diff options
Diffstat (limited to 'kernellib.py')
| -rwxr-xr-x | kernellib.py | 86 |
1 files changed, 36 insertions, 50 deletions
diff --git a/kernellib.py b/kernellib.py index d28323c..bbe8acb 100755 --- a/kernellib.py +++ b/kernellib.py @@ -105,9 +105,11 @@ class NvdEntryError(Exception): class Evaluation: """Evaluation class + + Provides information about the vulnerability of a kernel. """ - number = int() + read = int() arch = int() affected = list() unaffected = list() @@ -117,29 +119,16 @@ class Evaluation: self.unaffected = list() -class Bundle: - """Bundle class - - Provides information about the vulnerability of the current system. - There is only one instance of this class available. - - Attributes: - read: an integer count represeting the number of read files. - match: an integer count of bugs matching this system architecture. - fixed: an integer count of bugs being fixed in the current kernel. - canfix: a list of bugs that could be fixed by upgrading the kernel. - notfix: a list representing unresolved bugs in gentoo bugzilla. +class Comparison: + """Comparison class """ - read = int() - match = int() fixed = int() - canfix = list() - notfix = list() + new = list() def __init__(self): - self.canfix = list() - self.notfix = list() + self.fixed = list() + self.new = list() class Cve: @@ -680,7 +669,7 @@ def eval_cve_files(directory, kernel, arch): evaluation = Evaluation() for item in files: - evaluation.number += 1 + evaluation.read += 1 if item.arch not in ARCHES: BUG_ON('[Error] Wrong architecture %s in bugid: %s' % @@ -747,34 +736,24 @@ def is_affected(interval_list, kernel, item): #TODO Remove item return kernel_affected -def bundle_evaluation(kernel, best): - 'Creates a bundle out of two evaluation instances' +def compare_evaluation(kernel, compare): + 'Creates a comparison out of two evaluation instances' - bundle = Bundle() + comparison = Comparison() - if kernel.number == best.number: #FIXME why does 'is' not work - bundle.read = kernel.number - else: - BUG_ON('Numbers do not match: %s %s' % (kernel.number, best.number)) + if kernel.read != compare.read or kernel.arch != compare.arch: + BUG_ON('Kernels do not match: %s %s' % (kernel1.read, kernel2.read)) return - if kernel.arch == best.arch: #FIXME why does 'is' not work - bundle.match = kernel.arch - else: - BUG_ON('Numbers do not match: %s %s' % (kernel.arch, best.arch)) - return - - bundle.fixed = len(kernel.unaffected) - (kernel.number - kernel.arch) - for item in kernel.affected: - if item not in best.affected: - bundle.canfix.append(item) + if item not in compare.affected: + comparison.fixed.append(item) - for item in best.affected: - if item not in bundle.canfix: - bundle.notfix.append(item) + for item in compare.affected: + if item not in kernel.affected: + comparison.new.append(item) - return bundle + return comparison def read_cve_file(directory, bugid): @@ -980,21 +959,28 @@ def extract_version(release): return kernel -def best_version(source): +def all_version(source): """ Given a kernel source name (e.g. vanilla), returns a Kernel object for the latest revision in the tree, or None if none exists. """ + versions = list() + porttree = portage.db[portage.root]['porttree'] - bestmatch = porttree.dep_bestmatch('sys-kernel/%s-sources' % source) - best = portage.versions.catpkgsplit(bestmatch) - if not best: - return None + matches = porttree.dbapi.xmatch('match-all', + 'sys-kernel/%s-sources' % source) - kernel = Kernel(best[1].replace('-sources', '')) - kernel.version = best[2] - kernel.revision = best[3] + for item in matches: + best = portage.versions.catpkgsplit(item) + if not best: + continue - return kernel + kernel = Kernel(best[1].replace('-sources', '')) + kernel.version = best[2] + kernel.revision = best[3] + + versions.append(kernel) + + return versions #TODO Remove BUG_ON; use Exceptions |