diff options
| author | Guido Günther <agx@sigxcpu.org> | 2017-12-01 14:19:09 +0000 |
|---|---|---|
| committer | Guido Günther <agx@sigxcpu.org> | 2017-12-01 14:19:09 +0000 |
| commit | c9796c302c8308046f079c5fc693f348c81b5c63 (patch) | |
| tree | 4cc8851407efc7fb3c2b732e39bd44d62f03f747 /bin/report-vuln | |
| parent | 7749e41b87333f7fa68176818890a799f52ee26e (diff) | |
report-vuln: allow to invoke mailer
This allows to invoke the mailer directly like
bin/report-vuln -M <pkg> <cve>...
the default behaviour is unchanged.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58182 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/report-vuln')
| -rwxr-xr-x | bin/report-vuln | 95 |
1 files changed, 54 insertions, 41 deletions
diff --git a/bin/report-vuln b/bin/report-vuln index 5e053f88ea..b7d10e3102 100755 --- a/bin/report-vuln +++ b/bin/report-vuln @@ -1,25 +1,18 @@ #!/usr/bin/env python # -# generate bug report content for a given package name -# and a number of CVE ids +# generate bug report content/mail for a given package name and a +# number of CVE ids # -# you could use it for example in combination with the -# following shell function: +# To invoke the mailer right away: # -# report-vuln(){ -# TMPFILE="$HOME/reportbug.tmp" -# $HOME/debian/svn/secure-testing/bin/report-vuln -m "$@" > $TMPFILE -# mutt -H $TMPFILE -# rm $TMPFILE -# } -# -# in bash, this can be simply: -# -# mutt -H <($HOME/debian/svn/secure-testing/bin/report-vuln -m <pkg> <CVE>) +# $HOME/debian/svn/secure-testing/bin/report-vuln -M <pkg> <CVE> # # export http_proxy if you need to use an http proxy to report bugs +from __future__ import print_function + import argparse +from tempfile import NamedTemporaryFile import sys, re, urllib, os temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX') @@ -118,10 +111,11 @@ def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, c cve_suff = '' time_w = 'was' temp_id_cnt = 0 - header = '' + ret = '' + if mh: - header += '''To: submit@bugs.debian.org + ret += '''To: submit@bugs.debian.org Subject: %s: %s ''' % (pkg, ' '.join(cveid)) @@ -132,56 +126,55 @@ Subject: %s: %s time_w = 'were' if src: - header += '''Source: %s\n''' % (pkg) + ret += 'Source: %s\n' % (pkg) else: - header += '''Package: %s\n''' % (pkg) + ret += 'Package: %s\n' % (pkg) if affected is None: if blanks: - header += "Version: FILLINAFFECTEDVERSION\n" + ret += "Version: FILLINAFFECTEDVERSION\n" else: - header += "Version: %s\n" % affected + ret += "Version: %s\n" % affected if cc and len(cclist) > 0: - header += "X-Debbugs-CC: %s\n" % " ".join(cclist) - header += '''Severity: %s + ret += "X-Debbugs-CC: %s\n" % " ".join(cclist) + ret += '''Severity: %s Tags: security Hi, -the following vulnerabilit%s %s published for %s. +the following vulnerabilit%s %s published for %s.\n ''' % (severity, vuln_suff, time_w, pkg) - footer = '''If you fix the vulnerabilit%s please also make sure to include the -CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry. - -For further information see:''' % (vuln_suff, cve_suff) - - print header for cnt, cve in enumerate(cveid): if not temp_id.match(cve): - print cve + '[' + str(cnt) + ']:' - print get_cve(cve) + ret += cve + '[' + str(cnt) + ']:\n' + ret += get_cve(cve) + '\n' else: - print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt) + ret += 'Issue without CVE id #%d [%d]:\n' % (temp_id_cnt, cnt) desc = description_from_list(cve, pkg, temp_id_cnt) if desc: - print desc + '\n' + ret += desc + '\n\n' else: - print 'No description has been specified\n' + ret += 'No description has been specified\n\n' temp_id_cnt += 1 - print footer - print gen_index(cveid) + ret += '''If you fix the vulnerabilit%s please also make sure to include the +CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry. + +For further information see:\n''' % (vuln_suff, cve_suff) + ret += gen_index(cveid) + '\n' if temp_id_cnt > 0: - print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg) - print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n' + ret += '\nhttps://security-tracker.debian.org/tracker/source-package/%s\n' % (pkg) + ret += '(issues without CVE id are assigned a TEMP one, but it may change over time)\n' if not blanks: - print '''\nPlease adjust the affected versions in the BTS as needed.\n''' + ret += '\nPlease adjust the affected versions in the BTS as needed.\n' + + return ret def error(msg): - print 'error: ' + msg + print('error: ' + msg, file=sys.stderr) sys.exit(1) class NegateAction(argparse.Action): @@ -220,6 +213,10 @@ def main(): help='list of addresses to add in CC (default: %(default)s)') parser.add_argument('--src', action="store_true", help='report against source package') parser.add_argument('-m', '--mail-header', action="store_true", help='generate a mail header') + parser.add_argument('-M', '--mail', action="store_true", help='invoke mailer right aways') + parser.add_argument('--mailer', action='store', default='mutt -H {}', + help='Command executed. Must contain {} to be replaced ' + 'by the filename of the draft bugreport') parser.add_argument('pkg', help='affected package') parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs') args = parser.parse_args() @@ -239,7 +236,23 @@ def main(): if not c.match(arg) and not temp_id.match(arg): error(arg + ' does not seem to be a valid CVE id') - gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src, mh=args.mail_header) + text = gen_text(pkg, cve, + affected=args.affected, + blanks=args.blanks, + severity=args.severity, + cc=args.cc, + cclist=args.cclist, + src=args.src, + mh=args.mail_header or args.mail) + + if args.mail: + with NamedTemporaryFile(prefix='report-vuln', suffix='.txt') as bugmail: + bugmail.write(text) + bugmail.flush() + os.system(args.mailer.format(bugmail.name)) + else: + print(text) + if __name__ == '__main__': main() |