Commit 06a6fa7f authored by David Spencer's avatar David Spencer

pkgsrc: Omit -[0-9]*, use csv.reader.

parent 98850936
......@@ -9,6 +9,7 @@ import sys
import os
import re
import fnmatch
import csv
import braceexpand # https://pypi.org/project/braceexpand/
import libversion # https://pypi.org/project/libversion/
......@@ -52,14 +53,14 @@ plist=[]
# multiple versions of a package)
recnum=0
for pkgrec in pkglistfile:
recnum=recnum+1
try:
pkgnam, pkgver, pkgpatched, pkgignored = pkgrec.rstrip().split(",")
except:
print("Invalid pkglist format, line {:d}".format(recnum),file=sys.stderr)
continue
plist.append(Pkg(pkgnam,pkgver,pkgpatched,pkgignored))
pkgcsv=csv.reader(pkglistfile,dialect="unix",strict=True)
try:
for pkgrec in pkgcsv:
recnum=recnum+1
pkgnam, pkgver, pkgpatched, pkgignored = pkgrec
plist.append(Pkg(pkgnam,pkgver,pkgpatched,pkgignored))
except:
print("Invalid pkglist format, line {:d}".format(recnum),file=sys.stderr)
pkglistfile.close()
print("Processed {:d} records from {:s}".format(recnum,pkglistpath))
......@@ -67,8 +68,8 @@ print("Processed {:d} records from {:s}".format(recnum,pkglistpath))
#-----------------------------------------------------------------------
# Read and match the vulnerability list.
vulnlist=open(vulnlistpath,'r')
report=open(reportpath,'w')
vulnlistfile=open(vulnlistpath,'r')
reportfile=open(reportpath,'w')
# The pkgsrc pkg-vulnerabilities.txt file has the record format
# <vexpr><space><vcategory><space><vurl>
......@@ -88,6 +89,8 @@ report=open(reportpath,'w')
# <cond> is a condition, comprising <op><version>, where
# <op> is one of < <= = >= >
# <version> is a simple version string (package-specific format)
#
# Reference: http://www.netbsd.org/gallery/presentations/joerg/eurobsdcon2006/pkg_install.pdf
class Cond():
"""
......@@ -105,6 +108,12 @@ def printvulns(vglob,vcondlist,vcategory,vurl):
* 'p.version' 'vcond.op' 'vcond.version', for all vcond in vcondlist
"""
# Sadly, -[0-9]* does not mean what it literally says. Oh dear no.
# It means "any version", with, like, dots and stuff...
# so let's get rid of it.
if vglob.endswith("-[0-9]*"):
vglob=vglob[0:-7]
# Explictly compare in lower-case, because we want to be case
# insensitive, but these aren't filenames and we don't want
# to be at the mercy Python being "clever" about the host OS.
......@@ -136,39 +145,39 @@ def printvulns(vglob,vcondlist,vcategory,vurl):
print("{:s},{:s},{:s},{:s},{:s},{:s}".format(
p.name, p.version, p.patched, p.ignored,
vcategory, vurl),
file=report)
file=reportfile)
recnum=0
for vrec in vulnlist:
recnum=recnum+1
try:
vexpr, vcategory, vurl = vrec.rstrip().split(" ")
except:
print("Invalid vulnlist format, line {:d}".format(recnum),file=sys.stderr)
continue
vexprchunks=re.split("(<=|>=|<|=|>)",vexpr)
numchunks=len(vexprchunks)
if numchunks == 1:
vcondlist=[]
elif numchunks == 3:
vcondlist=[Cond(vexprchunks[1],vexprchunks[2])]
elif numchunks == 5:
vcondlist=[Cond(vexprchunks[1],vexprchunks[2]), Cond(vexprchunks[3],vexprchunks[4])]
else:
print("Invalid vulnlist format, line {:d}".format(recnum),file=sys.stderr)
continue
for vglob in list(braceexpand.braceexpand(vexprchunks[0])):
printvulns(vglob,vcondlist,vcategory,vurl)
vulnlist.close()
vulncsv=csv.reader(vulnlistfile,delimiter=" ",dialect="unix",strict=True)
try:
for vrec in vulncsv:
recnum=recnum+1
vexpr, vcategory, vurl = vrec
vexprchunks=re.split("(<=|>=|<|=|>)",vexpr)
numchunks=len(vexprchunks)
if numchunks == 1:
vcondlist=[]
elif numchunks == 3:
vcondlist=[Cond(vexprchunks[1],vexprchunks[2])]
elif numchunks == 5:
vcondlist=[Cond(vexprchunks[1],vexprchunks[2]), Cond(vexprchunks[3],vexprchunks[4])]
else:
print("Invalid match expression, record {:d}".format(recnum),file=sys.stderr)
continue
for vglob in list(braceexpand.braceexpand(vexprchunks[0])):
printvulns(vglob,vcondlist,vcategory,vurl)
except:
print("Invalid record format, record {:d}".format(recnum),file=sys.stderr)
vulnlistfile.close()
print("Processed {:d} records from {:s}".format(recnum,vulnlistpath))
report.close()
reportfile.close()
print("Wrote "+reportpath)
#-----------------------------------------------------------------------
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment