diff options
| author |   Alice Ferrazzi <alice.ferrazzi@gmail.com> | 2017-08-20 01:41:09 +0900 |
|---|---|---|
| committer | Alice Ferrazzi <alice.ferrazzi@gmail.com> | 2017-08-20 01:41:09 +0900 |
| commit | 7dd9bbdced149e3e05d3e6b1681886d6721cc557 (patch) | |
| tree | 5d7c00b6f1093b4962effc4c351199c6936d1493 | |
| parent | remove duplicated from the cve list (diff) | |
| download | elivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.tar.gz elivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.tar.bz2 elivepatch-7dd9bbdced149e3e05d3e6b1681886d6721cc557.zip | |
return list of cve id and cve patch after getting the missing cve from the
installed kernel.
build and install the cve patches.
| -rw-r--r-- | elivepatch_client/client/cli.py | 9 | ||||
| -rw-r--r-- | elivepatch_client/client/security.py | 10 |
2 files changed, 15 insertions, 4 deletions
diff --git a/elivepatch_client/client/cli.py b/elivepatch_client/client/cli.py index 2f45f67..a6b017e 100644 --- a/elivepatch_client/client/cli.py +++ b/elivepatch_client/client/cli.py @@ -42,7 +42,14 @@ class Main(object): print("CVE repository already present.") print("updating...") # TODO: update repository - cve_repository.cve_git_id() + cve_patch_list = cve_repository.cve_git_id() + for cve_id, cve_patch in cve_patch_list: + print(cve_id, cve_patch) + current_kernel = Kernel(config.url, config.kernel_version) + current_kernel.set_config(config.config) + current_kernel.set_main_patch(cve_patch) + current_kernel.send_files(applied_patches_list) + current_kernel.get_livepatch() elif config.patch: patch_manager = patch.ManaGer() applied_patches_list = patch_manager.list(config.kernel_version) diff --git a/elivepatch_client/client/security.py b/elivepatch_client/client/security.py index 7c97f57..a4477ee 100644 --- a/elivepatch_client/client/security.py +++ b/elivepatch_client/client/security.py @@ -44,6 +44,7 @@ class CVE(object): if int(version) > revision_version: cve_2d_list.append(self.cve_id(major_version, minor_version, version)) + cve_outfile_list = [] patch_index = 0 if not os.path.exists(self.cve_patches_dir): os.mkdir(self.cve_patches_dir) @@ -51,16 +52,19 @@ class CVE(object): # Remove duplicated cve_id from the cve list for not add the same patch cve_list = [ii for n,ii in enumerate(cve_list) if ii not in cve_list[:n]] for cve_id in cve_list: - self.download_cve_patch(cve_id, str(patch_index)) + cve_outfile = self.download_cve_patch(cve_id, str(patch_index)) + cve_outfile_list.append([cve_outfile[0], cve_outfile[1].name]) patch_index +=1 + return cve_outfile_list def download_cve_patch(self, cve_id, patch_index): file_name= self.cve_patches_dir + patch_index + '.patch' # Download the file from `url` and save it locally under `file_name`: - with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id) as response, \ + with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id[1]) as response, \ open(file_name, 'wb') as out_file: shutil.copyfileobj(response, out_file) + return [cve_id[0],out_file] def cve_id(self, major_version, minor_version, revision_version): security_file = open("/tmp/kernel_cve/"+str(major_version)+"."+str(minor_version)+ @@ -75,7 +79,7 @@ class CVE(object): ":") in excluded_line: for included_line in security_file: if not "\n" is included_line: - git_security_id.append(included_line.strip().split(' ')[1]) + git_security_id.append([included_line.strip().split(' ')[0].replace(':',''),included_line.strip().split(' ')[1]]) else: # debug # print('got cve for '+str(major_version)+ |