From 7dd9bbdced149e3e05d3e6b1681886d6721cc557 Mon Sep 17 00:00:00 2001 From: Alice Ferrazzi Date: Sun, 20 Aug 2017 01:41:09 +0900 Subject: return list of cve id and cve patch after getting the missing cve from the installed kernel. build and install the cve patches. --- elivepatch_client/client/cli.py | 9 ++++++++- elivepatch_client/client/security.py | 10 +++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/elivepatch_client/client/cli.py b/elivepatch_client/client/cli.py index 2f45f67..a6b017e 100644 --- a/elivepatch_client/client/cli.py +++ b/elivepatch_client/client/cli.py @@ -42,7 +42,14 @@ class Main(object): print("CVE repository already present.") print("updating...") # TODO: update repository - cve_repository.cve_git_id() + cve_patch_list = cve_repository.cve_git_id() + for cve_id, cve_patch in cve_patch_list: + print(cve_id, cve_patch) + current_kernel = Kernel(config.url, config.kernel_version) + current_kernel.set_config(config.config) + current_kernel.set_main_patch(cve_patch) + current_kernel.send_files(applied_patches_list) + current_kernel.get_livepatch() elif config.patch: patch_manager = patch.ManaGer() applied_patches_list = patch_manager.list(config.kernel_version) diff --git a/elivepatch_client/client/security.py b/elivepatch_client/client/security.py index 7c97f57..a4477ee 100644 --- a/elivepatch_client/client/security.py +++ b/elivepatch_client/client/security.py @@ -44,6 +44,7 @@ class CVE(object): if int(version) > revision_version: cve_2d_list.append(self.cve_id(major_version, minor_version, version)) + cve_outfile_list = [] patch_index = 0 if not os.path.exists(self.cve_patches_dir): os.mkdir(self.cve_patches_dir) @@ -51,16 +52,19 @@ class CVE(object): # Remove duplicated cve_id from the cve list for not add the same patch cve_list = [ii for n,ii in enumerate(cve_list) if ii not in cve_list[:n]] for cve_id in cve_list: - self.download_cve_patch(cve_id, str(patch_index)) + cve_outfile = self.download_cve_patch(cve_id, str(patch_index)) + cve_outfile_list.append([cve_outfile[0], cve_outfile[1].name]) patch_index +=1 + return cve_outfile_list def download_cve_patch(self, cve_id, patch_index): file_name= self.cve_patches_dir + patch_index + '.patch' # Download the file from `url` and save it locally under `file_name`: - with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id) as response, \ + with request.urlopen('https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=' + cve_id[1]) as response, \ open(file_name, 'wb') as out_file: shutil.copyfileobj(response, out_file) + return [cve_id[0],out_file] def cve_id(self, major_version, minor_version, revision_version): security_file = open("/tmp/kernel_cve/"+str(major_version)+"."+str(minor_version)+ @@ -75,7 +79,7 @@ class CVE(object): ":") in excluded_line: for included_line in security_file: if not "\n" is included_line: - git_security_id.append(included_line.strip().split(' ')[1]) + git_security_id.append([included_line.strip().split(' ')[0].replace(':',''),included_line.strip().split(' ')[1]]) else: # debug # print('got cve for '+str(major_version)+ -- cgit v1.2.3-65-gdbad