Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kernel-check.py
diff options
context:
space:
mode:
Diffstat (limited to 'kernel-check.py')
-rwxr-xr-xkernel-check.py128
1 files changed, 66 insertions, 62 deletions
diff --git a/kernel-check.py b/kernel-check.py
index 71ce470..1038b35 100755
--- a/kernel-check.py
+++ b/kernel-check.py
@@ -63,20 +63,17 @@ def main(argv):
supported = list()
for item in lib.SUPPORTED:
- best = (lib.best_version(item))
+ best = (lib.all_version(item))
if best and best is not None:
- if item == 'gentoo':
- best.genpatch = lib.get_genpatch(lib.read_genpatch_file(
- lib.DIR['out']), best)
- supported.append(best)
+ for i in best:
+ if item == 'gentoo':
+ i.genpatch = lib.get_genpatch(lib.read_genpatch_file(
+ lib.DIR['out']), i)
+ supported.append(i)
kernel.genpatch = lib.get_genpatch(lib.read_genpatch_file(lib.DIR['out']),
kernel)
-
- best_gp = lib.get_genpatch(lib.read_genpatch_file(lib.DIR['out']),
- best)
-
if kernel.genpatch is not None:
info('Gen(too)patch : %s' % color('GOOD', '%s %s' %
(kernel.genpatch.version, repr(kernel.genpatch))))
@@ -88,67 +85,67 @@ def main(argv):
info('Architecture : %s' % color('GOOD', arch))
else:
error('No architecture found!')
- sys.exit()
+ return
print '\n>>> Reading all kernel vulnerabilities'
kernel_eval = lib.eval_cve_files(lib.DIR['out'], kernel, arch)
- for item in supported:
- best_eval = lib.eval_cve_files(lib.DIR['out'], item, arch)
-
- bundle = lib.bundle_evaluation(kernel_eval, best_eval)
- if bundle is not None:
- info('%s vulnerabilities read.' %
- color('GOOD', str(bundle.read)))
- info('%s apply to this architecture.' %
- color('GOOD', str(bundle.match)))
- info('%s do not affect this system.' %
- color('GOOD', str(bundle.fixed)))
-
- if len(bundle.notfix):
- if not lib.VERBOSE:
- warn('%s have not been fixed yet.' %
- color('WARN', str(len(bundle.notfix))))
- else:
- print ''
- warn('%s have not been fixed yet:' %
- color('WARN', str(len(bundle.notfix))))
- print_summary(bundle.notfix)
-
- else:
- info('No vulnerabilities have not been fixed yet.')
-
- if len(bundle.canfix):
- error('%s can be fixed by upgrading:' %
- color('BAD', str(len(bundle.canfix))))
- else:
- info('No vulnerability can be fixed by upgrading.')
+ info('%s vulnerabilities read.' %
+ color('GOOD', str(kernel_eval.read)))
+ info('%s apply to this architecture.' %
+ color('GOOD', str(kernel_eval.arch)))
+ info('%s do not affect this kernel.' %
+ color('GOOD', str(len(kernel_eval.unaffected))))
- else:
- error('No vulnerability files found!')
- return
+ if (len(kernel_eval.affected) is 0):
+ info('Your kernel is not affected by any known vulnerabilites!')
+ return
- if len(bundle.canfix):
- print_summary(bundle.canfix)
- info('It is recommended to upgrade your kernel to %s.' %
- color('GOOD', item.version + '-' + item.revision))
- else:
- print ""
- if kernel == item:
- info('Your kernel is up to date!')
- else:
- info('Upgrading your kernel to %s ' %
- color('GOOD', item.version + '-' + item.revision))
- info('does not improve your security!')
-
- if len(bundle.canfix) or (len(bundle.notfix) and lib.VERBOSE):
- info('')
- info('To print more information about a vulnerability try:')
- info('')
- info(' $ %s -s [bugid|cve]' % sys.argv[0])
- info('')
+ error('%s affect you kernel: ' %
+ color('BAD', str(len(kernel_eval.affected))))
+ print_summary(kernel_eval.affected)
+
+ info('You have the following choices: ')
+ print ''
+ info('[1] Recommended')
+ info('Keep your current kernel: %s' % color('BRACKET',
+ 'sys-kernel/%s-sources-%s-%s' % (
+ kernel.source, kernel.version, kernel.revision)))
+ print ''
+
+ choice = 1
+ for item in supported:
+ supported_eval = lib.eval_cve_files(lib.DIR['out'], item, arch)
+ if kernel == item:
+ pass
+ #TODO
+ else:
+ comparison = lib.compare_evaluation(kernel_eval, supported_eval)
+
+ if comparison is not None:
+ choice += 1;
+ score = 0
+ for fix in comparison.fixed:
+ for cve in fix.cves:
+ score += float(cve.score)
+
+ for new in comparison.new:
+ for cve in new.cves:
+ score -= float(cve.score)
+
+ info('[%s] Recommended: (Score %s)' % (str(choice), score))
+ info('Upgrade to this kernel: %s' % color('BRACKET',
+ 'sys-kernel/%s-sources-%s-%s' % (
+ item.source, item.version, item.revision)))
+ info('which fixes %s of %s vulnerabilities and introduces %s' \
+ ' new' % (color('GOOD', str(len(comparison.fixed))),
+ color('BAD', str(len(kernel_eval.affected))),
+ color('BAD', str(len(comparison.new)))))
+ print ''
+
+ print_information()
print_beta()
@@ -248,6 +245,13 @@ def print_beta():
error('Please note that this tool might not operate as expected.')
error('Moreover the given information are most likely incorrect.')
+def print_information():
+ 'Prints an information message'
+
+ info('To print more information about a vulnerability try:')
+ info('')
+ info(' $ %s -s [bugid|cve]' % sys.argv[0])
+
def usage():
'Prints the usage screen'