Re: improving the report-vuln script
Hi
Attached is on patchseries on top of Antoine's patch, which implements
the proposed changes. (but skipping the default severity change, after
rethinking should be fine if we leave it that way as it is now).
Salvatore
>From 14f3e14d05dc03590b03a5c5c1b10680a5e23480 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:28:44 +0200
Subject: [PATCH 1/7] =?UTF-8?q?Import=20improvements=20to=20report-vuln=20?=
=?UTF-8?q?done=20by=20Antoine=20Beaupr=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
bin/report-vuln | 76 ++++++++++++++++++++++++++++++++++++++-------------------
1 file changed, 51 insertions(+), 25 deletions(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index 030de2800..41c76f527 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -19,6 +19,7 @@
#
# export http_proxy if you need to use an http proxy to report bugs
+import argparse
import sys, re, urllib, os
temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
@@ -112,7 +113,7 @@ def get_cve(id):
return ret + '\n'
-def gen_text(pkg, cveid, include_version = False, severity = 'FILLINSEVERITY'):
+def gen_text(pkg, cveid, blanks = False, severity = 'FILLINSEVERITY', affected=None, cc=False, cclist=None):
vuln_suff = 'y'
cve_suff = ''
time_w = 'was'
@@ -124,8 +125,13 @@ def gen_text(pkg, cveid, include_version = False, severity = 'FILLINSEVERITY'):
time_w = 'were'
header = '''Package: %s\n''' % (pkg)
- if include_version:
- header += 'Version: FILLINAFFECTEDVERSION\n'
+ if affected is None:
+ if blanks:
+ header += "Version: FILLINAFFECTEDVERSION\n"
+ else:
+ header += "Version: %s\n" % affected
+ if cc and len(cclist) > 0:
+ header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
header += '''Severity: %s
Tags: security
@@ -160,31 +166,54 @@ For further information see:''' % (vuln_suff, cve_suff)
print '\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
print '(issues without CVE id are assigned a TEMP one, but it may change over time)\n'
- if not include_version:
- print '''Please adjust the affected versions in the BTS as needed.\n'''
+ if not blanks:
+ print '''\nPlease adjust the affected versions in the BTS as needed.\n'''
def error(msg):
print 'error: ' + msg
sys.exit(1)
-def usage():
- print sys.argv[0], '[--no-blanks] <pkg> <cve id(s)>'
- sys.exit(0)
+class NegateAction(argparse.Action):
+ '''add a toggle flag to argparse
+
+ this is similar to 'store_true' or 'store_false', but allows
+ arguments prefixed with --no to disable the default. the default
+ is set depending on the first argument - if it starts with the
+ negative form (define by default as '--no'), the default is False,
+ otherwise True.
+ '''
+
+ negative = '--no'
+
+ def __init__(self, option_strings, *args, **kwargs):
+ '''set default depending on the first argument'''
+ default = not option_strings[0].startswith(self.negative)
+ super(NegateAction, self).__init__(option_strings, *args,
+ default=default, nargs=0, **kwargs)
+
+ def __call__(self, parser, ns, values, option):
+ '''set the truth value depending on whether
+ it starts with the negative form'''
+ setattr(ns, self.dest, not option.startswith(self.negative))
+
def main():
- if len(sys.argv) < 3:
- usage()
-
- blanks = True
- if sys.argv[1] == '--no-blanks':
- if len(sys.argv) < 4:
- usage()
- blanks = False
- pkg = sys.argv[2]
- cve = sys.argv[3:]
- else:
- pkg = sys.argv[1]
- cve = sys.argv[2:]
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--no-blanks', '--blanks', dest='blanks', action=NegateAction,
+ help='include blank fields to be filled (default: %(default)s)')
+ parser.add_argument('--affected', help='affected version (default: unspecified)')
+ parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)')
+ parser.add_argument('--no-cc', '--cc', dest='cc', action=NegateAction,
+ help='add X-Debbugs-CC header to')
+ parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
+ help='list of addres to add in CC (default: %(default)s)')
+ parser.add_argument('pkg', help='affected package')
+ parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs')
+ args = parser.parse_args()
+
+ blanks = args.blanks
+ pkg = args.pkg
+ cve = args.cve
# check for valid parameters
p = re.compile('^[0-9a-z].*')
@@ -197,10 +226,7 @@ def main():
if not c.match(arg) and not temp_id.match(arg):
error(arg + ' does not seem to be a valid CVE id')
- if blanks:
- gen_text(pkg, cve)
- else:
- gen_text(pkg, cve, False, 'grave')
+ gen_text(pkg, cve, affected=args.affected, blanks=args.blanks, severity=args.severity, cc=args.cc, cclist=args.cclist)
if __name__ == '__main__':
main()
--
2.11.0
>From 32e601dc708c067476e8608d3ac3594c3522beb2 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:31:08 +0200
Subject: [PATCH 2/7] report-vuln: Adding X-Debbugs-CC should be the default
---
bin/report-vuln | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index 41c76f527..aab967277 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -203,7 +203,7 @@ def main():
