diff options
Diffstat (limited to 'pym/kernelcheck')
-rwxr-xr-x | pym/kernelcheck/kernelcheck.py | 93 | ||||
-rw-r--r-- | pym/kernelcheck/lib/kernellib.py | 30 |
2 files changed, 57 insertions, 66 deletions
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py index 5eac6b1..45914d6 100755 --- a/pym/kernelcheck/kernelcheck.py +++ b/pym/kernelcheck/kernelcheck.py @@ -31,7 +31,7 @@ def main(argv): try: opts, args = getopt.gnu_getopt(argv, 'dhnr:sv', ['debug', 'help', 'nocolor', 'report=', 'sync', 'verbose']) - except getopt.GetoptError, e: + except getopt.GetoptError: usage() return @@ -67,9 +67,9 @@ def main(argv): information = dict() - print '' - print darkgreen('These are the specifications of your kernel:') - print '' + print('') + print(darkgreen('These are the specifications of your kernel:')) + print('') uname = os.uname() if uname[0] != 'Linux': @@ -101,32 +101,36 @@ def main(argv): } print_items(information, 'Information') - print '' + print('') print_items(lib.gather_configuration(), 'Configuration') - print '\nDetermining vulnerabilities... done!' #TODO #spin - print '' + print('\nDetermining vulnerabilities... done!') #TODO #spin + print('') - kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None) - if not kernel_eval: + evaluation = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None) + if not evaluation: error('No kernel vulnerability files found!') return - print_summary(kernel_eval.affected) + if len(evaluation.affected) is not 0: + print_summary(evaluation.affected) - print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % ( - len(kernel_eval.affected), repr(kernel_eval), kernel_eval.avg_cvss) + print('Total: %s vulnerabilities (%s), Average CVSS score: %.1f\n' % ( + len(evaluation.affected), repr(evaluation), evaluation.avg_cvss)) - print '' + prompt = "Would you like to upgrade your kernel?" + if userquery(prompt, None) == 'No': + print('') + print('Quitting.') + print('') - prompt = "Would you like to upgrade your kernel?" - if userquery(prompt, None) == 'No': - print'' - print'Quitting.' - print '' + else: + print('Not implemented yet...') else: - print 'Not implemented yet ;)' + print('Total: 0 vulnerabilities, Average CVSS score: 0.0\n') + print(bold('Your kernel is not affected by any known vulnerability!')) + def print_items(category, header): 'Indents and prints items' @@ -140,49 +144,44 @@ def print_items(category, header): for i, string in enumerate(textwrap.wrap('%s' % category[item], (screenwidth - 23))): if i is 0: - print '%s%s%s : %s' % (' ' * 6, darkgreen(item), - ' ' * (14 - len(item)), string) + print('%s%s%s : %s' % (' ' * 6, darkgreen(item), + ' ' * (14 - len(item)), string)) else: - print '%s%s' % (' ' * 23, string) + print('%s%s' % (' ' * 23, string)) def print_summary(vullist): 'Prints the vulnerability summary' for item in vullist: - - whiteboard = str() - for interval in item.affected: - whiteboard += '[' + str(interval) + '] ' - if item.cves: for cve in item.cves: - cve_text = str() + cvetype = str() if 'AV:L' in cve.vector: - cve_text += colorize('BAD', 'local') + cvetype += colorize('BAD', 'local') if 'AV:A' in cve.vector or 'AV:N' in cve.vector: - cve_text += colorize('BAD', 'network') + cvetype += colorize('BAD', 'network') if ('C:P' in cve.vector or 'C:C' in cve.vector) \ and ('I:P' in cve.vector or 'I:C' in cve.vector) \ and ('A:P' in cve.vector or 'A:C' in cve.vector): - cve_text += '%s%s' % (' ', blue('-complete')) + cvetype += '%s%s' % (' ', blue('-complete')) else: if 'C:P' in cve.vector or 'C:C' in cve.vector: - cve_text += '%s%s' % (' ', blue('-confidentiality')) + cvetype += '%s%s' % (' ', blue('-confidentiality')) if 'I:P' in cve.vector or 'I:C' in cve.vector: - cve_text += '%s%s' % (' ', blue('-integrity')) + cvetype += '%s%s' % (' ', blue('-integrity')) if 'A:P' in cve.vector or 'A:C' in cve.vector: - cve_text += '%s%s' % (' ', blue('-availability')) + cvetype += '%s%s' % (' ', blue('-availability')) - print '[%s %26s] %s %s