From 34e31c8d2beba5a7e136c2c3c3e40fefc857e48d Mon Sep 17 00:00:00 2001 From: Michael Gilbert Date: Mon, 24 Aug 2009 00:59:44 +0000 Subject: introduction of inject-embedded-code-copies git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12668 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- bin/inject-embedded-code-copies | 112 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100755 bin/inject-embedded-code-copies (limited to 'bin/inject-embedded-code-copies') diff --git a/bin/inject-embedded-code-copies b/bin/inject-embedded-code-copies new file mode 100755 index 0000000000..b3cfecb050 --- /dev/null +++ b/bin/inject-embedded-code-copies @@ -0,0 +1,112 @@ +#!/usr/bin/python + +import os +import sys +import tempfile + +if ( len( sys.argv ) != 3 ): + sys.stderr.write( 'usage: %s \n' % sys.argv[0] ) + sys.exit( 1 ) + +todo_note = '\tTODO: check embedded %s code copy [- %s %s]' +todo_note2 = '\tTODO: check original source code [- %s ]; embedded by %s' +fname_embed = sys.argv[1] +fname_cve = sys.argv[2] + +if not os.path.exists( fname_embed ): + sys.stderr.write( 'error: embedded code copies file \'%s\' does not exist.\n' % fname_embed ) + sys.exit( 1 ) + +if not os.path.exists( fname_cve ): + sys.stderr.write( 'error: cve list file \'%s\' does not exist.\n' % fname_cve ) + sys.exit( 1 ) + +origlist = [] +embedlist = [] +typelist = [] +nembeds = 0 +found_begin = False +fembed = open( fname_embed , 'r' ) +line = fembed.readline() +while line: + if found_begin: + if not ( line.startswith( '\t' ) or line.startswith( ' ' ) or line.startswith( '\n' ) ): + orig = line.split( ' ' )[0].strip( ':\n' ) + elif line.lstrip( ' \t' ).startswith( '-' ): + split = line.split( ' ' ) + embedder = split[1].strip( ':' ) + type = split[2].strip( '\n' ) + if ( len( embedder ) != 0 ) and type in [ '' , '' , '' , '' ]: + origlist.append( orig ) + embedlist.append( embedder ) + typelist.append( type ) + else: + if line.startswith( '---BEGIN' ): + found_begin = True + line = fembed.readline() +fembed.close() + +handle,fname_temp = tempfile.mkstemp() +ftemp = open( fname_temp , 'w' ) + +lines = [] +cvelines = 0 +maxlines = 1000 +changed = False +fcve = open( fname_cve , 'r' ) +line = fcve.readline() +while line: + + if not line.startswith( 'CVE' ): + lines.append( line ) + else: + for n in range( 0 , len( lines ) ): + ftemp.write( lines[n] ) + if lines[n].startswith( '\t- ' ): + package = lines[n].lstrip( '\t- ' ).split( ' ' )[0] + + # inject TODOs for packages that embed affected versions + if package in origlist: + found_entry = False + index = origlist.index( package ) + for m in range( 0 , len( lines ) ): + if lines[m].startswith( '\t- ' ): + other_package = lines[m].lstrip( '\t- ' ).split( ' ' )[0] + if ( other_package == embedlist[index] ): + found_entry = True + elif ( lines[m] == todo_note % ( package , embedlist[index] , typelist[index] ) ): + found_entry = True + if not found_entry: + changed = True + ftemp.write( todo_note % ( package , embedlist[index] , typelist[index] ) + '\n' ) + + # inject TODOs for original sources that are embeded in affected packages +# while package in embedlist: +# index = embedlist.index( package ) +# found_entry = False +# for m in range( 0 , len( lines ) ): +# if lines[m].startswith( '\t- ' ): +# other_package = lines[m].lstrip( '\t- ' ).split( ' ' )[0] +# if ( other_package == origlist[index] ): +# found_entry = True +# elif ( lines[m] == todo_note2 % ( origlist[index] , package ) ): +# found_entry = True +# if not found_entry: +# changed = True +# ftemp.write( todo_note2 % ( origlist[index] , package ) + '\n' ) +# embedlist[index] = '' + + ftemp.write( line ) + lines = [] + nlines = 0 + + cvelines += 1 + line = fcve.readline() +fcve.close() +ftemp.close() + +if changed: + mode = os.stat( fname_cve )[0] + os.system( 'cp %s %s' % ( fname_temp , fname_cve ) ) + os.chmod( fname_cve , mode ) +os.system( 'rm %s' % fname_temp ) -- cgit v1.2.3