summaryrefslogtreecommitdiffstats
path: root/conf/cvelist.el
blob: 0242d4fca549161c74503a092be6b75ea7c396a6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
;;; cvelist --- Major mode for Debian's CVE list
;;;
;;; Commentary:
;;;   only useful for security-tracker-team/security-tracker.git's data/CVE/list
;;;
;;; Code:
;;;   Guido Günther
;;;   Moritz Muehlenhoff
;;;   Sébastien Delafond
;;;
;;; Can be enabled via:
;;;
;;; (autoload 'debian-cvelist-mode "cvelist.el"
;;;     "Major mode for debian CVE lists" t)
;;; (setq auto-mode-alist
;;;     (cons '("list" . debian-cvelist-mode) auto-mode-alist))

(setq last-nfu "")
(setq bugnum "")

; TODO: Tab completion for existing NFUs
(defun debian-cvelist-insert-not-for-us ()
  "Insert NOT-FOR-US keyword."
  (setq last-nfu (read-string "Name of software: " last-nfu))
  (interactive)
  (beginning-of-line)
  (kill-whole-line)
  (insert "\tNOT-FOR-US: " last-nfu "\n" ))

(defun debian-cvelist-insert-note ()
  "Insert NOTE comment."
  (interactive)
  (insert "\tNOTE: "))

(defun debian-cvelist-insert-bug ()
  "Add bugnumber to end of line."
  (setq bugnum (read-string "Bug number (without #): " bugnum))
  (interactive)
  (end-of-line)
  (insert " (bug #" bugnum ")" ))

; TODO: Read supported distros from central config and prompt for applicable suites
(defun debian-cvelist-insert-nodsa ()
  "Insert no-dsa comment based on the current source entry."
  (interactive)
  (setq reason (read-string "Reason for no-dsa: " "Minor issue"))
  (setq srcpkg (thing-at-point 'filename))
  (next-line)
  (beginning-of-line)
  (insert (concat "\t[buster] - " srcpkg " <no-dsa> (" reason ")\n" )))

(defun debian-cvelist-insert-postponed ()
  "Insert postponed comment based on the current source entry."
  (interactive)
  (setq reason (read-string "Reason for postponed: " "Minor issue, fix along with next update"))
  (setq srcpkg (thing-at-point 'filename))
  (next-line)
  (beginning-of-line)
  (insert (concat "\t[buster] - " srcpkg " <postponed> (" reason ")\n" )))

; TODO: Read supported distros from central config and prompt for applicable suites
(defun debian-cvelist-insert-not-affected ()
  "Insert not-affected comment based on the current source entry."
  (interactive)
  (setq reason (read-string "Reason for not-affected: " "Vulnerable code not present"))
  (setq srcpkg (thing-at-point 'filename))
  (next-line)
  (beginning-of-line)
  (insert (concat "\t[buster] - " srcpkg " <not-affected> (" reason ")\n" )))

; TODO: Parse existing source entries for buffer tab completion
(defun debian-cvelist-insert-srcentry ()
  "Insert new source package entry."
  (interactive)
  (setq srcpkg (read-string "Source package: " ""))
  (setq version (read-string "Fixed version: " "<unfixed>"))
  (next-line)
  (beginning-of-line)
  (insert (concat "\t- " srcpkg " " version "\n")))

(defun debian-cvelist-cvesearch ()
  "Look up a CVE ID at the MITRE website."
  (interactive)
  (browse-url (concat "https://www.cve.org/CVERecord?id=" (thing-at-point 'symbol))))

(defun debian-cvelist-ptslookup ()
  "Look up a package name in Debian Package Tracker."
  (interactive)
  (browse-url (concat "https://tracker.debian.org/pkg/" (thing-at-point 'symbol))))

(defvar debian-cvelist-mode-map
   (let ((map (make-sparse-keymap)))
     (define-key map (kbd "C-c C-f") 'debian-cvelist-insert-not-for-us)
     (define-key map (kbd "C-c C-n") 'debian-cvelist-insert-note)
     (define-key map (kbd "C-c C-c") 'debian-cvelist-cvesearch)
     (define-key map (kbd "C-c C-l") 'debian-cvelist-insert-nodsa)
     (define-key map (kbd "C-c C-a") 'debian-cvelist-insert-srcentry)
     (define-key map (kbd "C-c C-x") 'debian-cvelist-insert-not-affected)
     (define-key map (kbd "C-c C-p") 'debian-cvelist-insert-postponed)
     (define-key map (kbd "C-c C-b") 'debian-cvelist-insert-bug)
     (define-key map (kbd "C-c C-p") 'debian-cvelist-ptslookup)
     map)
   "Keymap for `debian-cvelist-mode'.")

(defvar debian-cvelist-font-lock-keywords
  '(("^CVE-[0-9]\\{4\\}-[0-9X]\\{4,7\\}"
     (0 font-lock-function-name-face) ;; face for CVE keyword
     ("(\\(.+\\))$" nil nil (1 font-lock-warning-face))) ;; face for the rest of the line
    ("D[LS]A-[0-9]\\{4,5\\}-[0-9]" . font-lock-function-name-face)
    ("#[0-9]\\{1,7\\}" . font-lock-type-face)
    ("^\tNOTE:" . font-lock-comment-delimiter-face)
    ("^\tTODO:" . font-lock-warning-face)
    ("^\t\\(RESERVED\\|NOT-FOR-US\\|REJECTED\\)" . font-lock-keyword-face)
    ("\\<unfixed\\|undetermined\\>" . font-lock-warning-face)
    ("\\<end-of-life\\|not-affected\\|no-dsa\\|ignored\\|postponed\\>" . font-lock-constant-face))
  "Keyword highlighting for `debian-cvelist-mode'.")

(defun debian-cvelist-is-cve ()
  "Checks if a current line is a CVE description."
  (save-excursion
    (beginning-of-line)
    (looking-at "[[:space:]]*CVE-")))

(defun debian-cvelist-indent-line ()
  "Indent current line as debian CVE list."
  (beginning-of-line)
  (if (debian-cvelist-is-cve)
      (indent-line-to 0)
    (indent-line-to 8)))

(define-derived-mode debian-cvelist-mode fundamental-mode "debian-cvelist"
  "A major mode for editing data/CVE/list in the Debian
   secure-tracker repository."
  (setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords t))
  (setq indent-line-function 'debian-cvelist-indent-line))

(provide 'debian-cvelist)
;;; cvelist.el ends here

© 2014-2024 Faster IT GmbH | imprint | privacy policy