summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-12-07 10:32:01 +0100
committerBjoern Tropf <asym@gentoo.org>2009-12-07 10:32:01 +0100
commit36e2c560f04d6f330693c94290146e8e563e99c1 (patch)
treefa4ff77d5977c61fc72cf0000bff19748569a8cc
parentFix spaces (diff)
downloadkernel-check-36e2c560f04d6f330693c94290146e8e563e99c1.tar.gz
kernel-check-36e2c560f04d6f330693c94290146e8e563e99c1.tar.bz2
kernel-check-36e2c560f04d6f330693c94290146e8e563e99c1.zip
Start porting kernel-check to python3
Remove unused imports Add "kernel is secure" message
-rw-r--r--TODO1
-rwxr-xr-xpym/kernelcheck/kernelcheck.py93
-rw-r--r--pym/kernelcheck/lib/kernellib.py30
3 files changed, 58 insertions, 66 deletions
diff --git a/TODO b/TODO
index 5b6db82..d108ac4 100644
--- a/TODO
+++ b/TODO
@@ -15,3 +15,4 @@
- Explicitly mention the CVSS score e.g. (CVSS-5.6)
- Implement sync properly
- Sort print_items
+- Port cron.py to python3
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index 5eac6b1..45914d6 100755
--- a/pym/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -31,7 +31,7 @@ def main(argv):
try:
opts, args = getopt.gnu_getopt(argv, 'dhnr:sv',
['debug', 'help', 'nocolor', 'report=', 'sync', 'verbose'])
- except getopt.GetoptError, e:
+ except getopt.GetoptError:
usage()
return
@@ -67,9 +67,9 @@ def main(argv):
information = dict()
- print ''
- print darkgreen('These are the specifications of your kernel:')
- print ''
+ print('')
+ print(darkgreen('These are the specifications of your kernel:'))
+ print('')
uname = os.uname()
if uname[0] != 'Linux':
@@ -101,32 +101,36 @@ def main(argv):
}
print_items(information, 'Information')
- print ''
+ print('')
print_items(lib.gather_configuration(), 'Configuration')
- print '\nDetermining vulnerabilities... done!' #TODO #spin
- print ''
+ print('\nDetermining vulnerabilities... done!') #TODO #spin
+ print('')
- kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
- if not kernel_eval:
+ evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
+ if not evaluation:
error('No kernel vulnerability files found!')
return
- print_summary(kernel_eval.affected)
+ if len(evaluation.affected) is not 0:
+ print_summary(evaluation.affected)
- print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % (
- len(kernel_eval.affected), repr(kernel_eval), kernel_eval.avg_cvss)
+ print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f\n' % (
+ len(evaluation.affected), repr(evaluation), evaluation.avg_cvss))
- print ''
+ prompt = "Would you like to upgrade your kernel?"
+ if userquery(prompt, None) == 'No':
+ print('')
+ print('Quitting.')
+ print('')
- prompt = "Would you like to upgrade your kernel?"
- if userquery(prompt, None) == 'No':
- print''
- print'Quitting.'
- print ''
+ else:
+ print('Not implemented yet...')
else:
- print 'Not implemented yet ;)'
+ print('Total: 0 vulnerabilities, Average CVSS score: 0.0\n')
+ print(bold('Your kernel is not affected by any known vulnerability!'))
+
def print_items(category, header):
'Indents and prints items'
@@ -140,49 +144,44 @@ def print_items(category, header):
for i, string in enumerate(textwrap.wrap('%s' % category[item],
(screenwidth - 23))):
if i is 0:
- print '%s%s%s : %s' % (' ' * 6, darkgreen(item),
- ' ' * (14 - len(item)), string)
+ print('%s%s%s : %s' % (' ' * 6, darkgreen(item),
+ ' ' * (14 - len(item)), string))
else:
- print '%s%s' % (' ' * 23, string)
+ print('%s%s' % (' ' * 23, string))
def print_summary(vullist):
'Prints the vulnerability summary'
for item in vullist:
-
- whiteboard = str()
- for interval in item.affected:
- whiteboard += '[' + str(interval) + '] '
-
if item.cves:
for cve in item.cves:
- cve_text = str()
+ cvetype = str()
if 'AV:L' in cve.vector:
- cve_text += colorize('BAD', 'local')
+ cvetype += colorize('BAD', 'local')
if 'AV:A' in cve.vector or 'AV:N' in cve.vector:
- cve_text += colorize('BAD', 'network')
+ cvetype += colorize('BAD', 'network')
if ('C:P' in cve.vector or 'C:C' in cve.vector) \
and ('I:P' in cve.vector or 'I:C' in cve.vector) \
and ('A:P' in cve.vector or 'A:C' in cve.vector):
- cve_text += '%s%s' % (' ', blue('-complete'))
+ cvetype += '%s%s' % (' ', blue('-complete'))
else:
if 'C:P' in cve.vector or 'C:C' in cve.vector:
- cve_text += '%s%s' % (' ', blue('-confidentiality'))
+ cvetype += '%s%s' % (' ', blue('-confidentiality'))
if 'I:P' in cve.vector or 'I:C' in cve.vector:
- cve_text += '%s%s' % (' ', blue('-integrity'))
+ cvetype += '%s%s' % (' ', blue('-integrity'))
if 'A:P' in cve.vector or 'A:C' in cve.vector:
- cve_text += '%s%s' % (' ', blue('-availability'))
+ cvetype += '%s%s' % (' ', blue('-availability'))
- print '[%s %26s] %s %s TYPE="%s"' % (darkgreen('bugid'),
+ print ('[%s %26s] %s %s TYPE="%s"') % (darkgreen('bugid'),
colorize('GOOD', item.bugid), darkgreen(cve.cve),
- blue('[%s]' % cve.score), cve_text)
+ blue('[%s]' % cve.score), cvetype)
- print ''
+ print('')
def print_bug(bugid):
@@ -206,7 +205,7 @@ def print_bug(bugid):
'Architecture' : vul.arch.capitalize()
}
- print ''
+ print('')
print_items(buginformation, 'Bugid %s' % bugid)
for cve in vul.cves:
@@ -235,7 +234,7 @@ def print_cve(cveid):
}
#TODO print cve.refs
- print ''
+ print('')
print_items(cveinformation, cve.cve)
@@ -249,14 +248,14 @@ def print_information():
def usage():
'Prints the usage screen'
- print 'Usage: kernel-check [BUGID|CVE] [OPTION]...'
