introduction of inject-embedded-code-copies

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12668 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Michael Gilbert <michael.s.gilbert@gmail.com> 2009-08-24 00:59:44 +0000
committer: Michael Gilbert <michael.s.gilbert@gmail.com> 2009-08-24 00:59:44 +0000
commit: 34e31c8d2beba5a7e136c2c3c3e40fefc857e48d (patch)
tree: db9529eff0c62a05ac24d60cb23cb21dcb8b44f1 /bin/inject-embedded-code-copies
parent: 3ccca99c9be170ebce71b44f654eef5cd924904f (diff)
1 files changed, 112 insertions, 0 deletions
diff --git a/bin/inject-embedded-code-copies b/bin/inject-embedded-code-copies
new file mode 100755
index 0000000000..b3cfecb050
--- /dev/null
+++ b/bin/inject-embedded-code-copies
@@ -0,0 +1,112 @@
+#!/usr/bin/python
+
+import os
+import sys
+import tempfile
+
+if ( len( sys.argv ) != 3 ):
+    sys.stderr.write( 'usage: %s <embedded code copies file> <cve list>\n' % sys.argv[0] )
+    sys.exit( 1 )
+
+todo_note = '\tTODO: check embedded %s code copy [- %s %s]'
+todo_note2 = '\tTODO: check original source code [- %s <unfixed>]; embedded by %s'
+fname_embed = sys.argv[1]
+fname_cve = sys.argv[2]
+
+if not os.path.exists( fname_embed ):
+    sys.stderr.write( 'error: embedded code copies file \'%s\' does not exist.\n' % fname_embed )
+    sys.exit( 1 )
+
+if not os.path.exists( fname_cve ):
+    sys.stderr.write( 'error: cve list file \'%s\' does not exist.\n' % fname_cve )
+    sys.exit( 1 )
+
+origlist = []
+embedlist = []
+typelist = []
+nembeds = 0
+found_begin = False
+fembed = open( fname_embed , 'r' )
+line = fembed.readline()
+while line:
+    if found_begin:
+        if not ( line.startswith( '\t' ) or line.startswith( ' ' ) or line.startswith( '\n' ) ):
+            orig =  line.split( ' ' )[0].strip( ':\n' )
+        elif line.lstrip( ' \t' ).startswith( '-' ):
+            split = line.split( ' ' )
+            embedder = split[1].strip( ':' )
+            type = split[2].strip( '\n' )
+            if ( len( embedder ) != 0 ) and type in [ '<unfixed>' , '<removed>' , '<unknown>' , '<itp>' ]:
+                origlist.append( orig )
+                embedlist.append( embedder )
+                typelist.append( type )
+    else:
+        if line.startswith( '---BEGIN' ):
+            found_begin = True
+    line = fembed.readline()
+fembed.close()
+
+handle,fname_temp = tempfile.mkstemp()
+ftemp = open( fname_temp , 'w' )
+
+lines = []
+cvelines = 0
+maxlines = 1000 
+changed = False
+fcve = open( fname_cve , 'r' )
+line = fcve.readline()
+while line:
+
+    if not line.startswith( 'CVE' ):
+        lines.append( line )
+    else:
+        for n in range( 0 , len( lines ) ):
+            ftemp.write( lines[n] )
+            if lines[n].startswith( '\t- ' ):
+                package = lines[n].lstrip( '\t- ' ).split( ' ' )[0]
+
+                # inject TODOs for packages that embed affected versions
+                if package in origlist:
+                    found_entry = False
+                    index = origlist.index( package )
+                    for m in range( 0 , len( lines ) ):
+                        if lines[m].startswith( '\t- ' ):
+                            other_package = lines[m].lstrip( '\t- ' ).split( ' ' )[0]
+                            if ( other_package == embedlist[index] ):
+                                found_entry = True
+                        elif ( lines[m] == todo_note % ( package , embedlist[index] , typelist[index] ) ):
+                            found_entry = True
+                    if not found_entry:
+                        changed = True
+                        ftemp.write( todo_note % ( package , embedlist[index] , typelist[index] ) + '\n' )
+
+                # inject TODOs for original sources that are embeded in affected packages
+#                while package in embedlist:
+#                    index = embedlist.index( package )
+#                    found_entry = False
+#                    for m in range( 0 , len( lines ) ):
+#                        if lines[m].startswith( '\t- ' ):
+#                            other_package = lines[m].lstrip( '\t- ' ).split( ' ' )[0]
+#                            if ( other_package == origlist[index] ):
+#                                found_entry = True
+#                        elif ( lines[m] == todo_note2 % ( origlist[index] , package ) ):
+#                            found_entry = True
+#                    if not found_entry:
+#                        changed = True
+#                        ftemp.write( todo_note2 % ( origlist[index] , package ) + '\n' )
+#                    embedlist[index] = ''
+
+        ftemp.write( line )
+        lines = []
+        nlines = 0
+                          
+    cvelines += 1
+    line = fcve.readline()
+fcve.close()
+ftemp.close()
+
+if changed:
+    mode = os.stat( fname_cve )[0]
+    os.system( 'cp %s %s' % ( fname_temp , fname_cve ) )
+    os.chmod( fname_cve , mode )
+os.system( 'rm %s' % fname_temp )
author	Michael Gilbert <michael.s.gilbert@gmail.com>	2009-08-24 00:59:44 +0000
committer	Michael Gilbert <michael.s.gilbert@gmail.com>	2009-08-24 00:59:44 +0000
commit	34e31c8d2beba5a7e136c2c3c3e40fefc857e48d (patch)
tree	db9529eff0c62a05ac24d60cb23cb21dcb8b44f1 /bin/inject-embedded-code-copies
parent	3ccca99c9be170ebce71b44f654eef5cd924904f (diff)