summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjoern Tropf <asym@gentoo.org>2009-11-23 11:10:25 +0100
committerBjoern Tropf <asym@gentoo.org>2009-11-23 11:10:25 +0100
commite22811639dae0fcf24d0df09bc916b7c6bfd8a95 (patch)
treec4befd9ddc31875c474f74f2485433cfd7bdff70
parentMore ideas... (diff)
downloadkernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.tar.gz
kernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.tar.bz2
kernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.zip
Further work on output
-rwxr-xr-xpym/kernelcheck/kernelcheck.py199
1 files changed, 53 insertions, 146 deletions
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py
index a2d2437..bf3d6ca 100755
--- a/pym/kernelcheck/kernelcheck.py
+++ b/pym/kernelcheck/kernelcheck.py
@@ -3,7 +3,7 @@
# Copyright 2009-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-from portage.output import bold, colorize, darkgreen, green, teal, blue#TODO
+from portage.output import blue, bold, colorize, EOutput, darkgreen #FIXME
from _emerge.stdout_spinner import stdout_spinner
from _emerge.userquery import userquery
@@ -15,10 +15,9 @@ import os
import lib.kernellib as lib
-info = portage.output.EOutput().einfo
-warn = portage.output.EOutput().ewarn
-error = portage.output.EOutput().eerror
-color = portage.output.colorize
+info = EOutput().einfo #FIXME
+warn = EOutput().ewarn
+error = EOutput().eerror
spin = stdout_spinner()
term = portage.output.get_term_size()
@@ -49,15 +48,9 @@ def main(argv):
elif opt in ('-v', '--verbose'):
lib.VERBOSE = True
- """
- These are the packages that would be merged, in order:
+ information = dict()
+ configuration = dict()
- Calculating dependencies... done!
-
- Total: 0 packages, Size of downloads: 0 kB
-
- Nothing to merge; would you like to auto-clean packages? [Yes/No] n
- """
print ''
print darkgreen('These are the specifications of your kernel:')
print ''
@@ -65,72 +58,65 @@ def main(argv):
uname = os.uname()
if uname[0] != 'Linux':
error('This tool currently only works for Linux kernels.')
- error('Apparantly you are using "%s".' % uname[0])
+ error('Apparantly you are using "%s".' % uname[0]) #TODO
return
- info(bold('Information:'))
-
kernel = lib.extract_version(uname[2])
if kernel is None:
error('No kernel information found!')
return
- kernel.version = '2.6.30'
-
- print ' %s : %s' % (darkgreen('kernel source '), kernel.source)
- print ' %s : %s - %s' % (darkgreen('kernel version'), kernel.version,
- kernel.revision)
+
+ information['Kernel source'] = kernel.source
+ information['Kernel version'] = '%s%s' % (kernel.version, kernel.revision)
kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel)
- if kernel.genpatch is not None:# TODO
-
- print ' %s : %s' % (darkgreen('kernel patches'),
- '%s %s (%s)' % ('genpatch',
- kernel.genpatch.version,
- repr(kernel.genpatch)))
+ if kernel.genpatch is not None: #FIXME
+ information['Kernel patches'] = '%s %s (%s)' % ('genpatch',
+ kernel.genpatch.version,
+ repr(kernel.genpatch))
+
elif kernel.source == 'gentoo':
- warn('No genpatch information found!')
+ warn('No genpatch information found!') #FIXME
arch = portage.settings['ARCH']
if arch:
- print ' %s : %s' % (darkgreen('architecture '), arch)
+ information['Architecture'] = arch
else:
- error('No architecture found!')
+ error('No architecture found!') #FIXME
return
-
- minaddr = str()
+
+ info(bold('Information:'))
+ for item in information.keys():
+ print ' %s%s : %s' % (darkgreen(item), ' ' * (14 - len(item)),
+ information[item])
+
+ min_addr = str() #TODO move to kernellib
try:
- minaddr = open('/proc/sys/vm/mmap_min_addr').read().strip()
+ min_addr = open('/proc/sys/vm/mmap_min_addr').read().strip()
except:
- minaddr = '?'
-
- modules = str()
+ min_addr = '?'
+
+ configuration['Mmap_min_addr'] = min_addr
+
+ modules = str() #TODO move to kernellib
try:
for line in open('/proc/modules').readlines():
modules += '%s ' % line.split(' ')[0]
except:
modules = '?'
-
+
+ configuration['Loaded modules'] = modules
+
print ''
info(bold('Configuration:'))
- print ' %s : %s' % (darkgreen('mmap_min_addr '), minaddr)
- print ' %s : %s' % (darkgreen('loaded modules'), modules)
-
+ for item in configuration.keys():
+ print ' %s%s : %s' % (darkgreen(item), ' ' * (14 - len(item)),
+ configuration[item])
+
print '\nDetermining vulnerabilities... done!' #TODO #spin
print ''
- """
- supported = list()
- for item in lib.SUPPORTED:
- best = (lib.all_version(item))
- if best and best is not None:
- for i in best:
- if item == 'gentoo':
- i.genpatch = lib.get_genpatch(lib.read_genpatch_file(
- lib.DIR['out']), i)
- supported.append(i)
- """
-
kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None)
if not kernel_eval:
error('No kernel vulnerability files found!')
@@ -138,9 +124,7 @@ def main(argv):
print_summary(kernel_eval.affected)
-
- #TODO move to kernellib
- low = int()
+ low = int() #TODO move to kernellib
medium = int()
high = int()
cvss_score = float()
@@ -174,8 +158,8 @@ def main(argv):
severity_eval += ', '
severity_eval += '%s low' % low
- print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' \
- % (len(kernel_eval.affected), severity_eval, cvss_score)
+ print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % (
+ len(kernel_eval.affected), severity_eval, cvss_score)
print ''
@@ -184,78 +168,10 @@ def main(argv):
print''
print'Quitting.'
print ''
- return
else:
print 'Not implemented yet ;)'
- #print bold('Would you like to upgrade to the latest version? [%s/%s]' % (
- #color('GOOD', 'Yes'), color('BAD','No'))) #TODO read
-
- print ''
-
- """
- info('%s vulnerabilities read.' %
- color('GOOD', str(kernel_eval.read)))
- info('%s apply to this architecture.' %
- color('GOOD', str(kernel_eval.arch)))
- info('%s do not affect this kernel.' %
- color('GOOD', str(len(kernel_eval.unaffected))))
-
- if (len(kernel_eval.affected) is 0):
- info('Your kernel is not affected by any known vulnerabilites!')
- return
-
-
- error('%s affect this kernel: ' %
- color('BAD', str(len(kernel_eval.affected))))
-
- info('You have the following choices: ')
- print ''
-
- info('[1] Recommended')
- info('Keep your current kernel: %s' % color('BRACKET',
- 'sys-kernel/%s-sources-%s-%s' % (
- kernel.source, kernel.version, kernel.revision)))
- print ''
-
- choice = 1
- for item in supported:
- supported_eval = lib.eval_cve_files(lib.DIR['out'], item, arch)
-
- if not supported_eval or kernel == item:
- continue
-
- else:
- comparison = lib.compare_evaluation(kernel_eval, supported_eval)
-
- if comparison is not None:
- choice += 1;
- score = 0
- for fix in comparison.fixed:
- for cve in fix.cves:
- score += float(cve.score)
-
- for new in comparison.new:
- for cve in new.cves:
- score -= float(cve.score)
-
- info('[%s] Recommended: (Score %s)' % (str(choice), score))
- info('Upgrade to this kernel: %s' % color('BRACKET',
- 'sys-kernel/%s-sources-%s-%s' % (
- item.source, item.version, item.revision)))
- info('which fixes %s of %s vulnerabilities and introduces %s' \
- ' new' % (color('GOOD', str(len(comparison.fixed))),
- color('BAD', str(len(kernel_eval.affected))),
- color('BAD', str(len(comparison.new)))))
- print ''
-
-
- print_information()
- print_beta()
-
- """
-
def print_summary(vullist):
'Prints the vulnerability summary'
@@ -274,42 +190,33 @@ def print_summary(vullist):
severity = 'GOOD'
elif cve.severity == 'Medium':
severity = 'WARN'
-
+
cve_text = str()
cve_area = str()
-
+
if 'AV:L' in cve.vector or 'AV:A' in cve.vector:
- cve_area += color('WARN', 'local')
+ cve_area += colorize('WARN', 'local')
else:
- cve_area += color('BAD', 'network')
+ cve_area += colorize('BAD', 'network')
- #no access
- #no authentification
-
if 'C:P' in cve.vector or 'C:C' in cve.vector:
cve_text += ' -confidentiality'
-
+
if 'I:P' in cve.vector or 'I:C' in cve.vector:
cve_text += ' -integrity'
-
+
if 'A:P' in cve.vector or 'A:C' in cve.vector:
cve_text += ' -availability'
-
+
if ('C:P' in cve.vector or 'C:C' in cve.vector) \
and ('I:P' in cve.vector or 'I:C' in cve.vector) \
and ('A:P' in cve.vector or 'A:C' in cve.vector):
- cve_text = ' -security'
-
+ cve_text = ' -security' #TODO find a better way
+
first_text = textwrap.wrap(cve.desc, term[1] - 44)[0]
print '[%s %26s] %s CVSS="%s %s%s"' % (darkgreen('bugid'),
- color('GOOD', item.bugid),
- darkgreen(cve.cve),
- color(severity, cve.score),
- cve_area,
- blue(cve_text)
- #(AV:L/AC:L/Au:N/C:N/I:N/A:P)
- #teal('%s...' % first_text)
- )
+ colorize('GOOD', item.bugid), darkgreen(cve.cve),
+ colorize(severity, cve.score), cve_area, blue(cve_text))
print ''
@@ -377,7 +284,7 @@ def print_beta():
print('')
error('%s You are using an early version of kernel-check.' %
- color('BAD', 'IMPORTANT'))
+ colorize('BAD', 'IMPORTANT'))
error('Please note that this tool might not operate as expected.')