r638@deneb: fw | 2005-10-14 15:43:12 +0200

bin/tracker_service.py (TrackerService.page_home): Document external interfaces. (TrackerService.page_bug): Add NVD references. (TrackerService.page_status_release_stable, TrackerService.page_status_release_testing): Show NVD remote attack range if present. (TrackerService.url_nvd, TrackerService.make_nvd_ref): New. lib/python/security_db.py (NVDEntry): New class. (DB.initSchema): New nvd_data table. Update stable_status and testing_status views. (DB.replaceNVD, DB.getNVD): New methods. bin/update-nvd, lib/python/nvd.py: New files. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2488 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Florian Weimer <fw@deneb.enyo.de> 2005-10-20 09:03:39 +0000
committer: Florian Weimer <fw@deneb.enyo.de> 2005-10-20 09:03:39 +0000
commit: 67791f35ce137d0c15c3aa2597470b87f0e8890a (patch)
tree: 9952eaffe894285aa7169e848cf899146de20e08 /bin
parent: 29eeee3b4d2f189aa6349287671532d7193685d3 (diff)
2 files changed, 93 insertions, 10 deletions
diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 63dda7822c..5eac566d42 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -105,6 +105,8 @@ should be fine."""),
             ('data/releases',
              'Covered Debian releases and architectures (slow)'),
             self.make_search_button(url)),
+             P("""(You can enter CAN/CVE names, Debian bug numbers and package
+names in the search forms.)"""),
 
              H2("A few notes on data sources"),
              P("""Data in this tracker comes solely from the bug database
@@ -115,7 +117,15 @@ must be added to this database before it appears here, and there
 can be some delay before this happens."""),
              P("""At the moment, the database only contains information which is
 relevant for tracking the security status of the stable, testing and
-unstable suites.  This means that data for oldstable is likely wrong.""")],
+unstable suites.  This means that data for oldstable is likely wrong."""),
+
+             H2("External interfaces"),
+             P("""If you want to automatically open a relevant web page for
+some object, use the """,
+               CODE(str(url.scriptRelative("redirect/")), EM("object")),
+               """ URL.  If no information is contained in this database,
+the browser is automatically redirected to the corresponding external
+data source.""")],
             search_in_page=True)
 
     def page_object(self, path, params, url):
@@ -178,7 +188,11 @@ unstable suites.  This means that data for oldstable is likely wrong.""")],
 
             source = bug.name.split('-')[0]
             if source in ('CAN', 'CVE'):
-                source_xref = self.make_cve_ref(url, bug.name, 'CVE')
+                source_xref = compose(self.make_cve_ref(url, bug.name, 'CVE'),
+                                      " (",
+                                      self.make_nvd_ref(url, bug.name,
+                                                        'in NVD'),
+                                      ")")
             elif source == 'DSA':
                 source_xref = self.make_dsa_ref(url, bug.name, 'Debian')
             elif source == 'DTSA':
@@ -198,6 +212,14 @@ unstable suites.  This means that data for oldstable is likely wrong.""")],
             xref = list(self.db.getBugXrefs(cursor, bug.name))
             if xref:
                 yield B("References"), self.make_xref_list(url, xref)
+
+            nvd = self.db.getNVD(cursor, bug.name)
+            if nvd:
+                if nvd.severity:
+                    yield B("NVD severity"), nvd.severity.lower()
+                nvd_range = nvd.rangeString()
+                if nvd_range:
+                    yield B("NVD attack range"), nvd_range
             
             debian_bugs = bug.getDebianBugs(cursor)
             if debian_bugs:
@@ -435,9 +457,10 @@ this package, but still reference it.""")])
     def page_status_release_stable(self, path, params, url):
         def gen():
             old_pkg_name = ''
-            for (pkg_name, bug_name, archive, urgency) in \
+            for (pkg_name, bug_name, archive, urgency, remote) in \
                     self.db.cursor().execute(
-                """SELECT package, bug, section, urgency FROM stable_status"""):
+                """SELECT package, bug, section, urgency, remote
+                FROM stable_status"""):
                 if pkg_name == old_pkg_name:
                     pkg_name = ''
                 else:
@@ -445,24 +468,32 @@ this package, but still reference it.""")])
                     if archive <> 'main':
                         pkg_name = "%s (%s)" % (pkg_name, archive)
 
+                if remote is None:
+                    remote = ''
+                elif remote:
+                    remote = 'yes'
+                else:
+                    remote = 'no'
+
                 if urgency == 'unknown':
                     urgency = ''
                 elif urgency == 'high':
                     urgency = self.make_red(urgency)
 
-                yield pkg_name, self.make_xref(url, bug_name), urgency
+                yield pkg_name, self.make_xref(url, bug_name), urgency, remote
 
         return self.create_page(
             url, 'Vulnerable source packages in the stable suite',
-            [make_table(gen(), caption=("Package", "Bug", "Urgency"))])
+            [make_table(gen(), caption=("Package", "Bug", "Urgency",
+                                        "Remote"))])
             
     def page_status_release_testing(self, path, params, url):
         def gen():
             old_pkg_name = ''
             for (pkg_name, bug_name, archive, urgency,
-                 sid_vulnerable, ts_fixed) in self.db.cursor().execute(
+                 sid_vulnerable, ts_fixed, remote) in self.db.cursor().execute(
                 """SELECT package, bug, section, urgency, unstable_vulnerable,
-                testing_security_fixed
+                testing_security_fixed, remote
                 FROM testing_status"""):
                 if pkg_name == old_pkg_name:
                     pkg_name = ''
@@ -471,6 +502,13 @@ this package, but still reference it.""")])
                     if archive <> 'main':
                         pkg_name = "%s (%s)" % (pkg_name, archive)
 
+                if remote is None:
+                    remote = ''
+                elif remote:
+                    remote = 'yes'
+                else:
+                    remote = 'no'
+
                 if ts_fixed:
                     status = 'fixed in testing-security'
                 else:
@@ -483,13 +521,14 @@ this package, but still reference it.""")])
                     urgency = ''
 
                 yield (pkg_name, self.make_xref(url, bug_name),
-                       urgency, status)
+                       urgency, remote, status)
 
         return self.create_page(
             url, 'Vulnerable source packages in the testing suite',
             [make_menu(url.scriptRelative,
                        ("status/dtsa-candidates", "Candidates for DTSAs")),
-             make_table(gen(), caption=("Package", "Bug"))])
+             make_table(gen(), caption=("Package", "Bug", "Urgency",
+                                        "Remote"))])
 
     def page_status_release_unstable(self, path, params, url):
         def gen():
@@ -737,6 +776,10 @@ but it makes version-based bug tracking quite difficult for these packages."""),
     def url_cve(self, url, name):
         return url.absolute("http://cve.mitre.org/cgi-bin/cvename.cgi",
                             name=name)
+    def url_nvd(self, url, name):
+        return url.absolute("http://nvd.nist.gov/nvd.cfm",
+                            cvename=name)
+    
     def url_dsa(self, url, dsa, re_dsa=re.compile(r'^DSA-(\d+)(?:-\d+)?$')):
         match = re_dsa.match(dsa)
         if match:
@@ -788,6 +831,11 @@ but it makes version-based bug tracking quite difficult for these packages."""),
             name = cve
         return A(self.url_cve(url, cve), name)
     
+    def make_nvd_ref(self, url, cve, name=None):
+        if name is None:
+            name = cve
+        return A(self.url_nvd(url, cve), name)
+
     def make_dsa_ref(self, url, dsa, name=None):
         if name is None:
             name = dsa
diff --git a/bin/update-nvd b/bin/update-nvd
new file mode 100644
index 0000000000..4910845ef9
--- /dev/null
+++ b/bin/update-nvd
@@ -0,0 +1,35 @@
+#!/usr/bin/python
+
+import os
+import os.path
+import string
+import sys
+
+def setup_paths():
+    check_file = 'lib/python/debian_support.py'
+    path = os.getcwd()
+    while 1:
+        if os.path.exists("%s/%s" % (path, check_file)):
+            sys.path = [path + '/lib/python'] + sys.path
+            return path
+        idx = string.rfind(path, '/')
+        if idx == -1:
+            raise ImportError, "could not setup paths"
+        path = path[0:idx]
+os.chdir(setup_paths())
+
+import nvd
+import security_db
+
+db_file = 'data/security.db'
+db = security_db.DB(db_file)
+
+data = []
+for name in sys.argv[1:]:
+    f = file(name)
+    data += nvd.parse(f)
+    f.close()
+
+cursor = db.writeTxn()
+db.replaceNVD(cursor, data)
+db.commit(cursor)
author	Florian Weimer <fw@deneb.enyo.de>	2005-10-20 09:03:39 +0000
committer	Florian Weimer <fw@deneb.enyo.de>	2005-10-20 09:03:39 +0000
commit	67791f35ce137d0c15c3aa2597470b87f0e8890a (patch)
tree	9952eaffe894285aa7169e848cf899146de20e08 /bin
parent	29eeee3b4d2f189aa6349287671532d7193685d3 (diff)