help='include blank fields to be filled (default: %(default)s)')
parser.add_argument('--affected', help='affected version (default: unspecified)')
parser.add_argument('--severity', default='grave', help='severity (default: %(default)s)')
- parser.add_argument('--no-cc', '--cc', dest='cc', action=NegateAction,
+ parser.add_argument('--cc', '--no-cc', dest='cc', action=NegateAction,
help='add X-Debbugs-CC header to')
parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
help='list of addres to add in CC (default: %(default)s)')
--
2.11.0
>From 3bdeec18749bcdcc16afe93d43c5876a4389364b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:31:44 +0200
Subject: [PATCH 3/7] report-vuln: Fix typo in help text for --cc/--no-cc
argument
---
bin/report-vuln | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index aab967277..cdad3a522 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -206,7 +206,7 @@ def main():
parser.add_argument('--cc', '--no-cc', dest='cc', action=NegateAction,
help='add X-Debbugs-CC header to')
parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
- help='list of addres to add in CC (default: %(default)s)')
+ help='list of addresses to add in CC (default: %(default)s)')
parser.add_argument('pkg', help='affected package')
parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs')
args = parser.parse_args()
--
2.11.0
>From ec15cca4f1045ae3b311d25aa4fa00c4010da370 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:32:56 +0200
Subject: [PATCH 4/7] report-vuln: FILLINSEVERITY not used anymore
---
bin/report-vuln | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index cdad3a522..d98869538 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -113,7 +113,7 @@ def get_cve(id):
return ret + '\n'
-def gen_text(pkg, cveid, blanks = False, severity = 'FILLINSEVERITY', affected=None, cc=False, cclist=None):
+def gen_text(pkg, cveid, blanks = False, severity = None, affected=None, cc=False, cclist=None):
vuln_suff = 'y'
cve_suff = ''
time_w = 'was'
--
2.11.0
>From cc34d003c62b485a35a320b5d5330d49955f114c Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:34:24 +0200
Subject: [PATCH 5/7] report-vuln: Report issues against source package as
tracked in security-tracker
---
bin/report-vuln | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index d98869538..311891cff 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -124,7 +124,7 @@ def gen_text(pkg, cveid, blanks = False, severity = None, affected=None, cc=Fals
vuln_suff = 'ies'
time_w = 'were'
- header = '''Package: %s\n''' % (pkg)
+ header = '''Source: %s\n''' % (pkg)
if affected is None:
if blanks:
header += "Version: FILLINAFFECTEDVERSION\n"
@@ -207,7 +207,7 @@ def main():
help='add X-Debbugs-CC header to')
parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
help='list of addresses to add in CC (default: %(default)s)')
- parser.add_argument('pkg', help='affected package')
+ parser.add_argument('pkg', help='affected source package')
parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs')
args = parser.parse_args()
--
2.11.0
>From 68babc24fc26d3186a4d566295287e21b835f51d Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:35:29 +0200
Subject: [PATCH 6/7] report-vuln: Clarify help text for CVE arguments
---
bin/report-vuln | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index 311891cff..00fc4c97d 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -208,7 +208,7 @@ def main():
parser.add_argument('--cc-list', dest='cclist', default=['team@security.debian.org', 'secure-testing-team@lists.alioth.debian.org'],
help='list of addresses to add in CC (default: %(default)s)')
parser.add_argument('pkg', help='affected source package')
- parser.add_argument('cve', nargs='+', help='relevant CVE for this issue, may be used multiple time if the issue has multiple CVEs')
+ parser.add_argument('cve', nargs='+', help='relevant CVE for this source package, may be used multiple time if the issue has multiple CVEs')
args = parser.parse_args()
blanks = args.blanks
--
2.11.0
>From 4fec92f8b5d56f98465a8b3f7dbe52858c68e634 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Mar 2017 07:38:53 +0200
Subject: [PATCH 7/7] report-vuln: Use consistent style for arguments of
defined functions
---
bin/report-vuln | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index 00fc4c97d..d62156fad 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -29,7 +29,7 @@ def setup_path():
base = dirname(dirname(os.path.realpath(sys.argv[0])))
sys.path.insert(0, os.path.join(base, "lib", "python"))
-def description_from_list(id, pkg = '', skip_entries = 0):
+def description_from_list(id, pkg='', skip_entries=0):
setup_path()
import bugs
import debian_support
@@ -113,7 +113,7 @@ def get_cve(id):
return ret + '\n'
-def gen_text(pkg, cveid, blanks = False, severity = None, affected=None, cc=False, cclist=None):
+def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False, cclist=None):
vuln_suff = 'y'
cve_suff = ''
time_w = 'was'
--
2.11.0
Reply to: