From d82f74ed115828ddf8479d409f6f9e0b132bc375 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 31 Mar 2017 19:23:09 +0000 Subject: =?UTF-8?q?Import=20improvements=20to=20report-vuln=20done=20by=20?= =?UTF-8?q?Antoine=20Beaupr=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@50230 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- bin/report-vuln | 76 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 25 deletions(-) (limited to 'bin/report-vuln') diff --git a/bin/report-vuln b/bin/report-vuln index 030de28005..41c76f5274 100755 --- a/bin/report-vuln +++ b/bin/report-vuln @@ -19,6 +19,7 @@ # # export http_proxy if you need to use an http proxy to report bugs +import argparse import sys, re, urllib, os temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX') @@ -112,7 +113,7 @@ def get_cve(id): return ret + '\n' -def gen_text(pkg, cveid, include_version = False, severity = 'FILLINSEVERITY'): +def gen_text(pkg, cveid, blanks = False, severity = 'FILLINSEVERITY', affected=None, cc=False, cclist=None): vuln_suff = 'y' cve_suff = '' time_w = 'was' @@ -124,8 +125,13 @@ def gen_text(pkg, cveid, include_version = False, severity = 'FILLINSEVERITY'): time_w = 'were' header = '''Package: %s\n''' % (pkg) - if include_version: - header += 'Version: FILLINAFFECTEDVERSION\n' + if affected is None: + if blanks: + header += "Version: FILLINAFFECTEDVERSION\n" + else: + header += "Version: %s\n" % affected + if cc and len(cclist) > 0: + header += "X-Debbugs-CC: %s\n" % " ".join(cclist) header += '''Severity: %s Tags: security @@ -160,31 +166,54 @@ For further information see:''' % (vuln_suff, cve_suff) print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg) print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n' - if not include_version: - print '''Please adjust the affected versions in the BTS as needed.\n''' + if not blanks: + print '''\nPlease adjust the affected versions in the BTS as needed.\n''' def error(msg): print 'error: ' + msg sys.exit(1) -def usage(): - print sys.argv[0], '[--no-blanks] ' - sys.exit(0) +class NegateAction(argparse.Action): + '''add a toggle flag to argparse + + this is similar to 'store_true' or 'store_false', but allows + arguments prefixed with --no to disable the default. the default + is set depending on the first argument - if it starts with the + negative form (define by default as '--no'), the default is False, + otherwise True. + ''' + + negative = '--no' + + def __init__(self, option_strings, *args, **kwargs): + '''set default depending on the first argument''' + default = not option_strings[0].startswith(self.negative) + super(NegateAction, self).__init__(option_strings, *args, + default=default, nargs=0, **kwargs) + + def __call__(self, parser, ns, values, option): + '''set the truth value depending on whether + it starts with the negative form''' + setattr(ns, self.dest, not option.startswith(self.negative)) + def main(): - if len(sys.argv) < 3: - usage() - - blanks = True - if sys.argv[1] == '--no-blanks': - if len(sys.argv) < 4: - usage() - blanks = False - pkg = sys.argv[2] - cve = sys.argv[3:] - else: - pkg = sys.argv[1] - cve = sys.argv[2:] + parser = argparse.ArgumentParser() + parser.add_argument('--no-blanks', '--blanks', dest='blanks', action=NegateAction, + help='include blank fields to be filled (default: %(default)s)') + parser.add_argument('--affected', help='affected version (default: unspecified)') + parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)') + parser.add_argument('--no-cc', '--cc', dest='cc', action=NegateAction, + help='add X-Debbugs-CC header to') + parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'], + help='list of addres to add in CC (default: %(default)s)') + parser.add_argument('pkg', help='affected package') + parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs') + args = parser.parse_args() + + blanks = args.blanks + pkg = args.pkg + cve = args.cve # check for valid parameters p = re.compile('^[0-9a-z].*') @@ -197,10 +226,7 @@ def main(): if not c.match(arg) and not temp_id.match(arg): error(arg + ' does not seem to be a valid CVE id') - if blanks: - gen_text(pkg, cve) - else: - gen_text(pkg, cve, False, 'grave') + gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist) if __name__ == '__main__': main() -- cgit v1.2.3