- print 'Gentoo Kernel Security %s\n' % lib.VERSION
- print ' -d, --debug display debugging information'
- print ' -h, --help display help information'
- print ' -n, --nocolor disable colors'
- print ' -r, --report [file] create a security report'
- print ' -s, --sync receive the latest vulnerabilities'
- print ' -v, --verbose display additional information'
+ print('Usage: kernel-check [BUGID|CVE] [OPTION]...')
+ print('Gentoo Kernel Security %s\n' % lib.VERSION)
+ print(' -d, --debug display debugging information')
+ print(' -h, --help display help information')
+ print(' -n, --nocolor disable colors')
+ print(' -r, --report [file] create a security report')
+ print(' -s, --sync receive the latest vulnerabilities')
+ print(' -v, --verbose display additional information')
if __name__ == '__main__':
diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py
index 972b2d0..da69c0d 100644
--- a/pym/kernelcheck/lib/kernellib.py
+++ b/pym/kernelcheck/lib/kernellib.py
@@ -3,17 +3,10 @@
# Copyright 2009-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-from __future__ import with_statement
-from contextlib import closing
-import cStringIO
-import datetime
-import inspect
-import logging
import mmap
import os
import portage
import re
-import urllib
import xml.etree.cElementTree
@@ -61,8 +54,8 @@ DIR = {
def BUG_ON(msg, e):
if DEBUG:
- print '[DEBUG] line %s in %s(): %s -> %s' % (inspect.stack()[1][2],
- inspect.stack()[1][3], msg, e)
+ print('[DEBUG] line %s in %s(): %s -> %s' % (inspect.stack()[1][2],
+ inspect.stack()[1][3], msg, e))
class Evaluation:
@@ -276,13 +269,13 @@ class Interval:
interval = str(self.name)
interval += ' '
if self.lower and self.lower_i:
- interval += '>=%s ' % (self.lower)
+ interval += '>=%s ' % self.lower
if self.lower and not self.lower_i:
- interval += '>%s ' % (self.lower)
+ interval += '>%s ' % self.lower
if self.upper and self.upper_i:
- interval += '<=%s' % (self.upper)
+ interval += '<=%s' % self.upper
if self.upper and not self.upper_i:
- interval += '<%s' % (self.upper)
+ interval += '<%s' % self.upper
return interval
@@ -308,7 +301,7 @@ def interval_from_xml(root):
return Interval(name, lower, upper, lower_i, upper_i)
-#TODO Use exceptions
+#TODO Add more kernel
def is_in_interval(interval, kernel, bugid=None):
'Returns True if the given version is inside our specified interval'
@@ -386,7 +379,7 @@ def extract_genpatch(ebuild, directory, sources):
try:
genpatch_v = REGEX['gp_version'].findall(content)[0]
genpatch_w = REGEX['gp_want'].findall(content)[0]
- except:
+ except: #FIXME
return None
kernel = Kernel(pkg[1].replace('-sources', ''))
@@ -599,8 +592,7 @@ def extract_version(release):
match = REGEX['k_version'].match(release)
if not match:
- BUG_ON('[Error] Release %s does not contain any valid information' %
- release)
+ BUG_ON('[Error] Release %s contains no valid information' % release)
return None
version, rest = match.groups()
@@ -659,14 +651,14 @@ def gather_configuration():
try:
mmap_min_addr = open('/proc/sys/vm/mmap_min_addr').read().strip()
- except:
+ except: #FIXME
mmap_min_addr = '?'
config['Mmap_min_addr'] = mmap_min_addr
try:
for line in open('/proc/modules').readlines():
modules += '%s ' % line.split(' ')[0]
- except:
+ except: #FIXME
modules = '?'
config['Loaded modules'] = modules