diff options
| author |   Bjoern Tropf <asym@gentoo.org> | 2009-11-23 11:10:25 +0100 |
|---|---|---|
| committer | Bjoern Tropf <asym@gentoo.org> | 2009-11-23 11:10:25 +0100 |
| commit | e22811639dae0fcf24d0df09bc916b7c6bfd8a95 (patch) | |
| tree | c4befd9ddc31875c474f74f2485433cfd7bdff70 | |
| parent | More ideas... (diff) | |
| download | kernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.tar.gz kernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.tar.bz2 kernel-check-e22811639dae0fcf24d0df09bc916b7c6bfd8a95.zip | |
Further work on output
| -rwxr-xr-x | pym/kernelcheck/kernelcheck.py | 199 |
1 files changed, 53 insertions, 146 deletions
diff --git a/pym/kernelcheck/kernelcheck.py b/pym/kernelcheck/kernelcheck.py index a2d2437..bf3d6ca 100755 --- a/pym/kernelcheck/kernelcheck.py +++ b/pym/kernelcheck/kernelcheck.py @@ -3,7 +3,7 @@ # Copyright 2009-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -from portage.output import bold, colorize, darkgreen, green, teal, blue#TODO +from portage.output import blue, bold, colorize, EOutput, darkgreen #FIXME from _emerge.stdout_spinner import stdout_spinner from _emerge.userquery import userquery @@ -15,10 +15,9 @@ import os import lib.kernellib as lib -info = portage.output.EOutput().einfo -warn = portage.output.EOutput().ewarn -error = portage.output.EOutput().eerror -color = portage.output.colorize +info = EOutput().einfo #FIXME +warn = EOutput().ewarn +error = EOutput().eerror spin = stdout_spinner() term = portage.output.get_term_size() @@ -49,15 +48,9 @@ def main(argv): elif opt in ('-v', '--verbose'): lib.VERBOSE = True - """ - These are the packages that would be merged, in order: + information = dict() + configuration = dict() - Calculating dependencies... done! - - Total: 0 packages, Size of downloads: 0 kB - - Nothing to merge; would you like to auto-clean packages? [Yes/No] n - """ print '' print darkgreen('These are the specifications of your kernel:') print '' @@ -65,72 +58,65 @@ def main(argv): uname = os.uname() if uname[0] != 'Linux': error('This tool currently only works for Linux kernels.') - error('Apparantly you are using "%s".' % uname[0]) + error('Apparantly you are using "%s".' % uname[0]) #TODO return - info(bold('Information:')) - kernel = lib.extract_version(uname[2]) if kernel is None: error('No kernel information found!') return - kernel.version = '2.6.30' - - print ' %s : %s' % (darkgreen('kernel source '), kernel.source) - print ' %s : %s - %s' % (darkgreen('kernel version'), kernel.version, - kernel.revision) + + information['Kernel source'] = kernel.source + information['Kernel version'] = '%s%s' % (kernel.version, kernel.revision) kernel.genpatch = lib.get_genpatch(lib.PORTDIR, kernel) - if kernel.genpatch is not None:# TODO - - print ' %s : %s' % (darkgreen('kernel patches'), - '%s %s (%s)' % ('genpatch', - kernel.genpatch.version, - repr(kernel.genpatch))) + if kernel.genpatch is not None: #FIXME + information['Kernel patches'] = '%s %s (%s)' % ('genpatch', + kernel.genpatch.version, + repr(kernel.genpatch)) + elif kernel.source == 'gentoo': - warn('No genpatch information found!') + warn('No genpatch information found!') #FIXME arch = portage.settings['ARCH'] if arch: - print ' %s : %s' % (darkgreen('architecture '), arch) + information['Architecture'] = arch else: - error('No architecture found!') + error('No architecture found!') #FIXME return - - minaddr = str() + + info(bold('Information:')) + for item in information.keys(): + print ' %s%s : %s' % (darkgreen(item), ' ' * (14 - len(item)), + information[item]) + + min_addr = str() #TODO move to kernellib try: - minaddr = open('/proc/sys/vm/mmap_min_addr').read().strip() + min_addr = open('/proc/sys/vm/mmap_min_addr').read().strip() except: - minaddr = '?' - - modules = str() + min_addr = '?' + + configuration['Mmap_min_addr'] = min_addr + + modules = str() #TODO move to kernellib try: for line in open('/proc/modules').readlines(): modules += '%s ' % line.split(' ')[0] except: modules = '?' - + + configuration['Loaded modules'] = modules + print '' info(bold('Configuration:')) - print ' %s : %s' % (darkgreen('mmap_min_addr '), minaddr) - print ' %s : %s' % (darkgreen('loaded modules'), modules) - + for item in configuration.keys(): + print ' %s%s : %s' % (darkgreen(item), ' ' * (14 - len(item)), + configuration[item]) + print '\nDetermining vulnerabilities... done!' #TODO #spin print '' - """ - supported = list() - for item in lib.SUPPORTED: - best = (lib.all_version(item)) - if best and best is not None: - for i in best: - if item == 'gentoo': - i.genpatch = lib.get_genpatch(lib.read_genpatch_file( - lib.DIR['out']), i) - supported.append(i) - """ - kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch, None) if not kernel_eval: error('No kernel vulnerability files found!') @@ -138,9 +124,7 @@ def main(argv): print_summary(kernel_eval.affected) - - #TODO move to kernellib - low = int() + low = int() #TODO move to kernellib medium = int() high = int() cvss_score = float() @@ -174,8 +158,8 @@ def main(argv): severity_eval += ', ' severity_eval += '%s low' % low - print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' \ - % (len(kernel_eval.affected), severity_eval, cvss_score) + print 'Total: %s vulnerabilities (%s), Average CVSS score: %.1f' % ( + len(kernel_eval.affected), severity_eval, cvss_score) print '' @@ -184,78 +168,10 @@ def main(argv): print'' print'Quitting.' print '' - return else: print 'Not implemented yet ;)' - #print bold('Would you like to upgrade to the latest version? [%s/%s]' % ( - #color('GOOD', 'Yes'), color('BAD','No'))) #TODO read - - print '' - - """ - info('%s vulnerabilities read.' % - color('GOOD', str(kernel_eval.read))) - info('%s apply to this architecture.' % - color('GOOD', str(kernel_eval.arch))) - info('%s do not affect this kernel.' % - color('GOOD', str(len(kernel_eval.unaffected)))) - - if (len(kernel_eval.affected) is 0): - info('Your kernel is not affected by any known vulnerabilites!') - return - - - error('%s affect this kernel: ' % - color('BAD', str(len(kernel_eval.affected)))) - - info('You have the following choices: ') - print '' - - info('[1] Recommended') - info('Keep your current kernel: %s' % color('BRACKET', - 'sys-kernel/%s-sources-%s-%s' % ( - kernel.source, kernel.version, kernel.revision))) - print '' - - choice = 1 - for item in supported: - supported_eval = lib.eval_cve_files(lib.DIR['out'], item, arch) - - if not supported_eval or kernel == item: - continue - - else: - comparison = lib.compare_evaluation(kernel_eval, supported_eval) - - if comparison is not None: - choice += 1; - score = 0 - for fix in comparison.fixed: - for cve in fix.cves: - score += float(cve.score) - - for new in comparison.new: - for cve in new.cves: - score -= float(cve.score) - - info('[%s] Recommended: (Score %s)' % (str(choice), score)) - info('Upgrade to this kernel: %s' % color('BRACKET', - 'sys-kernel/%s-sources-%s-%s' % ( - item.source, item.version, item.revision))) - info('which fixes %s of %s vulnerabilities and introduces %s' \ - ' new' % (color('GOOD', str(len(comparison.fixed))), - color('BAD', str(len(kernel_eval.affected))), - color('BAD', str(len(comparison.new))))) - print '' - - - print_information() - print_beta() - - """ - def print_summary(vullist): 'Prints the vulnerability summary' @@ -274,42 +190,33 @@ def print_summary(vullist): severity = 'GOOD' elif cve.severity == 'Medium': severity = 'WARN' - + cve_text = str() cve_area = str() - + if 'AV:L' in cve.vector or 'AV:A' in cve.vector: - cve_area += color('WARN', 'local') + cve_area += colorize('WARN', 'local') else: - cve_area += color('BAD', 'network') + cve_area += colorize('BAD', 'network') - #no access - #no authentification - if 'C:P' in cve.vector or 'C:C' in cve.vector: cve_text += ' -confidentiality' - + if 'I:P' in cve.vector or 'I:C' in cve.vector: cve_text += ' -integrity' - + if 'A:P' in cve.vector or 'A:C' in cve.vector: cve_text += ' -availability' - + if ('C:P' in cve.vector or 'C:C' in cve.vector) \ and ('I:P' in cve.vector or 'I:C' in cve.vector) \ and ('A:P' in cve.vector or 'A:C' in cve.vector): - cve_text = ' -security' - + cve_text = ' -security' #TODO find a better way + first_text = textwrap.wrap(cve.desc, term[1] - 44)[0] print '[%s %26s] %s CVSS="%s %s%s"' % (darkgreen('bugid'), - color('GOOD', item.bugid), - darkgreen(cve.cve), - color(severity, cve.score), - cve_area, - blue(cve_text) - #(AV:L/AC:L/Au:N/C:N/I:N/A:P) - #teal('%s...' % first_text) - ) + colorize('GOOD', item.bugid), darkgreen(cve.cve), + colorize(severity, cve.score), cve_area, blue(cve_text)) print '' @@ -377,7 +284,7 @@ def print_beta(): print('') error('%s You are using an early version of kernel-check.' % - color('BAD', 'IMPORTANT')) + colorize('BAD', 'IMPORTANT')) error('Please note that this tool might not operate as expected.') |