Bump to alpha release ;)

author: Bjoern Tropf <asymmail@googlemail.com> 2009-07-27 18:08:31 +0200
committer: Bjoern Tropf <asymmail@googlemail.com> 2009-07-27 18:08:31 +0200
commit: 5e31799df95da8c77b455a31fbf4a32dcb466bca (patch)
tree: 2fa9f5ebfb4f725850d8a818a4b4cde178733ea8
parent: Fix bug (diff)
download: kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.tar.gz
kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.tar.bz2
kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.zip
3 files changed, 41 insertions, 22 deletions
diff --git a/kernel-check.py b/kernel-check.py
index 3c1d944..5b3a8f8 100755
--- a/kernel-check.py
+++ b/kernel-check.py
@@ -71,8 +71,8 @@ def main(argv):
 
     if schedule is not None:
         info('%s files read' % color('GOOD', str(schedule.read)))
-        info('%s match this system' % color('GOOD', str(schedule.match)))
-        info('%s have been fixed' % color('GOOD', str(schedule.fixed)))
+        info('%s apply to this system' % color('GOOD', str(schedule.match)))
+        info('%s are already fixed' % color('GOOD', str(schedule.fixed)))
 
         if len(schedule.canfix):
             error('%s can be fixed by upgrading' %
@@ -99,13 +99,18 @@ def main(argv):
                       cve.severity, cve.desc[:term[1]-14])
         print ''
         info('To print more information about a vulnerability try:')
+        info('')
         info('   $ %s -i [bugid]' % sys.argv[0])
         info('')
-        info('It is recommended to upgrade your kernel to [%s]' %
-             color('GOOD', best))
+        info('It is recommended to upgrade your kernel to %s' %
+             color('GOOD', best.version + '-' + best.revision))
     else:
         info('')
-        info('Your kernel is up to date!')
+        if kernel == best:
+            info('Your kernel is up to date!')
+        else:
+            info('Upgrading your kernel to %s does improve your security' %
+                 color('GOOD', best.version + '-' + best.revision))
 
 
 def usage():
diff --git a/kernellib.py b/kernellib.py
index f321bd4..0d3b235 100755
--- a/kernellib.py
+++ b/kernellib.py
@@ -63,7 +63,7 @@ GENTOO_KERNEL = [
     'openvz', 'vserver', 'hardened', 'sh', 'xbox', 'sparc', 'xen'
 ]
 
-VERSION = '0.5.3'
+VERSION = '0.5.4'
 NOCVE = 'GENERIC-MAP-NOMATCH'
 CVES = dict()
 VERBOSE = False
@@ -334,9 +334,11 @@ def interval_from_xml(root):
 #TODO add genpatches
 #TODO short function
 #TODO Use exceptions
-def is_in_interval(interval, version):
+def is_in_interval(interval, kernel):
     'Returns True if the given version is inside our specified interval'
 
+    version = kernel.version #TODO Use revision, source
+
     #TODO: raise exception
     if version == None:
         return False
@@ -613,6 +615,7 @@ def extract_cves(string):
     return cves
 
 
+#TODO check function
 def parse_cve_files(directory, kernel, best, arch):
     'Reads all bug files and returns a schedule with vulnerabilty information'
 
@@ -628,6 +631,9 @@ def parse_cve_files(directory, kernel, best, arch):
     schedule.canfix = [] #TODO
 
     for item in files:
+        bestaffected = False
+        kernelaffected = False
+
         if item.arch not in ARCHES:
             debug('[Error] Wrong architecture %s in bugid: %s' %
                    (item.arch, item.bugid))
@@ -635,16 +641,21 @@ def parse_cve_files(directory, kernel, best, arch):
         if item.arch == arch or item.arch == 'all':
             schedule.match += 1
             for interval in item.affected:
-                if is_in_interval(interval, kernel.version): #TODO check!
-                    #print '\n[%s] Interval Error' % item.bugid
-                    #print '%s' % interval
-                    #TODO throw exception
-                    schedule.canfix.append(item) #FIXME
-
-    #schedule.canfix.append(item)
-
-    #arch, affected, cves
-    #schedule = read, match, fixed, canfix, notfix
+                if is_in_interval(interval, kernel):
+                   kernelaffected = True
+                if is_in_interval(interval, best):
+                   bestaffected = True
+
+            if kernelaffected:
+                if bestaffected:
+                    schedule.notfix.append(item)
+                else:
+                    schedule.canfix.append(item)
+            else:
+                if bestaffected:
+                    pass #TODO error?
+                else:
+                    schedule.fixed += 1
 
     return schedule
 
@@ -838,14 +849,17 @@ def extract_version(release):
     return kernel
 
 
+#TODO Rework
 def best_version(source):
-
     kernel = 'sys-kernel/' + source
 
     porttree = portage.db[portage.root]['porttree']
-    best = porttree.dep_bestmatch(kernel)
+    bestmatch = porttree.dep_bestmatch(kernel)
+    bestmatch = bestmatch[11:].replace('-sources','')
+    split = bestmatch.split('-')
+    best = extract_version(split[1] + '-' + split[0] +  '-' + split[2])
 
-    return best[11:]
+    return best
 
 
 def receive_file(directory, path, xml_file,
diff --git a/testsuite.py b/testsuite.py
index 89ccff1..713eaae 100644..100755
--- a/testsuite.py
+++ b/testsuite.py
@@ -45,11 +45,11 @@ LINUX26_RELEASES = [
 vul, line, value = [], [], []
 
 for item in LINUX26_RELEASES:
-    kernel = lib.Kernel('linux')
+    kernel = lib.Kernel('gentoo-sources')
     kernel.revision = ''
     kernel.version = '2.6.' + item
     best = lib.best_version(kernel.source)
-    schedule = lib.parse_cve_files('out', kernel, best, 'all')
+    schedule = lib.parse_cve_files('out', kernel, best, 'all') #FIXME
     vul.append(len(schedule.canfix))
     if '.' not in item:
         line.append(len(schedule.canfix))
author	Bjoern Tropf <asymmail@googlemail.com>	2009-07-27 18:08:31 +0200
committer	Bjoern Tropf <asymmail@googlemail.com>	2009-07-27 18:08:31 +0200
commit	5e31799df95da8c77b455a31fbf4a32dcb466bca (patch)
tree	2fa9f5ebfb4f725850d8a818a4b4cde178733ea8
parent	Fix bug (diff)
download	kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.tar.gz kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.tar.bz2 kernel-check-5e31799df95da8c77b455a31fbf4a32dcb466bca.zip