[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH] report-vuln: allow to invoke mailer



This allows to invoke the mailer directly like

    bin/report-vuln -M <pkg> <cve>...

the default behaviour is unchanged.
---
Helps at least me to get out bug mails quicker.

 bin/report-vuln | 95 ++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 54 insertions(+), 41 deletions(-)

diff --git a/bin/report-vuln b/bin/report-vuln
index 5e053f88ea..9e20f4778b 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -1,25 +1,18 @@
 #!/usr/bin/env python
 #
-# generate bug report content for a given package name
-# and a number of CVE ids
+# generate bug report content/mail for a given package name and a
+# number of CVE ids
 #
-# you could use it for example in combination with the
-# following shell function:
+# To invoke the mailer right away:
 #
-# report-vuln(){
-#     TMPFILE="$HOME/reportbug.tmp"
-#     $HOME/debian/svn/secure-testing/bin/report-vuln -m "$@" > $TMPFILE
-#     mutt -H $TMPFILE
-#     rm $TMPFILE
-# }
-#
-# in bash, this can be simply:
-#
-# mutt -H <($HOME/debian/svn/secure-testing/bin/report-vuln -m <pkg> <CVE>)
+# $HOME/debian/svn/secure-testing/bin/report-vuln -M <pkg> <CVE>
 #
 # export http_proxy if you need to use an http proxy to report bugs
 
+from __future__ import print_function
+
 import argparse
+from tempfile import NamedTemporaryFile
 import sys, re, urllib, os
 
 temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
@@ -118,10 +111,11 @@ def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, c
     cve_suff = ''
     time_w = 'was'
     temp_id_cnt = 0
-    header = ''
+    ret = ''
+
 
     if mh:
-        header += '''To: submit@bugs.debian.org
+        ret += '''To: submit@bugs.debian.org
 Subject: %s: %s
 
 ''' % (pkg, ' '.join(cveid))
@@ -132,56 +126,55 @@ Subject: %s: %s
         time_w = 'were'
 
     if src:
-        header += '''Source: %s\n''' % (pkg)
+        ret += 'Source: %s\n' % (pkg)
     else:
-        header += '''Package: %s\n''' % (pkg)
+        ret += 'Package: %s\n' % (pkg)
 
     if affected is None:
         if blanks:
-            header += "Version: FILLINAFFECTEDVERSION\n"
+            ret += "Version: FILLINAFFECTEDVERSION\n"
         else:
-            header += "Version: %s\n" % affected
+            ret += "Version: %s\n" % affected
         if cc and len(cclist) > 0:
-            header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
-    header += '''Severity: %s
+            ret += "X-Debbugs-CC: %s\n" % " ".join(cclist)
+    ret += '''Severity: %s
 Tags: security
 
 Hi,
 
-the following vulnerabilit%s %s published for %s.
+the following vulnerabilit%s %s published for %s.\n
 ''' % (severity, vuln_suff, time_w, pkg)
 
-    footer = '''If you fix the vulnerabilit%s please also make sure to include the
-CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry.
-
-For further information see:''' % (vuln_suff, cve_suff)
-
-    print header
     for cnt, cve in enumerate(cveid):
         if not temp_id.match(cve):
-            print cve + '[' + str(cnt) + ']:'
-            print get_cve(cve)
+            ret += cve + '[' + str(cnt) + ']:\n'
+            ret += get_cve(cve) + '\n'
         else:
-            print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt)
+            ret += 'Issue without CVE id #%d [%d]:\n' % (temp_id_cnt, cnt)
             desc = description_from_list(cve, pkg, temp_id_cnt)
             if desc:
-                print desc + '\n'
+                ret += desc + '\n\n'
             else:
-                print 'No description has been specified\n'
+                ret += 'No description has been specified\n\n'
             temp_id_cnt += 1
 
-    print footer
-    print gen_index(cveid)
+    ret += '''If you fix the vulnerabilit%s please also make sure to include the
+CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry.
+
+For further information see:\n''' % (vuln_suff, cve_suff)
+    ret += gen_index(cveid) + '\n'
 
     if temp_id_cnt > 0:
-        print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
-        print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
+        ret += '\nhttps://security-tracker.debian.org/tracker/source-package/%s\n' % (pkg)
+        ret += '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
 
     if not blanks:
-        print '''\nPlease adjust the affected versions in the BTS as needed.\n'''
+        ret += '\nPlease adjust the affected versions in the BTS as needed.\n'
+
+    return ret
 
 def error(msg):
-    print 'error: ' + msg
+    print ('error: ' + msg, file=sys.stderr)
     sys.exit(1)
 
 class NegateAction(argparse.Action):
@@ -220,6 +213,10 @@ def main():
                         help='list of addresses to add in CC (default: %(default)s)')
     parser.add_argument('--src', action="store_true", help='report against source package')
     parser.add_argument('-m', '--mail-header', action="store_true", help='generate a mail header')
+    parser.add_argument('-M', '--mail', action="store_true", help='invoke mailer right aways')
+    parser.add_argument('--mailer', action='store', default='mutt -H {}',
+                        help='Command executed. Must contain {} to be replaced '
+                        'by the filename of the draft bugreport')
     parser.add_argument('pkg', help='affected package')
     parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs')
     args = parser.parse_args()
@@ -239,7 +236,23 @@ def main():
         if not c.match(arg) and not temp_id.match(arg):
             error(arg + ' does not seem to be a valid CVE id')
 
-    gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src, mh=args.mail_header)
+    text = gen_text(pkg, cve,
+                    affected=args.affected,
+                    blanks=args.blanks,
+                    severity=args.severity,
+                    cc=args.cc,
+                    cclist=args.cclist,
+                    src=args.src,
+                    mh=args.mail_header or args.mail)
+
+    if args.mail:
+        with NamedTemporaryFile(prefix='report-vuln', suffix='.txt') as bugmail:
+            bugmail.write(text)
+            bugmail.flush()
+            os.system(args.mailer.format(bugmail.name))
+    else:
+        print(text)
+
 
 if __name__ == '__main__':
     main()
-- 
2.15.0


Reply to: