(cursor):
360 gilbert-guest 13694 if status == 'undetermined':
361     reason = self.make_purple(reason)
362     elif status <> 'fixed':
363 fw 2482 reason = self.make_red(reason)
364 fw 3080 yield B('Debian/%s' % release), reason
365 fw 2482
366     page.append(make_table(gen_header()))
367    
368     if bug.notes:
369     page.append(H2("Vulnerable and fixed packages"))
370    
371     def gen_source():
372     old_pkg = ''
373     for (package, release, version, vulnerable) \
374     in self.db.getSourcePackages(cursor, bug.name):
375     if package == old_pkg:
376     package = ''
377     else:
378     old_pkg = package
379     package = compose(
380     self.make_source_package_ref(url, package),
381     " (", self.make_pts_ref(url, package, 'PTS'), ")")
382 gilbert-guest 13694 if vulnerable == 1:
383 fw 2482 vuln = self.make_red('vulnerable')
384     version = self.make_red(version)
385 gilbert-guest 13694 elif vulnerable == 2:
386     vuln = self.make_purple('undetermined')
387     version = self.make_purple(version)
388 fw 2482 else:
389     vuln = 'fixed'
390    
391     yield package, ', '.join(release), version, vuln
392    
393     page.append(make_table(gen_source(),
394     caption=("Source Package", "Release", "Version", "Status"),
395     introduction=P('The table below lists information on source packages.')))
396    
397     def gen_data():
398     notes_sorted = bug.notes[:]
399     notes_sorted.sort(lambda a, b: cmp(a.package, b.package))
400     for n in notes_sorted:
401     if n.release:
402     rel = str(n.release)
403     else:
404     rel = '(unstable)'
405     urgency = str(n.urgency)
406     if n.fixed_version:
407     ver = str(n.fixed_version)
408     if ver == '0':
409     ver = '(not affected)'
410     urgency = ''
411     else:
412     ver = self.make_red('(unfixed)')
413 gilbert-guest 14058 if urgency == 'not yet assigned':
414     urgency = ''
415 fw 2482
416     pkg = n.package
417     pkg_kind = n.package_kind
418     if pkg_kind == 'source':
419     pkg = self.make_source_package_ref(url, pkg)
420     elif pkg_kind == 'itp':
421     pkg_kind = 'ITP'
422     rel = ''
423     ver = ''
424     urgency = ''
425    
426     bugs = n.bugs
427     bugs.sort()
428     bugs = make_list(
429     map(lambda x: self.make_debian_bug(url, x), bugs))
430     if n.bug_origin:
431     origin = self.make_xref(url, n.bug_origin)
432     else:
433     origin = ''
434     yield (pkg, pkg_kind, rel, ver, urgency, origin, bugs)
435    
436     page.append(
437     make_table(gen_data(),
438     caption=("Package", "Type", "Release", "Fixed Version",
439     "Urgency", "Origin", "Debian Bugs"),
440     introduction=P("The information above is based on the following data on fixed versions.")))
441    
442     if bug.comments:
443     page.append(H2("Notes"))
444     def gen_comments():
445     for (t, c) in bug.comments:
446     yield c
447 geissert 13785 page.append(make_pre(gen_comments()))
448 fw 2482
449     return self.create_page(url, bug.name, page)
450    
451 fw 3311 def page_debian_bug(self, url, bugnumber, buglist, fake_bug):
452     if fake_bug:
453     new_buglist = []
454     for b in buglist:
455     (bug_name, urgency, description) = b
456 fw 5103 if bug_name[0:5] == 'FAKE-' or bug_name[0:5] == 'TEMP-':
457 fw 3311 new_buglist.append(b)
458     if len(new_buglist) > 0:
459     # Only replace the bug list if there are still fake
460     # bug reports.
461     buglist = new_buglist
462    
463 fw 2485 if len(buglist) == 1:
464     # Single issue, redirect.
465     return RedirectResult(url.scriptRelativeFull(buglist[0][0]))
466 fw 2482
467 fw 2485 def gen():
468     for (name, urgency, description) in buglist:
469     if urgency == "unknown":
470     urgency = ""
471     yield self.make_xref(url, name), urgency, description
472 fw 2482
473 fw 3311 if fake_bug:
474     intro = """The URL you used contained a non-stable name
475     based on a Debian bug number. This name cannot be mapped to a specific
476     issue. """
477     else:
478     intro = ""
479    
480 fw 2485 return self.create_page(
481     url, "Information related to Debian bug #%d" % bugnumber,
482 fw 3311 [P(intro + "The following issues reference to Debian bug ",
483 fw 2485 self.make_debian_bug(url, bugnumber), ":"),
484     make_table(gen(),
485     caption=("Name", "Urgency", "Description"))])
486 fw 2482
487     def page_not_found(self, url, query):
488     return self.create_page(url, 'Not found',
489     [P('Your query ',
490     CODE(query),
491     ' matched no results.')],
492     status=404)
493    
494 fw 3594 def page_report(self, path, params, url):
495     return self.create_page(
496     url, 'Reporting discrepancies in the data',
497     [P("""The data in this tracker is always in flux, as bugs are fixed and new
498     issues disclosed, the data contained herein is updated. We strive to
499     maintain complete and accurate state information, and appreciate any
500     updates in status, information or new issues."""),
501     P("There are three ways that you can report updates to this information:"),
502     make_numbered_list(
503     [P("""IRC: We can be found at """,
504     CODE("irc.oftc.net"),
505     ", ",
506     CODE("#debian-security"),
507     """. If you have information to report, please go ahead and join
508     the channel and tell us. Please feel free to state the issue,
509     regardless if there is someone who has acknowledged you. Many of us
510     idle on this channel and may not be around when you join, but we read
511     the backlog and will see what you have said. If you require a
512     response, do not forget to let us know how to get a hold of you."""),
513     P("Mailing list: Our mailing list is: ",
514 stef-guest 6277 A("mailto:debian-security-tracker@lists.debian.org",
515     "debian-security-tracker@lists.debian.org")),
516 fw 3594 P("""Helping out: We welcome people who wish to join us in tracking
517     issues. The process is designed to be easy to learn and participate,
518     please read our """,
519 jrdioko-guest 16971 A("http://svn.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co",
520 fw 3594 "Introduction"),
521     """ to get familiar with how things work. Join us on
522     our mailing list, and on IRC and request to be added to the Alioth """,
523     A("http://alioth.debian.org/projects/secure-testing/", "project"),
524     """. We are really quite friendly. If you have a
525     question about how things work, don't be afraid to ask, we would like
526     to improve our documentation and procedures, so feedback is welcome.""")])])
527    
528 fw 2482 def page_source_package(self, path, params, url):
529     pkg = path[0]
530    
531     def gen_versions():
532     for (releases, version) in self.db.getSourcePackageVersions(
533     self.db.cursor(), pkg):
534     yield ', '.join(releases), version
535     def gen_bug_list(lst):
536     for (bug, description) in lst:
537     yield self.make_xref(url, bug), description
538    
539     return self.create_page(
540 gilbert-guest 16214 url, 'Information on source package ' + pkg,
541 fw 2482 [make_menu(lambda x: x,
542     (self.url_pts(url, pkg),
543     pkg + ' in the Package Tracking System'),
544     (self.url_debian_bug_pkg(url, pkg),
545     pkg + ' in the Bug Tracking System'),
546     (self.url_testing_status(url, pkg),
547     pkg + ' in the testing migration checker')),
548 gilbert-guest 16214 H2('Available versions'),
549     make_table(gen_versions(), caption=('Release', 'Version')),
550 fw 2482
551 gilbert-guest 16214 H2('Open issues'),
552 fw 2482 make_table(gen_bug_list(self.db.getBugsForSourcePackage
553 gilbert-guest 16215 (self.db.cursor(), pkg, True, False)),
554 fw 2482 caption=('Bug', 'Description'),
555     replacement='No known open issues.'),
556    
557 gilbert-guest 16215 H2('Open unimportant issues'),
558     make_table(gen_bug_list(self.db.getBugsForSourcePackage
559     (self.db.cursor(), pkg, True, True)),
560     caption=('Bug', 'Description'),
561     replacement='No known unimportant issues.'),
562    
563 gilbert-guest 16214 H2('Resolved issues'),
564 fw 2482 make_table(gen_bug_list(self.db.getBugsForSourcePackage
565 gilbert-guest 16215 (self.db.cursor(), pkg, False, True)),
566 fw 2482 caption=('Bug', 'Description'),
567 gilbert-guest 16214 replacement='No known resolved issues.'),
568    
569 gilbert-guest 16215 H2('Security announcements'),
570 gilbert-guest 16214 make_table(gen_bug_list(self.db.getDSAsForSourcePackage
571     (self.db.cursor(), pkg)),
572     caption=('DSA', 'Description'),
573     replacement='No known security announcements.')
574     ])
575 fw 2482
576 fw 3069 def page_status_release_stable_oldstable(self, release, params, url):
577     assert release in ('stable', 'oldstable')
578    
579 fw 3859 bf = BugFilterNoDSA(params)
580 fw 2491
581 fw 2482 def gen():
582     old_pkg_name = ''
583 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable, remote, no_dsa) in \
584 fw 2482 self.db.cursor().execute(
585 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable, remote, no_dsa
586 fw 3069 FROM %s_status""" % release):
587 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
588 fw 2491 continue
589     if bf.remoteFiltered(remote):
590     continue
591 fw 3859 if bf.nodsaFiltered(no_dsa):
592     continue
593 gilbert-guest 14057
594 fw 2482 if pkg_name == old_pkg_name:
595     pkg_name = ''
596     else:
597     old_pkg_name = pkg_name
598     if archive <> 'main':
599     pkg_name = "%s (%s)" % (pkg_name, archive)
600    
601 fw 2488 if remote is None:
602 gilbert-guest 14303 remote = '???'
