aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSebastien Delafond <seb>2016-07-19 09:54:22 +0000
committerSebastien Delafond <seb>2016-07-19 09:54:22 +0000
commita0996ad937c7179c4237d0435632df7017d07650 (patch)
treeeb9b6d53bdc47979d6acebd3a2ddf14190bd59f4
parenteffbfb12858505a3c7aae46e212e077d22bfe7f3 (diff)
Ability to handle new-style *.{wml,dsa} files.
CVS version numbers english/security/oval/parseDsa2Oval.py: 1.4 -> 1.5 english/security/oval/oval/definition/generator.py: 1.11 -> 1.12 english/security/oval/oval/parser/dsa.py: 1.5 -> 1.6 english/security/oval/oval/parser/wml.py: 1.5 -> 1.6
Diffstat
-rw-r--r--english/security/oval/oval/definition/generator.py4
-rw-r--r--english/security/oval/oval/parser/dsa.py5
-rw-r--r--english/security/oval/oval/parser/wml.py39
-rwxr-xr-xenglish/security/oval/parseDsa2Oval.py35
4 files changed, 58 insertions, 25 deletions
diff --git a/english/security/oval/oval/definition/generator.py b/english/security/oval/oval/definition/generator.py
index 32c9e3cec33..3989b4ebd64 100644
--- a/english/security/oval/oval/definition/generator.py
+++ b/english/security/oval/oval/definition/generator.py
@@ -431,10 +431,8 @@ def createDefinition (dsa, dsaref):
logging.log(logging.WARNING, "DSA %s: Secrefs information missed." % dsa)
dsaref["secrefs"] = ""
- doc = xml.dom.minidom.Document ()
-
### Definition block: Metadata, Notes, Criteria
- definition = __createXMLElement ("definition", attrs = {"id" : "oval:org.debian:def:%s" % getOvalId(dsaref["description"]), "version" : "1", "class" : "vulnerability"})
+ definition = __createXMLElement ("definition", attrs = {"id" : "oval:org.debian:def:%s" % getOvalId(dsaref["title"]), "version" : "1", "class" : "vulnerability"})
### Definition : Metadata : title, affected, reference, description ###
metadata = __createXMLElement ("metadata")
diff --git a/english/security/oval/oval/parser/dsa.py b/english/security/oval/oval/parser/dsa.py
index c2a1bd88b1e..eb31abd5ee7 100644
--- a/english/security/oval/oval/parser/dsa.py
+++ b/english/security/oval/oval/parser/dsa.py
@@ -98,7 +98,7 @@ def parseFile (path):
result = versionpatern.search (line)
if result:
fdeb_ver = result.groups()[0]
-
+
if fdeb_ver:
deb_ver = fdeb_ver
fdeb_ver = None
@@ -125,4 +125,5 @@ def parseFile (path):
else:
data["release"][deb_ver][architecture] = {package : version}
- return (dsa, data)
+ if "title" in data:
+ return data["title"], data
diff --git a/english/security/oval/oval/parser/wml.py b/english/security/oval/oval/parser/wml.py
index cb27a2d2353..b0c4ff75eed 100644
--- a/english/security/oval/oval/parser/wml.py
+++ b/english/security/oval/oval/parser/wml.py
@@ -15,6 +15,10 @@ import os
import sys
import logging
+# TODO: these may need changed or reworked.
+DEBIAN_VERSION = {"wheezy" : "7.0", "jessie" : "8.2", "stretch" : "9.0",
+ "sid" : "9.0", "etch" : "4.0", "squeeze":"6.0", "lenny":"5.0"}
+
# Format of wml files is:
#<define-tag description>DESCRIPTION</define-tag>
#<define-tag moreinfo>Multiline information</define-tag>
@@ -28,6 +32,9 @@ def parseFile (path):
data = {}
moreinfo = False
+ pack_ver = ""
+ deb_version = ""
+ releases = {}
filename = os.path.basename (path)
@@ -46,7 +53,6 @@ def parseFile (path):
for line in wmlFile:
line= line.decode ("ISO-8859-2")
-
descrpatern = re.compile (r'description>(.*?)</define-tag>')
result = descrpatern.search (line)
if result:
@@ -68,12 +74,23 @@ def parseFile (path):
if moreinfo:
data["moreinfo"] += line
- continue
+# continue
+
+ dversion_pattern = re.compile(r'distribution \((.*?)\)')
+ result = dversion_pattern.search(line)
+ if result:
+ deb_version = result.groups()[0]
+
+ new_version_pattern = re.compile(r'version (.*?).</p>')
+ result = new_version_pattern.search(line)
+ if result and deb_version != "":
+ pack_ver = result.groups()[0]
+ releases.update({DEBIAN_VERSION[deb_version]: {u"all": {grabPackName(path) : pack_ver}}})
except IOError:
logging.log (logging.ERROR, "Can't work with file %s" % path)
- return (dsa, data)
+ return data, releases
def __parseMoreinfo (info):
""" Remove unnecessary information form moreinfo tag"""
@@ -88,3 +105,19 @@ def __parseMoreinfo (info):
result += "\n" + par
return result
+
+def grabPackName(path):
+ """
+ :param path: full path to wml file
+ :return: string: Package Name
+ """
+
+ try:
+ wmlFile = open(path)
+ package_name = re.compile (r'We recommend that you upgrade your (.*?) packages')
+ for line in wmlFile:
+ result = package_name.search(line)
+ if result:
+ return result.groups()[0]
+ except IOError:
+ logging.log (logging.ERROR, "Can't work with file %s" % path)
diff --git a/english/security/oval/parseDsa2Oval.py b/english/security/oval/parseDsa2Oval.py
index 131867bc2b4..5fbc9156b65 100755
--- a/english/security/oval/parseDsa2Oval.py
+++ b/english/security/oval/parseDsa2Oval.py
@@ -16,7 +16,7 @@ import oval.definition.generator
from oval.parser import dsa
from oval.parser import wml
-dsaref = {}
+ovals = {}
def usage (prog = "parse-wml-oval.py"):
"""Print information about script flags and options"""
@@ -28,10 +28,10 @@ usage: %s [vh] [-d <directory>]
\t-h\tthis help
""" % prog
-def printdsas (dsaref):
+def printdsas (ovals):
""" Generate and print OVAL Definitions for collected DSA information """
- ovalDefinitions = oval.definition.generator.createOVALDefinitions (dsaref)
+ ovalDefinitions = oval.definition.generator.createOVALDefinitions (ovals)
oval.definition.generator.printOVALDefinitions (ovalDefinitions)
def parsedirs (directory, postfix, depth):
@@ -40,6 +40,8 @@ def parsedirs (directory, postfix, depth):
For this files called oval.parser.dsa.parseFile() for extracting DSA information.
"""
+ global ovals
+
if depth == 0:
logging.log(logging.DEBUG, "Maximum depth reached at directory " + directory)
return (0)
@@ -54,25 +56,24 @@ def parsedirs (directory, postfix, depth):
logging.log(logging.DEBUG, "Entering directory " + path)
parsedirs (path, postfix, depth-1)
- #Parse DSA data files
+ #Parse files
if os.access(path, os.R_OK) and file.endswith(postfix) and file[0] != '.' and file[0] != '#':
result = dsa.parseFile (path)
if result:
- if dsaref.has_key (result[0]):
+ if ovals.has_key (result[0]):
for (k, v) in result[1].iteritems():
- dsaref[result[0]][k] = v
+ ovals[result[0]][k] = v
else:
- dsaref[result[0]] = result[1]
+ ovals[result[0]] = result[1]
- #Parse DSA wml descriptions
- if os.access(path, os.R_OK) and file.endswith(".wml") and file[0] != '.' and file[0] != '#':
- result = wml.parseFile(path)
- if result:
- if dsaref.has_key (result[0]):
- for (k, v) in result[1].iteritems():
- dsaref[result[0]][k] = v
- else:
- dsaref[result[0]] = result[1]
+ # also parse corresponding wml file
+ wmlResult = wml.parseFile(path.replace('.data', '.wml'))
+ if wmlResult:
+ data, releases = wmlResult
+ for (k, v) in data.iteritems():
+ ovals[result[0]][k] = v
+ if not ovals[result[0]].get("release", None):
+ ovals[result[0]]['release']=releases
return 0
@@ -103,4 +104,4 @@ if __name__ == "__main__":
logging.basicConfig(level=logging.WARNING)
parsedirs (opts['-d'], '.data', 2)
- printdsas(dsaref)
+ printdsas(ovals)

© 2014-2024 Faster IT GmbH | imprint | privacy policy