[gentoo-commits] proj/security:master commit in: bin/

["Alex Legler" <a3li@gentoo.org>]

commit:     1e03a6b7d241a9eaa3f9950613b37d8c100602d1
Author:     Alex Legler <alex <AT> a3li <DOT> li>
AuthorDate: Wed Jun  1 17:56:44 2016 +0000
Commit:     Alex Legler <a3li <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 17:56:44 2016 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=1e03a6b7

Add initial CVETool CLI utility

 bin/cvetool | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)

diff --git a/bin/cvetool b/bin/cvetool
new file mode 100755
index 0000000..8e388e0
--- /dev/null
+++ b/bin/cvetool
@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+# Copyright 2016 Alex Legler
+# Distributed under the terms of the GNU General Public License v3
+
+import json
+import re
+import string
+import sys
+import os
+import httplib2
+from base64 import b64encode
+
+URI_BASE = 'https://glsamaker.gentoo.org'
+
+class CVETool:
+    """ Interface to GLSAMaker's CVETool """
+
+    def __init__(self, auth, command, args):
+        self.auth = auth
+
+        if command == 'info':
+            self.info(self.cleanup_cve(sys.argv[2]))
+        elif command == 'assign':
+            if len(args) < 2:
+                print('Usage: assign <bug> <CVE> [<CVE>...]')
+                print('Assigns a set of CVEs to a bug')
+                sys.exit(1)
+
+            self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command == 'nfu':
+            if len(args) != 1:
+                print('Usage: nfu <CVE>')
+                print('Marks a CVE as not-for-us')
+                sys.exit(1)
+
+            self.nfu(self.cleanup_cve(args[0]))
+        elif command == 'pw':
+            if len(sys.argv) != 4:
+                print('Usage: pw <user> <password>')
+                print('Generates a base64-encoded credential for storing')
+                sys.exit(1)
+
+            self.pw(sys.argv[2], sys.argv[3])
+        else:
+            self.usage(sys.argv[0])
+            sys.exit(1)
+
+    def info(self, cve):
+        data = self.json_request('/cve/info/' + cve + '.json')
+
+        print('    CVE ID: ' + data['cve_id'])
+        print('   Summary: ' + data['summary'])
+        print(' Published: ' + data['published_at'])
+        print('-' * 80)
+        print('     State: ' + data['state'])
+        print('      Bugs: ' + ' , '.join(['https://bugs.gentoo.org/' + str(bug) for bug in data['bugs']]))
+
+    def assign(self, bug, cves):
+        cve_ids = [self.get_internal_cve_id(cve) for cve in cves]
+        response = self.request('/cve/assign/?bug=' + str(bug) + '&cves=' + ','.join([str(c) for c in cve_ids]))
+
+        if (response == 'ok'):
+            print('Assigned bug {} to {}'.format(str(bug), ', '.join(cves)))
+        else:
+            print('Assigning likely failed: ' + response)
+            sys.exit(1)
+
+    def nfu(self, cve):
+        cve_id = self.get_internal_cve_id(cve)
+        response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=')
+
+        if (response == 'ok'):
+            print('Marked {} as NFU'.format(cve))
+        else:
+            print('Assigning likely failed: ' + response)
+            sys.exit(1)
+
+
+    def usage(self, programname):
+        """ Print usage information """
+        print('Usage: {} <command> <cve> [args]'.format(programname))
+        print('CLI for CVETool.')
+
+    def pw(self, user, password):
+        print(b64encode(bytes(user + ':' + password, 'utf-8')).decode('ascii'))
+
+    def get_internal_cve_id(self, cve):
+        """ Resolves a CVE id to the internal databse ID """
+        return self.json_request('/cve/info/' + cve + '.json')['id']
+
+    def json_request(self, uri, method='GET'):
+        return json.loads(self.request(uri, method))
+
+    def cleanup_cve(self, str):
+        regex = re.compile('^(CVE-)?\d{4}-\d{4,}$')
+        if not regex.match(str):
+            raise ValueError('Cannot parse CVE: ' + str)
+
+        if not str.startswith('CVE-'):
+            return 'CVE-' + str
+        else:
+            return str
+
+    def request(self, uri, method='GET'):
+        client = httplib2.Http('.cache')
+        full_uri = URI_BASE + uri
+        response, content = client.request(full_uri, method, headers = { 'Authorization': 'Basic ' + self.auth })
+
+        status = response['status']
+        if (status[0] != '2' and status != '304'):
+            raise RuntimeError(full_uri + ': ' + status)
+
+        return content.decode('utf-8')
+
+def main():
+    if not 'CVETOOL_AUTH' in os.environ and not sys.argv[1] == 'pw':
+        print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.')
+        sys.exit(1)
+
+    auth = None
+    if 'CVETOOL_AUTH' in os.environ:
+        auth = os.environ['CVETOOL_AUTH']
+
+    CVETool(auth, sys.argv[1], sys.argv[2:])
+
+if __name__ == "__main__":
+    try:
+        main()
+    except KeyboardInterrupt:
+        print('\n ! Exiting.')