603 fw 2488 elif remote:
604     remote = 'yes'
605     else:
606     remote = 'no'
607    
608 gilbert-guest 14058 if urgency.startswith('high'):
609     urgency = self.make_red(urgency)
610     elif vulnerable == 2:
611 gilbert-guest 14057 urgency = self.make_purple(urgency)
612 fw 3859 else:
613     if no_dsa:
614     urgency = urgency + '*'
615 fw 2482
616 fw 2488 yield pkg_name, self.make_xref(url, bug_name), urgency, remote
617 fw 2482
618     return self.create_page(
619 fw 3069 url, 'Vulnerable source packages in the %s suite' % release,
620 gilbert-guest 14057 [bf.actions(url), BR(),
621 gilbert-guest 14058 make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")),
622     P('''If a "*" is included in the urgency field, no DSA is planned
623     for this vulnerability.'''),
624     self.nvd_text])
625 fw 3069
626     def page_status_release_stable(self, path, params, url):
627     return self.page_status_release_stable_oldstable('stable', params, url)
628 thijs 11216 def page_status_release_oldstable(self, path, params, url):
629     return self.page_status_release_stable_oldstable('oldstable',
630     params, url)
631 fw 2482
632     def page_status_release_testing(self, path, params, url):
633 fw 5100 bf = BugFilterNoDSA(params)
634 fw 2491
635 fw 2482 def gen():
636     old_pkg_name = ''
637 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable,
638 fw 5100 sid_vulnerable, ts_fixed, remote, no_dsa) \
639     in self.db.cursor().execute(
640 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable,
641     unstable_vulnerable, testing_security_fixed, remote, no_dsa
642 fw 2482 FROM testing_status"""):
643 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
644 fw 2491 continue
645     if bf.remoteFiltered(remote):
646     continue
647 fw 5100 if bf.nodsaFiltered(no_dsa):
648     continue
649 fw 2491
650 fw 2482 if pkg_name == old_pkg_name:
651     pkg_name = ''
652     else:
653     old_pkg_name = pkg_name
654     if archive <> 'main':
655     pkg_name = "%s (%s)" % (pkg_name, archive)
656    
657 fw 2488 if remote is None:
658 gilbert-guest 14303 remote = '???'
659 fw 2488 elif remote:
660     remote = 'yes'
661     else:
662     remote = 'no'
663    
664 fw 2482 if ts_fixed:
665     status = 'fixed in testing-security'
666     else:
667     if sid_vulnerable:
668     status = self.make_red('unstable is vulnerable')
669     else:
670     status = self.make_dangerous('fixed in unstable')
671    
672 gilbert-guest 14058 if urgency.startswith('high'):
673     urgency = self.make_red(urgency)
674     elif vulnerable == 2:
675     urgency = self.make_purple(urgency)
676    
677 fw 2482 yield (pkg_name, self.make_xref(url, bug_name),
678 fw 2488 urgency, remote, status)
679 fw 2482
680     return self.create_page(
681     url, 'Vulnerable source packages in the testing suite',
682     [make_menu(url.scriptRelative,
683     ("status/dtsa-candidates", "Candidates for DTSAs")),
684 gilbert-guest 14057 bf.actions(url), BR(),
685 gilbert-guest 14058 make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")),
686     self.nvd_text])
687 fw 2482
688 fw 10607 def page_status_release_unstable_like(self, path, params, url,
689     rel, title):
690 fw 2491 bf = BugFilter(params)
691    
692 fw 2482 def gen():
693     old_pkg_name = ''
694 gilbert-guest 14057 for (pkg_name, bug_name, section, urgency, vulnerable, remote) \
695 fw 2482 in self.db.cursor().execute(
696     """SELECT DISTINCT sp.name, st.bug_name,
697 gilbert-guest 14057 sp.archive, st.urgency, st.vulnerable,
698 fw 2491 (SELECT range_remote FROM nvd_data
699     WHERE cve_name = st.bug_name)
700 fw 2482 FROM source_package_status AS st, source_packages AS sp
701 gilbert-guest 14057 WHERE st.vulnerable AND sp.rowid = st.package
702     AND sp.release = ? AND sp.subrelease = ''
703 fw 10607 ORDER BY sp.name, st.bug_name""", (rel,)):
704 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
705 fw 2491 continue
706     if bf.remoteFiltered(remote):
707     continue
708    
709 fw 2482 if pkg_name == old_pkg_name:
710     pkg_name = ''
711     else:
712     old_pkg_name = pkg_name
713     if section <> 'main':
714     pkg_name = "%s (%s)" % (pkg_name, section)
715     else:
716     pkg_name = self.make_xref(url, pkg_name)
717    
718 fw 2491 if remote is None:
719 gilbert-guest 14303 remote = '???'
720 fw 2491 elif remote:
721     remote = 'yes'
722     else:
723     remote = 'no'
724    
725 gilbert-guest 14058 if urgency.startswith('high'):
726 fw 2482 urgency = self.make_red(urgency)
727 gilbert-guest 14057 elif vulnerable == 2:
728 gilbert-guest 13694 urgency = self.make_purple(urgency)
729 fw 2482
730 fw 2491 yield pkg_name, self.make_xref(url, bug_name), urgency, remote
731 gilbert-guest 14057
732 fw 2482 return self.create_page(
733 fw 10607 url, title,
734 fw 2482 [P("""Note that the list below is based on source packages.
735     This means that packages are not listed here once a new,
736     fixed source version has been uploaded to the archive, even
737     if there are still some vulnerably binary packages present
738     in the archive."""),
739 gilbert-guest 14057 bf.actions(url), BR(),
740 gilbert-guest 14058 make_table(gen(), caption=('Package', 'Bug', 'Urgency', 'Remote')),
741     self.nvd_text])
742 fw 2482
743 fw 10607 def page_status_release_unstable(self, path, params, url):
744     return self.page_status_release_unstable_like(
745     path, params, url,
746     title='Vulnerable source packages in the unstable suite',
747     rel='sid')
748    
749     def page_status_release_stable_backports(self, path, params, url):
750     return self.page_status_release_unstable_like(
751     path, params, url,
752     title='Vulnerable source packages among backports for stable',
753 thijs 16070 rel='squeeze-backports')
754 fw 10607
755 fw 11223 def page_status_release_oldstable_backports(self, path, params, url):
756     return self.page_status_release_unstable_like(
757     path, params, url,
758     title='Vulnerable source packages among backports for oldstable',
759 thijs 16070 rel='lenny-backports')
760 fw 11223
761 fw 2482 def page_status_dtsa_candidates(self, path, params, url):
762 fw 2491 bf = BugFilter(params)
763    
764 fw 2482 def gen():
765     old_pkg_name = ''
766 gilbert-guest 14057 for (pkg_name, bug_name, archive, urgency, vulnerable,
767     stable_later, remote) \
768 fw 2482 in self.db.cursor().execute(
769 gilbert-guest 14057 """SELECT package, bug, section, urgency, vulnerable,
770 fw 2482 (SELECT testing.version_id < stable.version_id
771     FROM source_packages AS testing, source_packages AS stable
772     WHERE testing.name = testing_status.package
773 thijs 16070 AND testing.release = 'wheezy'
774 fw 2482 AND testing.subrelease = ''
775     AND testing.archive = testing_status.section
776     AND stable.name = testing_status.package
777 thijs 16070 AND stable.release = 'squeeze'
778 fw 2482 AND stable.subrelease = 'security'
779 fw 2491 AND stable.archive = testing_status.section),
780     (SELECT range_remote FROM nvd_data
781     WHERE cve_name = bug)
782 fw 2482 FROM testing_status
783     WHERE (NOT unstable_vulnerable)
784     AND (NOT testing_security_fixed)"""):
785 gilbert-guest 14057 if bf.urgencyFiltered(urgency, vulnerable):
786 fw 2491 continue
787     if bf.remoteFiltered(remote):
788     continue
789    
790 fw 2482 if pkg_name == old_pkg_name:
791     pkg_name = ''
792     migration = ''
793     else:
794     old_pkg_name = pkg_name
795     migration = A(self.url_testing_status(url, pkg_name),
796     "check")
797     if archive <> 'main':
798     pkg_name = "%s (%s)" % (pkg_name, archive)
799     else:
800     pkg_name = self.make_source_package_ref(url, pkg_name)
801    
802 fw 2491 if remote is None:
803 gilbert-guest 14303 remote = '???'
804 fw 2491 elif remote:
805     remote = 'yes'
806     else:
807     remote = 'no'
808    
809 fw 14298 if urgency.startswith('high'):
810 fw 2482 urgency = self.make_red(urgency)
811 gilbert-guest 14058 elif vulnerable == 2:
812     urgency = self.make_purple(urgency)
813 fw 2482
814     if stable_later:
815     notes = "(fixed in stable?)"
816     else:
817     notes = ''
818    
819     yield (pkg_name, migration, self.make_xref(url, bug_name),
820 fw 2491 urgency, remote, notes)
821 fw 2482
822     return self.create_page(
823     url, "Candidates for DTSAs",
824     [P("""The table below lists packages which are fixed
825     in unstable, but unfixed in testing. Use the testing migration
826 fw 2679 checker to find out why they have not entered testing yet."""),
827 fw 2482 make_menu(url.scriptRelative,
828     ("status/release/testing",
829     "List of vulnerable packages in testing")),
830 gilbert-guest 14057 bf.actions(url), BR(),
831 fw 2482 make_table(gen(),
832 fw 2491 caption=("Package", "Migration", "Bug", "Urgency",
833     "Remote"))])
834 fw 2482
835     def page_status_todo(self, path, params, url):
836 fw 4005 hide_check = params.get('hide_check', False)
837     if hide_check:
838     flags = A(url.updateParamsDict({'hide_check' : None}),
839     'Show "check" TODOs')
840     else:
841     flags = A(url.updateParamsDict({'hide_check' : '1'}),
842     'Hide "check" TODOs')
843    
844 fw 2482 def gen():
845 gilbert-guest 16134 for (bug, description, note) in self.db.getTODOs(hide_check=hide_check):
846     yield self.make_xref(url, bug), description, note
847 fw 2482 return self.create_page(
848 gilbert-guest 16134 url, 'Bugs with TODO items',
849     [P(flags), make_table(gen(), caption=('Bug', 'Description', 'Note'))])
850 fw 2482
851 gilbert-guest 14059 def page_status_undetermined(self, path, params, url):
852     def gen():
853     outrel = []
854     old_bug = ''
855     old_pkg = ''
856     old_dsc = ''
857     last_displayed = ''
858 thijs 16070 releases = ('sid', 'wheezy', 'squeeze', 'lenny')
859 gilbert-guest 14059 for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
860     """SELECT DISTINCT sp.name, st.bug_name, sp.release,
861     bugs.description
862     FROM source_package_status AS st, source_packages AS sp, bugs
863     WHERE st.vulnerable == 2 AND sp.rowid = st.package
864     AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
865     OR sp.release = ? )
866     AND sp.subrelease = '' AND st.bug_name == bugs.name
867     ORDER BY sp.name, st.bug_name""", releases):
868    
869     if old_bug == '':
870     old_bug = bug_name
871     old_pkg = pkg_name
872     old_dsc = desc
873     elif old_bug != bug_name:
874     if old_pkg == last_displayed:
875     to_display = ''
876     else:
877     to_display = old_pkg
878     yield to_display, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
879     last_displayed = old_pkg
880     old_bug = bug_name
881     old_pkg = pkg_name
882     old_dsc = desc
883     outrel = []
884     outrel.append( release )
885     yield old_pkg, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
886    
887     return self.create_page(url, 'Packages that may be vulnerable but need to be checked (undetermined issues)',
888     [P("""This page lists packages that may or may not be affected
889     by known issues. This means that some additional work needs to
890     be done to determined whether the package is actually
891     vulnerable or not. This list is a good area for new
892     contributors to make quick and meaningful contributions."""),
893     make_table(gen(), caption=('Package', 'Bug', 'Description', 'Releases'))])
894    
895     def page_status_unimportant(self, path, params, url):
896     def gen():
897     outrel = []
898     old_bug = ''
899     old_pkg = ''
900     old_dsc = ''
901     old_name = ''
902     last_displayed = ''
903 thijs 16070 releases = ('sid', 'wheezy', 'squeeze', 'lenny')
904 gilbert-guest 14059 for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
905     """SELECT DISTINCT sp.name, st.bug_name, sp.release,
906     bugs.description
907     FROM source_package_status AS st, source_packages AS sp, bugs
908     WHERE st.vulnerable > 0 AND sp.rowid = st.package
909     AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
910     OR sp.release = ? ) AND st.urgency == 'unimportant'
911     AND sp.subrelease = '' AND st.bug_name == bugs.name
912     ORDER BY sp.name, st.bug_name""", releases):
913    
914     if old_bug == '':
915     old_bug = bug_name
916     old_pkg = pkg_name
917     old_dsc = desc
918     elif old_bug != bug_name:
919     if old_pkg == last_displayed:
920     to_display = ''
921     else:
922     to_display = old_pkg
923     yield to_display, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
924     last_displayed = old_pkg
925     old_bug = bug_name
926     old_pkg = pkg_name
927     old_dsc = desc
928     outrel = []
929     outrel.append( release )
930     yield old_pkg, self.make_xref(url, old_bug), old_dsc, ', '.join(outrel)
931    
932     return self.create_page(url, 'Packages that have open unimportant issues',
933     [P("""This page lists packages that are affected by issues
934     that are considered unimportant from a security perspective.
935     These issues are thought to be unexploitable or uneffective
936     in most situations (for example, browser denial-of-services)."""),
937     make_table(gen(), caption=('Package', 'Bug', 'Description', 'Releases'))])
938    
939 fw 2482 def page_status_itp(self, path, params, url):
940     def gen():
941     old_pkg = ''
942     for pkg, bugs, debian_bugs in self.db.getITPs(self.db.cursor()):
943     if pkg == old_pkg:
944     pkg = ''
945     else:
946     old_pkg = pkg
947     yield (pkg, self.make_xref_list(url, bugs),
948     self.make_debian_bug_list(url, debian_bugs))
949     return self.create_page(
950     url, "ITPs with potential security issues",
951     [make_table(gen(), caption=("Package", "Issue", "Debian Bugs"),
952     replacement="No ITP bugs are currently known.")])
953    
954     def page_data_unknown_packages(self, path, params, url):
955     def gen():
956     for name, bugs in self.db.getUnknownPackages(self.db.cursor()):
957     yield name, self.make_xref_list(url, bugs)
958     return self.create_page(
959     url, "Unknown packages",
960     [P("""Sometimes, a package referenced in a bug report
961     cannot be found in the database. This can be the result of a spelling
962 thijs 6389 error, or a historic entry refers to a
963     package which is no longer in the archive."""),
964 fw 2482 make_table(gen(), caption=("Package", "Bugs"),
965     replacement="No unknown packages are referenced in the database.")])
966    
967     def page_data_missing_epochs(self, path, params, url):
968     def gen():
969     old_bug = ''
970     old_pkg = ''
971     for bug, pkg, ver1, ver2 in self.db.cursor().execute(
972     """SELECT DISTINCT bug_name, n.package,
973     n.fixed_version, sp.version
974     FROM package_notes AS n, source_packages AS sp
975     WHERE n.package_kind = 'source'
976     AND n.fixed_version NOT LIKE '%:%'
977     AND n.fixed_version <> '0'
978     AND n.bug_origin = ''
979     AND sp.name = n.package
980     AND sp.version LIKE '%:%'
981     ORDER BY bug_name, package"""):
982     if bug == old_bug:
983     bug = ''
984     else:
985     old_bug = bug
986     old_pkg = ''
987     bug = self.make_xref(url, bug)
988     if pkg == old_pkg:
989     pkg = ''
990     else:
991     old_pkg = pkg
992     pkg = self.make_source_package_ref(url, pkg)
993     yield bug, pkg, ver1, ver2
994    
995     return self.create_page(
996     url, "Missing epochs in package versions",
997     [make_table(gen(),
998     caption=("Bug", "Package", "Version 1", "Version 2"),
999     replacement="No source package version with missing epochs.")])
1000    
1001 fw 3136 def page_data_latently_vulnerable(self, path, params, url):
1002     def gen():
1003     for pkg, bugs in self.db.cursor().execute(
1004     """SELECT package, string_set(bug_name)
1005     FROM package_notes AS p1
1006     WHERE release <> ''
1007 fw 5103 AND (bug_name LIKE 'CVE-%' OR bug_name LIKE 'TEMP-%')
1008 fw 3136 AND NOT EXISTS (SELECT 1 FROM package_notes AS p2
1009     WHERE p2.bug_name = p1.bug_name
1010     AND p2.package = p1.package
1011     AND release = '')
1012     AND EXISTS (SELECT 1 FROM source_packages
1013     WHERE name = p1.package AND release = 'sid')
1014     GROUP BY package
1015     ORDER BY package"""):
1016     pkg = self.make_source_package_ref(url, pkg)
1017     bugs = bugs.split(',')
1018     yield pkg, self.make_xref_list(url, bugs)
1019    
1020 fw 3166 def gen_unimportant():
1021     for pkg, bugs in self.db.cursor().execute(
1022     """SELECT package, string_set(bug_name)
1023     FROM package_notes AS p1
1024     WHERE release <> ''
1025     AND urgency <> 'unimportant'
1026 fw 5103 AND (bug_name LIKE 'CVE-%' OR bug_name LIKE 'TEMP-%')
1027 fw 3166 AND EXISTS (SELECT 1 FROM package_notes AS p2
1028     WHERE p2.bug_name = p1.bug_name
1029     AND p2.package = p1.package
1030     AND release = '')
1031     AND NOT EXISTS (SELECT 1 FROM package_notes AS p2
1032     WHERE p2.bug_name = p1.bug_name
1033     AND p2.package = p1.package
1034     AND urgency <> 'unimportant'
1035     AND release = '')
1036     AND EXISTS (SELECT 1 FROM source_packages
1037     WHERE name = p1.package AND release = 'sid')
1038     GROUP BY package
1039     ORDER BY package"""):
1040     pkg = self.make_source_package_ref(url, pkg)
1041     bugs = bugs.split(',')
1042     yield pkg, self.make_xref_list(url, bugs)
1043    
1044 fw 3136 return self.create_page(
1045     url, "Latently vulnerable packages in unstable",
1046     [P(
1047     """A package is latently vulnerable in unstable if it is vulnerable in
1048     any release, and there is no package note for the same vulnerability
1049     and package in unstable (and the package is still available in
1050     unstable, of course)."""),
1051     make_table(gen(),
1052     caption=("Package", "Bugs"),
1053 fw 3166 replacement="No latently vulnerable packages were found."),
1054     P(
1055     """The next table lists issues which are marked unimportant for
1056     unstable, but for which release-specific annotations exist which are
1057     not unimportant."""),
1058     make_table(gen_unimportant(),
1059     caption=("Package", "Bugs"),
1060     replacement=
1061     "No packages with unimportant latent vulnerabilities were found."),
1062     ])
1063 fw 3136
1064 fw 2482 def page_data_releases(self, path, params, url):
1065     def gen():
1066     for (rel, subrel, archive, sources, archs) \
1067     in self.db.availableReleases():
1068     if sources:
1069     sources = 'yes'
1070     else:
1071     sources = 'no'
1072     yield rel, subrel, archive, sources, make_list(archs)
1073     return self.create_page(
1074     url, "Available releases",
1075     [P("""The security issue database is checked against
1076     the Debian releases listed in the table below."""),
1077     make_table(gen(),
1078     caption=("Release", "Subrelease", "Archive",
1079     "Sources", "Architectures"))])
1080    
1081     def page_data_funny_versions(self, path, params, url):
1082     def gen():
1083     for name, release, archive, version, source_version \
1084     in self.db.getFunnyPackageVersions():
1085     yield name, release, archive, source_version, version
1086    
1087     return self.create_page(
1088     url, "Version conflicts between source/binary packages",
1089     [P("""The table below lists source packages
1090     which have a binary package of the same name, but with a different
1091     version. This means that extra care is necessary to determine
1092     the version of a package which has been fixed. (Note that
1093     the bug tracker prefers source versions to binary versions
1094     in this case.)"""),
1095     make_table(gen(),
1096     caption=("Package",
1097     "Release",
1098     "Archive",
1099     "Source Version",
1100     "Binary Version")),
1101     P("""Technically speaking, these version numbering is fine,
1102     but it makes version-based bug tracking quite difficult for these packages."""),
1103     P("""There are many binary packages which are built from source
1104     packages with different version numbering schemes. However, as
1105     long as none of the binary packages carries the same name as the
1106     source package, most confusion is avoided or can be easily
1107     explained.""")])
1108    
1109 fw 2554 def page_data_fake_names(self, path, params, url):
1110     def gen():
1111     for (bug, description) in self.db.getFakeBugs():
1112     yield self.make_xref(url, bug), description
1113     return self.create_page(
1114     url, "Automatically generated issue names",
1115     [P("""Some issues have not been assigned CVE names, but are still
1116     tracked by this database. In this case, the system automatically assigns
1117     a unique name. These names are not stable and can change when the database
1118     is updated, so they should not be used in external references."""),
1119     P('''The automatically generated names come in two flavors:
1120 fw 5103 the first kind starts with the string "''', CODE("TEMP-000000-"),
1121 fw 2554 '''". This means that no Debian bug has been assigned to this
1122     issue (or a bug has been created and is not recorded in this database).
1123     In the second kind of names, there is a Debian bug for the issue, and the "''',
1124     CODE("000000"), '''"part of the name is replaced with the
1125     Debian bug number.'''),
1126     make_table(gen(),
1127     caption=("Bug", "Description"))])
1128    
1129 fw 12999 def page_data_pts(self, path, params, url):
1130     data = []
1131     for pkg, bugs in self.db.cursor().execute(
1132     """SELECT package, COUNT(DISTINCT bug) FROM
1133 geissert 14909 (SELECT package, bug, urgency FROM stable_status
1134     UNION ALL SELECT DISTINCT sp.name, st.bug_name, st.urgency
1135 fw 12999 FROM source_package_status AS st, source_packages AS sp
1136     WHERE st.vulnerable AND st.urgency <> 'unimportant'
1137     AND sp.rowid = st.package AND sp.release = 'sid'
1138 geissert 14909 AND sp.subrelease = '') x WHERE urgency <> 'unimportant'
1139 fw 12999 GROUP BY package ORDER BY package"""):
1140     data.append(pkg)
1141     data.append(':')
1142     data.append(str(bugs))
1143     data.append('\n')
1144     return BinaryResult(''.join(data))
1145    
1146 fw 3051 def page_debsecan(self, path, params, url):
1147     obj = '/'.join(path)
1148     data = self.db.getDebsecan(obj)
1149     if data:
1150     return BinaryResult(data)
1151     else:
1152     return self.create_page(
1153     url, "Object not found",
1154     [P("The requested debsecan object has not been found.")],
1155     status=404)
1156    
1157 fw 2482 def create_page(self, url, title, body, search_in_page=False, status=200):
1158     append = body.append
1159     append(HR())
1160     if not search_in_page:
1161     append(self.make_search_button(url))
1162     append(P(A(url.scriptRelative(""), "Home"),
1163     " - ", A(url.absolute("http://secure-testing.debian.net/"),
1164     "Testing Security Team"),
1165     " - ", A(url.absolute("http://www.debian.org/security/"),
1166     "Debian Security"),
1167     " - ", A(url.absolute
1168     ("http://www.enyo.de/fw/impressum.html"),
1169     "Imprint")))
1170     if search_in_page:
1171     on_load = "selectSearch()"
1172     else:
1173     on_load = None
1174     return HTMLResult(self.add_title(title, body,
1175     head_contents=self.head_contents,
1176     body_attribs={'onload': on_load}),
1177     doctype=self.html_dtd(),
1178     status=status)
1179    
1180     def make_search_button(self, url):
1181     return FORM("Search for package or bug name: ",
1182     INPUT(type='text', name='query',
1183     onkeyup="onSearch(this.value)",
1184     onmousemove="onSearch(this.value)"),
1185     INPUT(type='submit', value='Go'),
1186 fw 3597 ' ',
1187 fw 3596 A(url.scriptRelative("data/report"), "Reporting problems"),
1188 fw 2482 method='get',
1189     action=url.scriptRelative(''))
1190    
1191     def url_cve(self, url, name):
1192     return url.absolute("http://cve.mitre.org/cgi-bin/cvename.cgi",
1193     name=name)
1194 fw 2488 def url_nvd(self, url, name):
1195 thijs 9808 return url.absolute("http://web.nvd.nist.gov/view/vuln/detail",
1196     vulnId=name)
1197 geissert 13767 def url_rhbug(self, url, name):
1198     return url.absolute("https://bugzilla.redhat.com/show_bug.cgi",
1199     id=name)
1200 pabs 18451 def url_ubuntu_bug(self, url, name):
1201     return url.absolute("http://people.canonical.com/~ubuntu-security/cve/%s" % name)
1202     def url_gentoo_bug(self, url, name):
1203     return url.absolute("http://bugs.gentoo.org/show_bug.cgi", id=name)
1204 fw 2488
1205 fw 2482 def url_dsa(self, url, dsa, re_dsa=re.compile(r'^DSA-(\d+)(?:-\d+)?$')):
1206     match = re_dsa.match(dsa)
1207     if match:
1208     # We must determine the year because there is no generic URL.