TYPE="%s"' % (darkgreen('bugid'), + print ('[%s %26s] %s %s TYPE="%s"') % (darkgreen('bugid'), colorize('GOOD', item.bugid), darkgreen(cve.cve), - blue('[%s]' % cve.score), cve_text) + blue('[%s]' % cve.score), cvetype) - print '' + print('') def print_bug(bugid): @@ -206,7 +205,7 @@ def print_bug(bugid): 'Architecture' : vul.arch.capitalize() } - print '' + print('') print_items(buginformation, 'Bugid %s' % bugid) for cve in vul.cves: @@ -235,7 +234,7 @@ def print_cve(cveid): } #TODO print cve.refs - print '' + print('') print_items(cveinformation, cve.cve) @@ -249,14 +248,14 @@ def print_information(): def usage(): 'Prints the usage screen' - print 'Usage: kernel-check [BUGID|CVE] [OPTION]...' - print 'Gentoo Kernel Security %s\n' % lib.VERSION - print ' -d, --debug display debugging information' - print ' -h, --help display help information' - print ' -n, --nocolor disable colors' - print ' -r, --report [file] create a security report' - print ' -s, --sync receive the latest vulnerabilities' - print ' -v, --verbose display additional information' + print('Usage: kernel-check [BUGID|CVE] [OPTION]...') + print('Gentoo Kernel Security %s\n' % lib.VERSION) + print(' -d, --debug display debugging information') + print(' -h, --help display help information') + print(' -n, --nocolor disable colors') + print(' -r, --report [file] create a security report') + print(' -s, --sync receive the latest vulnerabilities') + print(' -v, --verbose display additional information') if __name__ == '__main__': diff --git a/pym/kernelcheck/lib/kernellib.py b/pym/kernelcheck/lib/kernellib.py index 972b2d0..da69c0d 100644 --- a/pym/kernelcheck/lib/kernellib.py +++ b/pym/kernelcheck/lib/kernellib.py @@ -3,17 +3,10 @@ # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -from __future__ import with_statement -from contextlib import closing -import cStringIO -import datetime -import inspect -import logging import mmap import os import portage import re -import urllib import xml.etree.cElementTree @@ -61,8 +54,8 @@ DIR = { def BUG_ON(msg, e): if DEBUG: - print '[DEBUG] line %s in %s(): %s -> %s' % (inspect.stack()[1][2], - inspect.stack()[1][3], msg, e) + print('[DEBUG] line %s in %s(): %s -> %s' % (inspect.stack()[1][2], + inspect.stack()[1][3], msg, e)) class Evaluation: @@ -276,13 +269,13 @@ class Interval: interval = str(self.name) interval += ' ' if self.lower and self.lower_i: - interval += '>=%s ' % (self.lower) + interval += '>=%s ' % self.lower if self.lower and not self.lower_i: - interval += '>%s ' % (self.lower) + interval += '>%s ' % self.lower if self.upper and self.upper_i: - interval += '<=%s' % (self.upper) + interval += '<=%s' % self.upper if self.upper and not self.upper_i: - interval += '<%s' % (self.upper) + interval += '<%s' % self.upper return interval @@ -308,7 +301,7 @@ def interval_from_xml(root): return Interval(name, lower, upper, lower_i, upper_i) -#TODO Use exceptions +#TODO Add more kernel def is_in_interval(interval, kernel, bugid=None): 'Returns True if the given version is inside our specified interval' @@ -386,7 +379,7 @@ def extract_genpatch(ebuild, directory, sources): try: genpatch_v = REGEX['gp_version'].findall(content)[0] genpatch_w = REGEX['gp_want'].findall(content)[0] - except: + except: #FIXME return None kernel = Kernel(pkg[1].replace('-sources', '')) @@ -599,8 +592,7 @@ def extract_version(release): match = REGEX['k_version'].match(release) if not match: - BUG_ON('[Error] Release %s does not contain any valid information' % - release) + BUG_ON('[Error] Release %s contains no valid information' % release) return None version, rest = match.groups() @@ -659,14 +651,14 @@ def gather_configuration(): try: mmap_min_addr = open('/proc/sys/vm/mmap_min_addr').read().strip() - except: + except: #FIXME mmap_min_addr = '?' config['Mmap_min_addr'] = mmap_min_addr try: for line in open('/proc/modules').readlines(): modules += '%s ' % line.split(' ')[0] - except: + except: #FIXME modules = '?' config['Loaded modules'] = modules |