[gentoo-commits] proj/security:master commit in: bin/

[gentoo-commits] proj/security:master commit in: bin/

[Pavlos Ratis]

commit:     69cf81942d152c5ce4a81f3ab3dce7ad6da82e95
Author:     Alex Legler <a3li <AT> gentoo <DOT> org>
AuthorDate: Tue May 17 17:11:19 2011 +0000
Commit:     Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Tue May 17 17:11:19 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=69cf8194

New target tool

svn path=/; revision=2227

---
 bin/liaisons.py            |  3 +++
 bin/liaisons.rb            | 12 ++++++++++++
 bin/{target => target-old} |  0
 3 files changed, 15 insertions(+)

diff --git a/bin/liaisons.py b/bin/liaisons.py
index 731babc..a6a3c26 100644
--- a/bin/liaisons.py
+++ b/bin/liaisons.py
@@ -1,3 +1,6 @@
+# this file is used by 'target-old'
+# you should update liaisons.rb as well!
+
 liaisons = {
 	'alpha' : ['armin76',		'klausman',	],
 	'amd64' : ['keytoaster',	'chainsaw',	],

diff --git a/bin/liaisons.rb b/bin/liaisons.rb
new file mode 100644
index 0000000..0d49ee3
--- /dev/null
+++ b/bin/liaisons.rb
@@ -0,0 +1,12 @@
+# this file is used by target
+
+@liaisons = {
+	'alpha' => ['armin76',		'klausman',	],
+	'amd64' => ['keytoaster',	'chainsaw',	],
+	'hppa'  => ['jer',				],
+	'ppc'   => ['josejx',		'ranger',	],
+	'ppc64' => ['josejx',		'ranger',	],
+	'sparc' => ['armin76',		'tcunha',	],
+	'x86'   => ['fauli', 		'maekke',	],
+	'release'=> ['pva', ]
+}

diff --git a/bin/target b/bin/target-old
similarity index 100%
rename from bin/target
rename to bin/target-old

[gentoo-commits] proj/security:master commit in: bin/

[Pavlos Ratis]

commit:     22546d7465a9c58a7bb3487d5611b33e93b1f6cc
Author:     Alex Legler <a3li <AT> gentoo <DOT> org>
AuthorDate: Tue May 17 17:27:55 2011 +0000
Commit:     Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Tue May 17 17:27:55 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=22546d74

acutally add the new tool

svn path=/; revision=2228

---
 bin/target | 346 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 346 insertions(+)

diff --git a/bin/target b/bin/target
new file mode 100755
index 0000000..22001dd
--- /dev/null
+++ b/bin/target
@@ -0,0 +1,346 @@
+#!/usr/bin/env ruby
+# Target 2
+# written by Alex Legler <a3li@gentoo.org>
+# dependencies: app-portage/gentoolkit, dev-lang/ruby[ssl], dev-ruby/highline
+# vim: set sw=2 ts=2:
+
+require 'optparse'
+require 'highline'
+require 'fileutils'
+require 'xmlrpc/client'
+
+class Net::HTTP
+	alias_method :old_initialize, :initialize
+	def initialize(*args)
+		old_initialize(*args)
+		@ssl_context = OpenSSL::SSL::SSLContext.new
+		@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+	end
+end
+
+module GenSec
+	module Target
+		# These architectures don't stabilize packages
+		NOSTABLE_ARCHES = ['mips']
+
+		def main(argv)
+			$opts = {
+				:auth_cache => true,
+				:force => false,
+				:liaisons => false,
+				:username => nil,
+				:prestable => false,
+				:quiet => false
+			}
+
+			$ui = HighLine.new
+
+			bug = nil
+			version = nil
+			slot = nil
+
+			optparse = OptionParser.new do |opts|
+				opts.on('-b', '--bug BUGNO', 'The number of the bug to change') do |b|
+					bug = Integer(b)
+				end
+
+				opts.on('-v', '--version VERSION', 'Use this version as stabilization target') do |v|
+					version = v
+				end
+
+				opts.on('-s', '--slot SLOT', 'Use ebuilds from this slot to find the best ebuild') do |s|
+					slot = s
+				end
+
+				opts.on('-l', '--liaisons', 'CC the arch liaisons instead of arch teams') do
+					$opts[:liaisons] = true
+				end
+
+				opts.on('-p', '--prestable', 'Use prestabling instructions') do
+					$opts[:prestable] = true
+				end
+
+				opts.on('-u', '--username USERNAME', 'Use this user name to log in at Bugzilla') do |username|
+					$opts[:username] = username
+				end
+
+				opts.on_tail('-f', '--force', 'Force the operation. Disables asking for confirmation and version checks.') do
+					$opts[:force] = true
+				end
+
+				opts.on_tail('-q', '--quiet', 'Be less noisy') do
+					$opts[:quiet] = true
+				end
+
+				opts.on_tail('-h', '--help', 'Display this screen') do
+					puts opts
+					exit
+				end
+				
+			end
+
+			optparse.banner = "Usage: #{$0} [options] [package]\n\nAvailable options:\n"
+			cmd_options = optparse.parse!(argv)
+
+			if argv.length > 0
+				package = argv.shift
+			else
+				package = Dir.pwd.split('/').last(2).join('/')
+			end
+
+			metadata = get_metadata(package)
+			do_package(metadata, bug, version, slot)
+		end
+
+		def do_package(metadata, bug, version, slot)
+			if metadata[:package] == nil or metadata[:package] == ''
+				e("No package found.")
+			end
+
+			i("Using #{metadata[:package]}") unless $opts[:quiet]
+			#puts metadata.inspect
+
+			best_version = find_best_version(metadata, slot, version)
+			i("Target version: #{best_version}") unless $opts[:quiet]
+
+			# Cover a custom version string that is not there in the local tree
+			if metadata[:keywords].include? best_version
+				already_stable = filter_unstable(metadata[:keywords][best_version]) - NOSTABLE_ARCHES
+			else
+				already_stable = []
+			end
+
+			need_stable = metadata[:stable_arches] - NOSTABLE_ARCHES
+
+			i("Arches this package was ever stable on: #{$ui.color(need_stable.join(', '), :red, :bold)}") unless $opts[:quiet]
+
+			if already_stable.length > 0
+				i("Target version is already stable on:    #{$ui.color(already_stable.join(', '), :green, :bold)}") unless $opts[:quiet]
+			end
+
+			if $opts[:prestable]
+				msg = "Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.\n"
+			elsif $opts[:liaisons] and not $opts[:prestable]
+				msg = "Arch Security Liaisons, please test and mark stable:\n"
+			else
+				msg = "Arches, please test and mark stable:\n"
+			end
+
+			if not $opts[:prestable]
+				msg += "=%s-%s\n" % [metadata[:package], best_version]
+			end
+
+			msg += "Target keywords : \"%s\"\n" % metadata[:stable_arches].join(' ')
+
+			if already_stable.length > 0 and not $opts[:prestable]
+				msg += "Already stable  : \"%s\"\n" % (already_stable.join(' '))
+				msg += "Missing keywords: \"%s\"\n" % (metadata[:stable_arches] - already_stable).join(' ')
+			end
+
+			puts
+			puts msg
+			puts
+
+			if $opts[:liaisons]
+				require File.join(File.dirname(__FILE__), 'liaisons')
+				cc_list = need_stable.map {|arch| @liaisons[arch]}.flatten.map {|liaison| "#{liaison}@gentoo.org"}
+			else
+				cc_list = need_stable.map {|arch| "#{arch}@gentoo.org" }
+			end
+			puts "CC: %s" % cc_list.join(',')
+			exit if bug == nil
+
+			bugi = bug_info(bug)
+			new_whiteboard = update_whiteboard(bugi['whiteboard'])
+
+			puts "Whiteboard: '%s' -> '%s'" % [bugi['whiteboard'], new_whiteboard]
+			puts
+
