Author: agx
Date: 2017-12-01 14:19:09 +0000 (Fri, 01 Dec 2017)
New Revision: 58182
Modified:
bin/report-vuln
Log:
report-vuln: allow to invoke mailer
This allows to invoke the mailer directly like
bin/report-vuln -M <pkg> <cve>...
the default behaviour is unchanged.
Modified: bin/report-vuln
===================================================================
--- bin/report-vuln 2017-12-01 12:04:20 UTC (rev 58181)
+++ bin/report-vuln 2017-12-01 14:19:09 UTC (rev 58182)
@@ -1,25 +1,18 @@
#!/usr/bin/env python
#
-# generate bug report content for a given package name
-# and a number of CVE ids
+# generate bug report content/mail for a given package name and a
+# number of CVE ids
#
-# you could use it for example in combination with the
-# following shell function:
+# To invoke the mailer right away:
#
-# report-vuln(){
-# TMPFILE="$HOME/reportbug.tmp"
-# $HOME/debian/svn/secure-testing/bin/report-vuln -m "$@" > $TMPFILE
-# mutt -H $TMPFILE
-# rm $TMPFILE
-# }
+# $HOME/debian/svn/secure-testing/bin/report-vuln -M <pkg> <CVE>
#
-# in bash, this can be simply:
-#
-# mutt -H <($HOME/debian/svn/secure-testing/bin/report-vuln -m <pkg> <CVE>)
-#
# export http_proxy if you need to use an http proxy to report bugs
+from __future__ import print_function
+
import argparse
+from tempfile import NamedTemporaryFile
import sys, re, urllib, os
temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
@@ -118,10 +111,11 @@
cve_suff = ''
time_w = 'was'
temp_id_cnt = 0
- header = ''
+ ret = ''
+
if mh:
- header += '''To: sub...@bugs.debian.org
+ ret += '''To: sub...@bugs.debian.org
Subject: %s: %s
''' % (pkg, ' '.join(cveid))
@@ -132,56 +126,55 @@
time_w = 'were'
if src:
- header += '''Source: %s\n''' % (pkg)
+ ret += 'Source: %s\n' % (pkg)
else:
- header += '''Package: %s\n''' % (pkg)
+ ret += 'Package: %s\n' % (pkg)
if affected is None:
if blanks:
- header += "Version: FILLINAFFECTEDVERSION\n"
+ ret += "Version: FILLINAFFECTEDVERSION\n"
else:
- header += "Version: %s\n" % affected
+ ret += "Version: %s\n" % affected
if cc and len(cclist) > 0:
- header += "X-Debbugs-CC: %s\n" % " ".join(cclist)
- header += '''Severity: %s
+ ret += "X-Debbugs-CC: %s\n" % " ".join(cclist)
+ ret += '''Severity: %s
Tags: security
Hi,
-the following vulnerabilit%s %s published for %s.
+the following vulnerabilit%s %s published for %s.\n
''' % (severity, vuln_suff, time_w, pkg)
- footer = '''If you fix the vulnerabilit%s please also make sure to include
the
-CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry.
-
-For further information see:''' % (vuln_suff, cve_suff)
-
- print header
for cnt, cve in enumerate(cveid):
if not temp_id.match(cve):
- print cve + '[' + str(cnt) + ']:'
- print get_cve(cve)
+ ret += cve + '[' + str(cnt) + ']:\n'
+ ret += get_cve(cve) + '\n'
else:
- print '''Issue without CVE id #%d [%d]:''' % (temp_id_cnt, cnt)
+ ret += 'Issue without CVE id #%d [%d]:\n' % (temp_id_cnt, cnt)
desc = description_from_list(cve, pkg, temp_id_cnt)
if desc:
- print desc + '\n'
+ ret += desc + '\n\n'
else:
- print 'No description has been specified\n'
+ ret += 'No description has been specified\n\n'
temp_id_cnt += 1
- print footer
- print gen_index(cveid)
+ ret += '''If you fix the vulnerabilit%s please also make sure to include
the
+CVE (Common Vulnerabilities & Exposures) id%s in your changelog entry.
+For further information see:\n''' % (vuln_suff, cve_suff)
+ ret += gen_index(cveid) + '\n'
+
if temp_id_cnt > 0:
- print
'\nhttps://security-tracker.debian.org/tracker/source-package/%s' % (pkg)
- print '(issues without CVE id are assigned a TEMP one, but it may
change over time)\n'
+ ret +=
'\nhttps://security-tracker.debian.org/tracker/source-package/%s\n' % (pkg)
+ ret += '(issues without CVE id are assigned a TEMP one, but it may
change over time)\n'
if not blanks:
- print '''\nPlease adjust the affected versions in the BTS as
needed.\n'''
+ ret += '\nPlease adjust the affected versions in the BTS as needed.\n'
+ return ret
+
def error(msg):
- print 'error: ' + msg
+ print('error: ' + msg, file=sys.stderr)
sys.exit(1)
class NegateAction(argparse.Action):
@@ -220,6 +213,10 @@
help='list of addresses to add in CC (default:
%(default)s)')
parser.add_argument('--src', action="store_true", help='report against
source package')
parser.add_argument('-m', '--mail-header', action="store_true",
help='generate a mail header')
+ parser.add_argument('-M', '--mail', action="store_true", help='invoke
mailer right aways')
+ parser.add_argument('--mailer', action='store', default='mutt -H {}',
+ help='Command executed. Must contain {} to be replaced
'
+ 'by the filename of the draft bugreport')
parser.add_argument('pkg', help='affected package')
parser.add_argument('cve', nargs='+', help='relevant CVE for this source
package, may be used multiple time if the issue has multiple CVEs')
args = parser.parse_args()
@@ -239,7 +236,23 @@
if not c.match(arg) and not temp_id.match(arg):
error(arg + ' does not seem to be a valid CVE id')
- gen_text(pkg, cve, affected=args.affected, blanks=args.blanks,
severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src,
mh=args.mail_header)
+ text = gen_text(pkg, cve,
+ affected=args.affected,
+ blanks=args.blanks,
+ severity=args.severity,
+ cc=args.cc,
+ cclist=args.cclist,
+ src=args.src,
+ mh=args.mail_header or args.mail)
+ if args.mail:
+ with NamedTemporaryFile(prefix='report-vuln', suffix='.txt') as
bugmail:
+ bugmail.write(text)
+ bugmail.flush()
+ os.system(args.mailer.format(bugmail.name))
+ else:
+ print(text)
+
+
if __name__ == '__main__':
main()
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
