Output design idea

6 files changed, 138 insertions, 29 deletions

diff --git a/src/kernelcheck/__init__.py b/pym/kernelcheck/__init__.py
index e69de29..e69de29 100644
--- a/src/kernelcheck/__init__.py
+++ b/pym/kernelcheck/__init__.py
diff --git a/src/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index 1587b98..0369bfb 100755
--- a/src/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -3,6 +3,10 @@
 # Copyright 2009-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
+from portage.output import bold, colorize, darkgreen, green, teal #TODO
+from _emerge.stdout_spinner import stdout_spinner
+from _emerge.userquery import userquery
+
 import getopt
 import portage
 import sys
@@ -15,6 +19,7 @@ info = portage.output.EOutput().einfo
 warn = portage.output.EOutput().ewarn
 error = portage.output.EOutput().eerror
 color = portage.output.colorize
+spin = stdout_spinner()
 term = portage.output.get_term_size()
 
 def main(argv):
@@ -44,39 +49,75 @@ def main(argv):
         elif opt in ('-v', '--verbose'):
             lib.VERBOSE = True
 
-    print '>>> Gathering system information'
+    """
+    These are the packages that would be merged, in order:
+
+    Calculating dependencies... done!
+
+    Total: 0 packages, Size of downloads: 0 kB
+
+    Nothing to merge; would you like to auto-clean packages? [Yes/No] n
+    """
+    print ''
+    print darkgreen('These are the specifications of your kernel:')
+    print ''
 
     uname = os.uname()
     if uname[0] != 'Linux':
         error('This tool currently only works for Linux kernels.')
         error('Apparantly you are using "%s".' % uname[0])
-        sys.exit()
+        return
 
+    info(bold('Information:'))
+    
     kernel = lib.extract_version(uname[2])
     if kernel is None:
         error('No kernel information found!')
         return
-
-    info('Kernel version : %s' % (color('GOOD', '%s-%s' %
-          (kernel.version, kernel.revision))))
-    info('Kernel source  : %s' % color('GOOD', kernel.source))
+    kernel.version = '2.6.30'
+    
+    print '      %s : %s' % (darkgreen('kernel source '), kernel.source)
+    print '      %s : %s - %s' % (darkgreen('kernel version'), kernel.version,
+                                  kernel.revision)
 
     kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel)
 
-    if kernel.genpatch is not None:
-        info('Gen(too)patch  : %s' % color('GOOD', '%s %s' %
-             (kernel.genpatch.version, repr(kernel.genpatch))))
+    if kernel.genpatch is not None:# TODO
+    
+        print '      %s : %s' % (darkgreen('kernel patches'), 
+                                 '%s %s (%s)' % ('genpatch',
+                                 kernel.genpatch.version,
+                                 repr(kernel.genpatch)))
     elif kernel.source == 'gentoo':
-        warn('No genpatch information found!')
+        warn('No genpatch information found!') 
 
     arch = portage.settings['ARCH']
     if arch:
-        info('Architecture   : %s' % color('GOOD', arch))
+        print '      %s : %s' % (darkgreen('architecture  '), arch)
     else:
         error('No architecture found!')
         return
-
-    print '\n>>> Reading all kernel vulnerabilities'
+    
+    minaddr = str()
+    try:
+        minaddr = open('/proc/sys/vm/mmap_min_addr').read().strip()
+    except:
+        minaddr = '?'
+        
+    modules = str()
+    try:
+        for line in open('/proc/modules').readlines():
+            modules += '%s ' % line.split(' ')[0]
+    except:
+        modules = '?'
+    
+    print ''
+    info(bold('Configuration:'))
+    print '      %s : %s' % (darkgreen('mmap_min_addr '), minaddr) 
+    print '      %s : %s' % (darkgreen('loaded modules'), modules)
+    
+    print '\nDetermining vulnerabilities... done!' #TODO #spin
+    print ''
 
     """
     supported = list()
@@ -90,11 +131,70 @@ def main(argv):
                 supported.append(i)
     """
 
-    kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch)
+    kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
     if not kernel_eval:
         error('No kernel vulnerability files found!')
         return
 
+    print_summary(kernel_eval.affected)
+
+
+    #TODO move to kernellib
+    low = int()
+    medium = int()
+    high = int()
+    cvss_score = float()
+    cve_amount = int()
+
+    for item in kernel_eval.affected:
+        for cve in item.cves:
+            if cve.severity == 'Low':
+                low += 1
+            if cve.severity == 'Medium':
+                medium += 1
+            if cve.severity == 'High':
+                high += 1
+        if len(kernel_eval.affected) is not 0:
+            for cve in item.cves:
+                cve_amount += 1
+                cvss_score += float(cve.score)
+
+    cvss_score = cvss_score / cve_amount
+
+    severity_eval = str()
+
+    if high is not 0:
+        severity_eval += '%s high' % high
+    if medium is not 0:
+        if high is not 0:
+            severity_eval += ', '
+        severity_eval += '%s medium' % medium
+    if low is not 0:
+        if high is not 0 or medium is not 0:
+            severity_eval += ', '
+        severity_eval += '%s low' % low
+
+    print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f'   \
+          % (len(kernel_eval.affected), severity_eval, cvss_score)
+
+    print ''
+
+    prompt = "Would you like to upgrade your kernel?"
+    if userquery(prompt, None) == 'No':
+        print''
+        print'Quitting.'
+        print ''
+        return
+
+    else:
+        print 'Not implemented yet ;)'
+
+    #print bold('Would you like to upgrade to the latest version? [%s/%s]' % (
+          #color('GOOD', 'Yes'), color('BAD','No'))) #TODO read
+
+    print ''
+
+    """
     info('%s vulnerabilities read.' %
          color('GOOD', str(kernel_eval.read)))
     info('%s apply to this architecture.' %
@@ -106,11 +206,10 @@ def main(argv):
         info('Your kernel is not affected by any known vulnerabilites!')
         return
 
+
     error('%s affect this kernel: ' %
         color('BAD', str(len(kernel_eval.affected))))
-    print_summary(kernel_eval.affected)
 
-    """
     info('You have the following choices: ')
     print ''
 
@@ -150,11 +249,13 @@ def main(argv):
                       color('BAD', str(len(kernel_eval.affected))),
                       color('BAD', str(len(comparison.new)))))
                 print ''
-    """
+
 
     print_information()
     print_beta()
 
+    """
+
 
 def print_summary(vullist):
     'Prints the vulnerability summary'
@@ -166,20 +267,23 @@ def print_summary(vullist):
             whiteboard += '[' + str(interval) + '] '
 
         if item.cves:
-            print ''
-            
+
             for cve in item.cves:
                 severity = 'BAD'
                 if cve.severity == 'Low':
                    severity = 'GOOD'
                 elif cve.severity == 'Medium':
                     severity = 'WARN'
+                
+                first_text = textwrap.wrap(cve.desc, term[1] - 44)[0]
+                print '[%s %26s] %s CVSS="%s" %s' % (darkgreen('bugid'),
+                      color('GOOD', item.bugid),
+                      darkgreen(cve.cve),
+                      color(severity, cve.score),
+                      teal('%s...' % first_text)
+                      )
 
-                print '\nBugid %s  %-32s  %s  %s\n"%s..."' % (item.bugid,
-                      color(severity, cve.severity + ' (' + cve.score + ')'),
-                      cve.cve, whiteboard, cve.desc[:term[1]-6])
-
-    print '\n'
+    print ''
 
 
 def print_bug(bugid):
diff --git a/src/kernelcheck/lib/__init__.py b/pym/kernelcheck/lib/__init__.py
index e69de29..e69de29 100644
--- a/src/kernelcheck/lib/__init__.py
+++ b/pym/kernelcheck/lib/__init__.py
diff --git a/src/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py
index 79e26f3..5ce03ed 100644
--- a/src/kernelcheck/lib/kernellib.py
+++ b/pym/kernelcheck/lib/kernellib.py
@@ -410,7 +410,7 @@ def find_cve(cve, directory):
     return None
 
 
-def eval_cve_files(directory, kernel, arch):
+def eval_cve_files(directory, kernel, arch, spin=None):
     'Returns a vulnerabilty evaluation'
 
     files = parse_cve_files(directory)
@@ -421,6 +421,8 @@ def eval_cve_files(directory, kernel, arch):
     evaluation = Evaluation()
 
     for item in files:
+        if spin: #TODO migh be useful in future release (e.g. framework)
+            spin.update()
         evaluation.read += 1
 
         if item.arch not in ARCHES:
diff --git a/setup.py b/setup.py
index 4a62ae6..58ff73a 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
     author='Bjoern Tropf',
     author_email='asym@gentoo.org',
     url='http://dev.gentoo.org/~asym/guide.xml',
-    package_dir={'': 'src'},
+    package_dir={'': 'pym'},
     packages=['kernelcheck', 'kernelcheck.lib'],
     scripts=['bin/kernel-check']
 )
diff --git a/tools/cron.py b/tools/cron.py
index 4e37327..062da17 100755
--- a/tools/cron.py
+++ b/tools/cron.py
@@ -39,7 +39,10 @@ CONST = {
 
 PENDING = {
     'published' : '0000-00-00',
-    'desc'      : 'Pending', #TODO
+    'desc'      : 'This PENDING identifier specifies all vulnerabilities '    \
+                  'which are not approved yet. PENDING is used by products, ' \
+                  'databases, and services to specify when a particular '     \
+                  'vulnerability element has been proposed as CVE entry.',
     'severity'  : 'Low',
     'vector'    : '()',
     'score'     : '0.0',
@@ -62,8 +65,8 @@ NOMATCH = {
 
 PARAM = {
     'delay'   : 0.2,
-    'skip'    : False,
-    'logfile' : os.path.join(CONST['filepath'], 'cron.log'),
+    'skip'    : True,
+    'logfile' : False, #os.path.join(CONST['filepath'], 'cron.log'),
     'tmpdir'  : os.path.join(CONST['filepath'], 'tmp'),
     'bugdir'  : os.path.join(CONST['filepath'], 'tmp', 'bug'),
     'nvddir'  : os.path.join(CONST['filepath'], 'tmp', 'nvd'),