+			if $opts[:force] or $ui.agree('Continue? (yes/no)')
+				update_bug(bug, new_whiteboard, cc_list, msg)
+			end
+		end
+
+		# Collects metadata information from equery meta
+		def get_metadata(ebuild = Dir.pwd.split('/').last(2).join('/'))
+			keywords = IO.popen("equery --no-color --no-pipe meta --keywords #{ebuild}")
+			result = {:slots => {}, :keywords => {}, :stable_arches => [], :versions => []}
+
+			keywords.lines.each do |line|
+				if line =~ /^ \* (\S*?)\/(\S*?) \[([^\]]*)\]$/
+					result[:package] = "#{$1}/#{$2}"
+					result[:repo] = $3
+					next
+				end
+
+				if line =~ /^(.*?):(.*?):(.*?)$/
+					version, slot, kws = $1, $2, $3
+					result[:versions] << version
+					result[:slots][slot] = [] unless result[:slots].include? slot
+					result[:slots][slot] << version
+					result[:keywords][version] = []
+
+					kws.strip.split(' ').each do |arch|
+						result[:keywords][version] << arch
+
+						if arch =~ /^[^~]*$/
+							result[:stable_arches] << arch
+						end
+					end
+
+					result[:keywords][version].sort!
+					next
+				end
+
+				raise RuntimeError, "Invalid line in equery output. Aborting."
+			end
+
+			result[:stable_arches].uniq!
+			result[:stable_arches].sort!
+			result
+		end
+
+		# Tries to find the best version following the needed specification
+		def find_best_version(metadata, slot, version)
+			if slot == nil and version == nil
+				return metadata[:versions].reject {|item| item =~ /^9999/}.last
+			elsif slot == nil
+				return version
+			else
+				if version == nil
+					return metadata[:slots][slot].reject {|item| item =~ /^9999/}.last
+				elsif metadata[:slots][slot].include?(version)
+					return version
+				else
+					return false
+				end
+			end
+		end
+
+		def update_whiteboard(old_wb)
+			old_wb.gsub(/(ebuild\+?|upstream\+?|stable)\??/, 'stable').gsub(/stable\/stable/, 'stable')
+		end
+
+		def update_bug(bug, whiteboard, cc_list, comment)
+			i("Updating bug #{bug}...")
+			client = xmlrpc_client
+			did_retry = false
+
+			begin
+				result = client.call('Bug.update', {
+					'ids' => [Integer(bug)],
+					'whiteboard' => whiteboard,
+					'cc' => {'add' => cc_list},
+					'keywords' => {'add' => 'STABLEREQ'},
+					'status' => 'IN_PROGRESS',
+					'comment' => {'body' => comment}
+				})
+
+				i("done!")
+				return true
+			rescue XMLRPC::FaultException => e
+				if did_retry
+					e "Failure updating bug information: #{e.message}"
+					return false
+				end
+
+				if e.faultCode == 410
+					log_in
+					did_retry = true
+					retry
+				else
+					e "Failure updating bug information: #{e.message}"
+				end
+			end
+		end
+
+		def bug_info(bugno)
+			client = xmlrpc_client
+			did_retry = false
+
+			begin
+				result = client.call('Bug.get', {'ids' => [Integer(bugno)]})
+				result['bugs'].first
+			rescue XMLRPC::FaultException => e
+				if did_retry
+					e "Failure reading bug information: #{e.message}"
+					return false
+				end
+
+				if e.faultCode == 410
+					log_in
+					did_retry = true
+					retry
+				else
+					e "Failure reading bug information: #{e.message}"
+				end
+			end
+		end
+
+		def log_in
+			client = xmlrpc_client
+
+			if $opts[:username] == nil
+				user = $ui.ask("Bugzilla login: ")
+			else
+				user = $opts[:username]
+			end
+
+			password = $ui.ask("Password: ") {|q| q.echo = false}
+
+			begin
+				i("Logging in...")
+				result = client.call('User.login', {
+					'login' => user,
+					'password' => password
+				})
+
+				cookie_file = File.join(ENV['HOME'], '.gensec-target-auth')
+				FileUtils.rm(cookie_file) if File.exist?(cookie_file)
+				FileUtils.touch(cookie_file)
+				File.chmod(0600, cookie_file)
+				File.open(cookie_file, 'w') {|f| f.write client.cookie }
+
+				return true
+			rescue XMLRPC::FaultException => e
+				e "Failure logging in: #{e.message}"
+				return false
+			end
+		end
+
+		def xmlrpc_client
+			client = XMLRPC::Client.new('bugs.gentoo.org', '/xmlrpc.cgi', 443, nil, nil, nil, nil, true)
+			client.http_header_extra = {'User-Agent' => "Target/2.0 (arch CC tool; http://security.gentoo.org/)"}
+
+			cookie_file = File.join(ENV['HOME'], '.gensec-target-auth')
+			if File.readable? cookie_file
+				client.cookie = File.read(cookie_file)
+			end
+
+			client
+		end
+
+		# Output and misc methods
+		def i(str)
+			$ui.say($ui.color(" * ", :green, :bold) + str)
+		end
+
+		def w(str)
+			$ui.say($ui.color(" * ", :yellow, :bold) + str)
+		end
+
+		def e(str)
+			$ui.say($ui.color(" * ", :red, :bold) + str)
+			exit 1
+		end
+
+		def filter_unstable(ary)
+			ary.reject {|item| item =~ /^~/}
+		end
+	end
+end
+
+if __FILE__ == $0
+	include GenSec::Target
+	main(ARGV)
+end

[gentoo-commits] proj/security:master commit in: bin/

[Pavlos Ratis]

commit:     134fe0cd18971096ea99665a9e259bfb75960a04
Author:     Alex Legler <a3li <AT> gentoo <DOT> org>
AuthorDate: Fri May 27 19:11:42 2011 +0000
Commit:     Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Fri May 27 19:11:42 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=134fe0cd

Add warning if target version was not found; misc other fixes.

svn path=/; revision=2230

---
 bin/target | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/bin/target b/bin/target
index 701886c..3142c9b 100755
--- a/bin/target
+++ b/bin/target
@@ -25,7 +25,7 @@ module GenSec
 
 		def main(argv)
 			$opts = {
-				:auth_cache => true,
+				:debug => false,
 				:force => false,
 				:liaisons => false,
 				:username => nil,
@@ -64,6 +64,10 @@ module GenSec
 					$opts[:username] = username
 				end
 
+				opts.on_tail('--debug', 'Print debug output.') do
+					$opts[:debug] = true
+				end
+
 				opts.on_tail('-f', '--force', 'Force the operation. Disables asking for confirmation and version checks.') do
 					$opts[:force] = true
 				end
@@ -97,16 +101,20 @@ module GenSec
 				e("No package found.")
 			end
 
-			i("Using #{metadata[:package]}") unless $opts[:quiet]
-			#puts metadata.inspect
+			i("Package:        #{$ui.color(metadata[:package], :green)}") unless $opts[:quiet]
+			if $opts[:debug]
+				require 'pp'
+				pp metadata
+			end
 
 			best_version = find_best_version(metadata, slot, version)
-			i("Target version: #{best_version}") unless $opts[:quiet]
+			i("Target version: #{$ui.color(best_version, :green)}") unless $opts[:quiet]
 
 			# Cover a custom version string that is not there in the local tree
-			if metadata[:keywords].include? best_version
+			if metadata[:versions].include? best_version
 				already_stable = filter_unstable(metadata[:keywords][best_version]) - NOSTABLE_ARCHES
 			else
+				w($ui.color("Warning: Target version not found. Proceed with care.", :yellow))
 				already_stable = []
 			end
 

[gentoo-commits] proj/security:master commit in: bin/

[Pavlos Ratis]

commit:     42c7aba9fcb5d8f28d1b778812f6eec6c352012d
Author:     Alex Legler <a3li <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 21:02:37 2011 +0000
Commit:     Pavlos Ratis <dastergon <AT> gentoo <DOT> org>
CommitDate: Wed May 18 21:02:37 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/security.git;a=commit;h=42c7aba9

filter -* keywords

svn path=/; revision=2229

---
 bin/target | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/bin/target b/bin/target
index 22001dd..701886c 100755
--- a/bin/target
+++ b/bin/target
@@ -110,7 +110,7 @@ module GenSec
 				already_stable = []
 			end
 
-			need_stable = metadata[:stable_arches] - NOSTABLE_ARCHES
+			need_stable = filter_negative_keywords(metadata[:stable_arches] - NOSTABLE_ARCHES)
 
 			i("Arches this package was ever stable on: #{$ui.color(need_stable.join(', '), :red, :bold)}") unless $opts[:quiet]
 
@@ -130,7 +130,7 @@ module GenSec
 				msg += "=%s-%s\n" % [metadata[:package], best_version]
 			end
 
-			msg += "Target keywords : \"%s\"\n" % metadata[:stable_arches].join(' ')
+			msg += "Target keywords : \"%s\"\n" % need_stable.join(' ')
 
 			if already_stable.length > 0 and not $opts[:prestable]
 				msg += "Already stable  : \"%s\"\n" % (already_stable.join(' '))
@@ -335,7 +335,11 @@ module GenSec
 		end
 
 		def filter_unstable(ary)
-			ary.reject {|item| item =~ /^~/}
+			ary.reject {|item| item =~ /^[~-]/}
+		end
+
+		def filter_negative_keywords(ary)
+			ary.reject {|item| item =~ /^[-]/}
 		end
 	end
 end

[gentoo-commits] proj/security:master commit in: bin/

[Alex Legler]

commit:     1e03a6b7d241a9eaa3f9950613b37d8c100602d1
Author:     Alex Legler <alex <AT> a3li <DOT> li>
AuthorDate: Wed Jun  1 17:56:44 2016 +0000
Commit:     Alex Legler <a3li <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 17:56:44 2016 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=1e03a6b7

Add initial CVETool CLI utility

 bin/cvetool | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)