1209     (number,) = match.groups()
1210     for (date,) in self.db.cursor().execute(
1211     "SELECT release_date FROM bugs WHERE name = ?", (dsa,)):
1212     (y, m, d) = date.split('-')
1213     return url.absolute("http://www.debian.org/security/%d/dsa-%d"
1214     % (int(y), int(number)))
1215     return None
1216    
1217     def url_debian_bug(self, url, debian):
1218     return url.absolute("http://bugs.debian.org/cgi-bin/bugreport.cgi",
1219     bug=str(debian))
1220     def url_debian_bug_pkg(self, url, debian):
1221     return url.absolute("http://bugs.debian.org/cgi-bin/pkgreport.cgi",
1222     pkg=debian)
1223     def url_pts(self, url, package):
1224     return url.absolute("http://packages.qa.debian.org/common/index.html",
1225     src=package)
1226     def url_testing_status(self, url, package):
1227 thijs 8112 return url.absolute("http://release.debian.org/migration/testing.pl",
1228 fw 2482 package=package)
1229     def url_source_package(self, url, package, full=False):
1230     if full:
1231     return url.scriptRelativeFull("source-package/" + package)
1232     else:
1233     return url.scriptRelative("source-package/" + package)
1234    
1235     def make_xref(self, url, name):
1236     return A(url.scriptRelative(name), name)
1237    
1238     def make_xref_list(self, url, lst, separator=', '):
1239     return make_list(map(lambda x: self.make_xref(url, x), lst), separator)
1240    
1241     def make_debian_bug(self, url, debian):
1242     return A(self.url_debian_bug(url, debian), str(debian))
1243     def make_debian_bug_list(self, url, lst):
1244     return make_list(map(lambda x: self.make_debian_bug(url, x), lst))
1245    
1246     def make_cve_ref(self, url, cve, name=None):
1247     if name is None:
1248     name = cve
1249     return A(self.url_cve(url, cve), name)
1250    
1251 fw 2488 def make_nvd_ref(self, url, cve, name=None):
1252     if name is None:
1253     name = cve
1254     return A(self.url_nvd(url, cve), name)
1255 geissert 13767
1256     def make_rhbug_ref(self, url, cve, name=None):
1257     if name is None:
1258     name = cve
1259     return A(self.url_rhbug(url, cve), name)
1260 fw 2488
1261 pabs 18451 def make_ubuntu_bug_ref(self, url, cve, name=None):
1262     if name is None:
1263     name = cve
1264     return A(self.url_ubuntu_bug(url, cve), name)
1265    
1266     def make_gentoo_bug_ref(self, url, cve, name=None):
1267     if name is None:
1268     name = cve
1269     return A(self.url_gentoo_bug(url, cve), name)
1270    
1271 fw 2482 def make_dsa_ref(self, url, dsa, name=None):
1272     if name is None:
1273     name = dsa
1274     u = self.url_dsa(url, dsa)
1275     if u:
1276     return A(u, name)
1277     else:
1278     return name
1279    
1280     def make_pts_ref(self, url, pkg, name=None):
1281     if name is None:
1282     name = pkg
1283     return A(self.url_pts(url, pkg), name)
1284    
1285     def make_source_package_ref(self, url, pkg, title=None):
1286     if title is None:
1287     title = pkg
1288     return A(self.url_source_package(url, pkg), title)
1289    
1290     def make_red(self, contents):
1291     return SPAN(contents, _class="red")
1292 gilbert-guest 13694
1293     def make_purple(self, contents):
1294     return SPAN(contents, _class="purple")
1295 fw 2482
1296     def make_dangerous(self, contents):
1297     return SPAN(contents, _class="dangerous")
1298    
1299     def pre_dispatch(self):
1300 fw 16645 pass
1301 fw 2482
1302     TrackerService(socket_name, db_name).run()

Properties

Name Value
svn:mime-type text/script
  ViewVC Help
Powered by ViewVC 1.1.5