1 |
commit: 5976eb82d7f4af4de9083914cfb728ed1a331e38 |
2 |
Author: John Helmert III <ajak <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jul 5 20:10:05 2021 +0000 |
4 |
Commit: John Helmert III <ajak <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jul 5 20:20:36 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/security.git/commit/?id=5976eb82 |
7 |
|
8 |
cvetool: reorganize cvetool code into python module and callable script |
9 |
|
10 |
Signed-off-by: John Helmert III <ajak <AT> gentoo.org> |
11 |
|
12 |
bin/CVETool.py | 18 ++++++++++++++ |
13 |
bin/cvetool | 25 ++------------------ |
14 |
bin/glsatool | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
15 |
3 files changed, 94 insertions(+), 23 deletions(-) |
16 |
|
17 |
diff --git a/bin/CVETool.py b/bin/CVETool.py |
18 |
index c5996f6..7a5c576 100644 |
19 |
--- a/bin/CVETool.py |
20 |
+++ b/bin/CVETool.py |
21 |
@@ -240,3 +240,21 @@ class CVETool: |
22 |
if jsondata: |
23 |
return response.json() |
24 |
return response.text |
25 |
+ |
26 |
+ |
27 |
+def cvetool(): |
28 |
+ if len(sys.argv) == 1: |
29 |
+ CVETool(None, 'usage', sys.argv[2:]) |
30 |
+ |
31 |
+ auth = None |
32 |
+ authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth') |
33 |
+ if 'CVETOOL_AUTH' in os.environ: |
34 |
+ auth = os.environ['CVETOOL_AUTH'] |
35 |
+ elif os.path.isfile(authpath): |
36 |
+ with open(authpath, 'r') as authfile: |
37 |
+ auth = authfile.readlines()[0] |
38 |
+ elif 'CVETOOL_AUTH' not in os.environ and not sys.argv[1] == 'pw': |
39 |
+ print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.') |
40 |
+ sys.exit(1) |
41 |
+ |
42 |
+ CVETool(auth, sys.argv[1], sys.argv[2:]) |
43 |
|
44 |
diff --git a/bin/cvetool b/bin/cvetool |
45 |
index 7e30837..d5aa25f 100755 |
46 |
--- a/bin/cvetool |
47 |
+++ b/bin/cvetool |
48 |
@@ -2,32 +2,11 @@ |
49 |
# Copyright 2016 Alex Legler |
50 |
# Distributed under the terms of the GNU General Public License v3 |
51 |
|
52 |
-import os |
53 |
-import re |
54 |
-import sys |
55 |
- |
56 |
-from CVETool import CVETool |
57 |
- |
58 |
-def main(): |
59 |
- if len(sys.argv) == 1: |
60 |
- CVETool(None, 'usage', sys.argv[2:]) |
61 |
- |
62 |
- auth = None |
63 |
- authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth') |
64 |
- if 'CVETOOL_AUTH' in os.environ: |
65 |
- auth = os.environ['CVETOOL_AUTH'] |
66 |
- elif os.path.isfile(authpath): |
67 |
- with open(authpath, 'r') as authfile: |
68 |
- auth = authfile.readlines()[0] |
69 |
- elif 'CVETOOL_AUTH' not in os.environ and not sys.argv[1] == 'pw': |
70 |
- print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.') |
71 |
- sys.exit(1) |
72 |
- |
73 |
- CVETool(auth, sys.argv[1], sys.argv[2:]) |
74 |
+from CVETool import CVETool, cvetool |
75 |
|
76 |
|
77 |
if __name__ == "__main__": |
78 |
try: |
79 |
- main() |
80 |
+ cvetool() |
81 |
except KeyboardInterrupt: |
82 |
print('\n ! Exiting.') |
83 |
|
84 |
diff --git a/bin/glsatool b/bin/glsatool |
85 |
new file mode 100755 |
86 |
index 0000000..4582a40 |
87 |
--- /dev/null |
88 |
+++ b/bin/glsatool |
89 |
@@ -0,0 +1,74 @@ |
90 |
+#!/usr/bin/env python |
91 |
+ |
92 |
+import argparse |
93 |
+import os |
94 |
+import re |
95 |
+import typing |
96 |
+ |
97 |
+import bugzilla |
98 |
+import bracex |
99 |
+import pkgcore.config |
100 |
+from pkgcore.ebuild import atom |
101 |
+import requests |
102 |
+ |
103 |
+from cvetool import CVETool |
104 |
+ |
105 |
+PKG_SEPARATORS = re.compile(r':\s|[\s,;(){}[\]]') |
106 |
+GLSAMAKER_URI = 'https://glsamaker.gentoo.org' |
107 |
+bgo = bugzilla.Bugzilla('https://bugs.gentoo.org') |
108 |
+repo = pkgcore.config.load_config().repo['gentoo'] |
109 |
+ |
110 |
+ |
111 |
+class GLSATool: |
112 |
+ """ Utility to ease GLSA handling in GLSAMaker """ |
113 |
+ |
114 |
+ def __init__(self, auth): |
115 |
+ self.auth = auth |
116 |
+ |
117 |
+ # https://github.com/mgorny/kuroneko/blob/master/kuroneko/scraper.py#L80 |
118 |
+ def find_package_specs(s: str) -> typing.Iterable[atom.atom]: |
119 |
+ """Find potentially valid package specifications in given string.""" |
120 |
+ words = set() |
121 |
+ # consider all possible expansions |
122 |
+ for exp in bracex.iexpand(s): |
123 |
+ words.update(PKG_SEPARATORS.split(exp)) |
124 |
+ for w in words: |
125 |
+ # skip anything that couldn't be cat/pkg early |
126 |
+ if '/' not in w: |
127 |
+ continue |
128 |
+ try: |
129 |
+ yield atom.atom(w) |
130 |
+ except MalformedAtom: |
131 |
+ continue |
132 |
+ |
133 |
+ def new_glsa(auth, title, bugs): |
134 |
+ post = requests.post(GLSAMAKER_URI + '/glsas', |
135 |
+ data={'title': title + ' [DRAFT]', |
136 |
+ 'bugs': ','.join(bugs), |
137 |
+ 'access': 'public', |
138 |
+ 'import_references': '1', |
139 |
+ 'what': 'request', # ??? |
140 |
+ 'authenticity_token': 'k75YYdGlcL+dlZS7RKXSVxKaKl2tiiMvwWlReFtKzt3NCKDE2AeskkrZ851xJB7uCBRUTpstV+/aqUTEx3MfIQ=='}, |
141 |
+ headers={'Authorization': 'Basic ' + auth}) |
142 |
+ if not post.ok: |
143 |
+ import pdb; pdb.set_trace() |
144 |
+ |
145 |
+ |
146 |
+def get_auth(): |
147 |
+ authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth') |
148 |
+ if 'CVETOOL_AUTH' in os.environ: |
149 |
+ return os.environ['CVETOOL_AUTH'] |
150 |
+ elif os.path.isfile(authpath): |
151 |
+ with open(authpath, 'r') as authfile: |
152 |
+ return authfile.readlines()[0] |
153 |
+ |
154 |
+ |
155 |
+if __name__ == '__main__': |
156 |
+ parser = argparse.ArgumentParser() |
157 |
+ parser.add_argument('-b', '--bugs', required=True, nargs='+') |
158 |
+ parser.add_argument('-t', '--title', required=True) |
159 |
+ args = parser.parse_args() |
160 |
+ auth = get_auth() |
161 |
+ for bug in args.bugs: |
162 |
+ CVETool(auth, 'dobug', [bug]) |
163 |
+ new_glsa(auth, args.title, args.bugs) |