diff --git a/bin/cvetool b/bin/cvetool
new file mode 100755
index 0000000..8e388e0
--- /dev/null
+++ b/bin/cvetool
@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+# Copyright 2016 Alex Legler
+# Distributed under the terms of the GNU General Public License v3
+
+import json
+import re
+import string
+import sys
+import os
+import httplib2
+from base64 import b64encode
+
+URI_BASE = 'https://glsamaker.gentoo.org'
+
+class CVETool:
+    """ Interface to GLSAMaker's CVETool """
+
+    def __init__(self, auth, command, args):
+        self.auth = auth
+
+        if command == 'info':
+            self.info(self.cleanup_cve(sys.argv[2]))
+        elif command == 'assign':
+            if len(args) < 2:
+                print('Usage: assign <bug> <CVE> [<CVE>...]')
+                print('Assigns a set of CVEs to a bug')
+                sys.exit(1)
+
+            self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command == 'nfu':
+            if len(args) != 1:
+                print('Usage: nfu <CVE>')
+                print('Marks a CVE as not-for-us')
+                sys.exit(1)
+
+            self.nfu(self.cleanup_cve(args[0]))
+        elif command == 'pw':
+            if len(sys.argv) != 4:
+                print('Usage: pw <user> <password>')
+                print('Generates a base64-encoded credential for storing')
+                sys.exit(1)
+
+            self.pw(sys.argv[2], sys.argv[3])
+        else:
+            self.usage(sys.argv[0])
+            sys.exit(1)
+
+    def info(self, cve):
+        data = self.json_request('/cve/info/' + cve + '.json')
+
+        print('    CVE ID: ' + data['cve_id'])
+        print('   Summary: ' + data['summary'])
+        print(' Published: ' + data['published_at'])
+        print('-' * 80)
+        print('     State: ' + data['state'])
+        print('      Bugs: ' + ' , '.join(['https://bugs.gentoo.org/' + str(bug) for bug in data['bugs']]))
+
+    def assign(self, bug, cves):
+        cve_ids = [self.get_internal_cve_id(cve) for cve in cves]
+        response = self.request('/cve/assign/?bug=' + str(bug) + '&cves=' + ','.join([str(c) for c in cve_ids]))
+
+        if (response == 'ok'):
+            print('Assigned bug {} to {}'.format(str(bug), ', '.join(cves)))
+        else:
+            print('Assigning likely failed: ' + response)
+            sys.exit(1)
+
+    def nfu(self, cve):
+        cve_id = self.get_internal_cve_id(cve)
+        response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=')
+
+        if (response == 'ok'):
+            print('Marked {} as NFU'.format(cve))
+        else:
+            print('Assigning likely failed: ' + response)
+            sys.exit(1)
+
+
+    def usage(self, programname):
+        """ Print usage information """
+        print('Usage: {} <command> <cve> [args]'.format(programname))
+        print('CLI for CVETool.')
+
+    def pw(self, user, password):
+        print(b64encode(bytes(user + ':' + password, 'utf-8')).decode('ascii'))
+
+    def get_internal_cve_id(self, cve):
+        """ Resolves a CVE id to the internal databse ID """
+        return self.json_request('/cve/info/' + cve + '.json')['id']
+
+    def json_request(self, uri, method='GET'):
+        return json.loads(self.request(uri, method))
+
+    def cleanup_cve(self, str):
+        regex = re.compile('^(CVE-)?\d{4}-\d{4,}$')
+        if not regex.match(str):
+            raise ValueError('Cannot parse CVE: ' + str)
+
+        if not str.startswith('CVE-'):
+            return 'CVE-' + str
+        else:
+            return str
+
+    def request(self, uri, method='GET'):
+        client = httplib2.Http('.cache')
+        full_uri = URI_BASE + uri
+        response, content = client.request(full_uri, method, headers = { 'Authorization': 'Basic ' + self.auth })
+
+        status = response['status']
+        if (status[0] != '2' and status != '304'):
+            raise RuntimeError(full_uri + ': ' + status)
+
+        return content.decode('utf-8')
+
+def main():
+    if not 'CVETOOL_AUTH' in os.environ and not sys.argv[1] == 'pw':
+        print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.')
+        sys.exit(1)
+
+    auth = None
+    if 'CVETOOL_AUTH' in os.environ:
+        auth = os.environ['CVETOOL_AUTH']
+
+    CVETool(auth, sys.argv[1], sys.argv[2:])
+
+if __name__ == "__main__":
+    try:
+        main()
+    except KeyboardInterrupt:
+        print('\n ! Exiting.')

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     f6db6a76ec4a6940f40cb1181507d183afa32d95
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 14:46:22 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 14:46:22 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=f6db6a76

cvetool: Fix TypeError when requesting CVE info for not yet published CVE

 bin/cvetool | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index 8e388e0..d6c2f6d 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -50,7 +50,7 @@ class CVETool:
 
         print('    CVE ID: ' + data['cve_id'])
         print('   Summary: ' + data['summary'])
-        print(' Published: ' + data['published_at'])
+        print(' Published: ' + (data['published_at'] if data['published_at'] is not None else "Not yet published"))
         print('-' * 80)
         print('     State: ' + data['state'])
         print('      Bugs: ' + ' , '.join(['https://bugs.gentoo.org/' + str(bug) for bug in data['bugs']]))

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     f4f55c3a59583336b249e098abffbe75400f2df5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 15:36:07 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 15:36:07 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=f4f55c3a

cvetool: Detect missing CVE and catch exception when requesting CVE info

 bin/cvetool | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/bin/cvetool b/bin/cvetool
index d6c2f6d..b8aa5ca 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -15,6 +15,9 @@ URI_BASE = 'https://glsamaker.gentoo.org'
 class CVETool:
     """ Interface to GLSAMaker's CVETool """
 
+    class NotFoundError(RuntimeError):
+        pass
+
     def __init__(self, auth, command, args):
         self.auth = auth
 
@@ -46,7 +49,11 @@ class CVETool:
             sys.exit(1)
 
     def info(self, cve):
-        data = self.json_request('/cve/info/' + cve + '.json')
+        try:
+            data = self.json_request('/cve/info/' + cve + '.json')
+        except self.NotFoundError as e:
+            print('{} not found in Gentoo\'s CVE database!'.format(cve))
+            sys.exit(0)
 
         print('    CVE ID: ' + data['cve_id'])
         print('   Summary: ' + data['summary'])
@@ -107,7 +114,9 @@ class CVETool:
         response, content = client.request(full_uri, method, headers = { 'Authorization': 'Basic ' + self.auth })
 
         status = response['status']
-        if (status[0] != '2' and status != '304'):
+        if (status == '404'):
+            raise self.NotFoundError(full_uri + ': ' + status)
+        elif (status[0] != '2' and status != '304'):
             raise RuntimeError(full_uri + ': ' + status)
 
         return content.decode('utf-8')

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     b7c2a35f419a2d6a67f20bf93d5607891e083eec
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 05:51:25 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 05:51:25 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=b7c2a35f

cvetool: Add "new" command

"cvetool new [CVE]" can be used to add a new CVE with a placeholder text
to the database.

 bin/cvetool | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index 57884ca..b01b8d6 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -8,6 +8,7 @@ import string
 import sys
 import os
 import httplib2
+from urllib.parse import urlencode
 from base64 import b64encode
 
 URI_BASE = 'https://glsamaker.gentoo.org'
@@ -15,6 +16,13 @@ URI_BASE = 'https://glsamaker.gentoo.org'
 class CVETool:
     """ Interface to GLSAMaker's CVETool """
 
+    CVEPlaceholderText = (
+        "** RESERVED ** This candidate has been reserved by an "
+        "organization or individual that will use it when announcing a "
+        "new security problem. When the candidate has been publicized, "
+        "the details for this candidate will be provided."
+    )
+
     class NotFoundError(RuntimeError):
         pass
 
@@ -39,6 +47,17 @@ class CVETool:
                 sys.exit(1)
 
             self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command == 'new':
+            if len(args) != 1:
+                print('Usage: new <CVE>')
+                print('Adds a new CVE to database with placeholder text')
+                sys.exit(1)
+
+            try:
+                self.new(self.cleanup_cve(sys.argv[2]))
+            except ValueError:
+                print('"{}" is not a valid CVE identifier!'.format(sys.argv[2]))
+                sys.exit(1)
         elif command == 'nfu':
             if len(args) != 1:
                 print('Usage: nfu <CVE>')
@@ -81,6 +100,28 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
+    def new(self, cve):
+        queryString = urlencode({ 'cve_id' : cve, 'summary' : self.CVEPlaceholderText })
+
+        try:
+             response = self.request('/cve/new/?' + str(queryString), 'POST')
+        except RuntimeError as e:
+            try:
+                data = self.json_request('/cve/info/' + cve + '.json')
+                print('Adding CVE "{}" to database failed: CVE already exists!'.format(cve))
+                sys.exit(0)
+            except self.NotFoundError:
+                print('Adding CVE "{}" to database failed for unknown reason:'.format(cve))
+                raise
+
+        if (response == 'ok'):
+            print('New CVE "{}" added to database'.format(cve))
+        else:
+            # Should never get here because HTTP API currently returns HTTP code 500
+            # which triggers a RuntimeError in request function
+            print('Adding CVE "{}" to database failed: '.format(cve) + response)
+            sys.exit(1)
+
     def nfu(self, cve):
         cve_id = self.get_internal_cve_id(cve)
         response = self.request('/cve/nfu/?cves=' + str(cve_id) + '&reason=')
@@ -91,7 +132,6 @@ class CVETool:
             print('Assigning likely failed: ' + response)
             sys.exit(1)
 
-
     def usage(self, programname):
         """ Print usage information """
         print('Usage: {} <command> <cve> [args]'.format(programname))

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     e46475c945146cd2fe260e6efed68e11df744853
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 03:03:40 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 03:03:40 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=e46475c9

cvetool: Catch invalid 'info' command usage

 bin/cvetool | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index b8aa5ca..57884ca 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -22,7 +22,16 @@ class CVETool:
         self.auth = auth
 
         if command == 'info':
-            self.info(self.cleanup_cve(sys.argv[2]))
+            if len(args) != 1:
+                print('Usage: info <CVE>')
+                print('Retrieves information about a CVE from database')
+                sys.exit(1)
+
+            try:
+                self.info(self.cleanup_cve(sys.argv[2]))
+            except ValueError:
+                print('"{}" is not a valid CVE identifier!'.format(sys.argv[2]))
+                sys.exit(1)
         elif command == 'assign':
             if len(args) < 2:
                 print('Usage: assign <bug> <CVE> [<CVE>...]')

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     d93c551fd165ca3665c4a794a419d90476085187
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 25 17:42:51 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 25 17:42:51 2017 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=d93c551f

cvetool: Catch call without any arguments

 bin/cvetool | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bin/cvetool b/bin/cvetool
index b01b8d6..f60248b 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -171,6 +171,9 @@ class CVETool:
         return content.decode('utf-8')
 
 def main():
+    if len(sys.argv) == 1:
+        CVETool(None, 'usage', sys.argv[2:])
+
     if not 'CVETOOL_AUTH' in os.environ and not sys.argv[1] == 'pw':
         print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.')
         sys.exit(1)

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     062dfa1f3bd86a7e8c898eac0ef948a425410986
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  4 04:04:56 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar  4 04:04:56 2020 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=062dfa1f

cvetool: info: show internal CVE id in addition

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 bin/cvetool | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/cvetool b/bin/cvetool
index f60248b..28b8901 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -83,7 +83,7 @@ class CVETool:
             print('{} not found in Gentoo\'s CVE database!'.format(cve))
             sys.exit(0)
 
-        print('    CVE ID: ' + data['cve_id'])
+        print('    CVE ID: ' + data['cve_id'] + ' (#' + str(data['id']) + ')')
         print('   Summary: ' + data['summary'])
         print(' Published: ' + (data['published_at'] if data['published_at'] is not None else "Not yet published"))
         print('-' * 80)

[gentoo-commits] proj/security:master commit in: bin/

[Thomas Deutschmann]

commit:     dda658f89dd2514a89dade9fa9d52d14b4d2c7cb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  4 04:05:24 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar  4 04:05:24 2020 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=dda658f8

cvetool: add 'getcveidlist' action

'getcveidlist' action will allow you to get list of internal CVE ids
required for API request.

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 bin/cvetool | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/bin/cvetool b/bin/cvetool
index 28b8901..05d0b6e 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -47,6 +47,13 @@ class CVETool:
                 sys.exit(1)
 
             self.assign(args[0], [self.cleanup_cve(cve) for cve in args[1:]])
+        elif command =='getcveidlist':
+            if len(args) < 1:
+                print('Usage: getcveidlist <CVE> [<CVE>...]')
+                print('Returns a list of the real CVE IDs')
+                sys.exit(1)
+
+            self.getcveidlist([self.cleanup_cve(cve) for cve in args[0:]])
         elif command == 'new':
             if len(args) != 1:
                 print('Usage: new <CVE>')
@@ -90,6 +97,11 @@ class CVETool:
         print('     State: ' + data['state'])
         print('      Bugs: ' + ' , '.join(['https://bugs.gentoo.org/' + str(bug) for bug in data['bugs']]))
 
+    def getcveidlist(self, cves):
+        cve_ids = [self.get_internal_cve_id(cve) for cve in cves]
+        print('CVE IDs: cves=' + ','.join([str(c) for c in cve_ids]))
+
+
     def assign(self, bug, cves):
         cve_ids = [self.get_internal_cve_id(cve) for cve in cves]
         response = self.request('/cve/assign/?bug=' + str(bug) + '&cves=' + ','.join([str(c) for c in cve_ids]))