1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/usr/bin/env python
# Copyright 2004-2005 Canonical Ltd. All rights reserved.
"""A cron script that fetches the latest database of CVE details and ensures
that all of the known CVE's are fully registered in Launchpad."""
__metaclass__ = type
import sys
import urllib2
import gzip
import StringIO
import timing
import _pythonpath
from xml.dom.minidom import parseString
from optparse import OptionParser
from canonical.lp import initZopeless
from canonical.launchpad.scripts.lockfile import LockFile
from canonical.launchpad.scripts import (
execute_zcml_for_scripts, logger, logger_options)
from canonical.launchpad.scripts.cveimport import update_one_cve
from canonical.config import config
_default_lock_file = '/var/lock/launchpad-update-cve.lock'
_cve_db_url = 'http://cve.mitre.org/cve/downloads/full-allitems.xml.gz'
def parse_options():
"""Parse command line arguments."""
parser = OptionParser()
logger_options(parser)
parser.add_option("-l", "--lockfile", dest="lockfilename",
default=_default_lock_file,
help="The file used to lock this process.")
parser.add_option("-f", "--cvefile", dest="cvefile",
default=None, help="An XML file containing the CVE database.")
parser.add_option("-u", "--cveurl", dest="cveurl",
default=_cve_db_url,
help="The URL for the gzipped XML CVE database.")
(options, args) = parser.parse_args()
return options
def main(log, cvefile=None, cveurl=None):
log.info('Initializing...')
execute_zcml_for_scripts()
txn = initZopeless(dbuser=config.cveupdater.dbuser)
if cvefile is not None:
try:
cve_db = open(cvefile, 'r').read()
except IOError:
log.error('Unable to open CVE database in %s' % cvefile)
return 1
elif cveurl is not None:
log.info("Downloading CVE database...")
try:
url = urllib2.urlopen(cveurl)
except (urllib2.HTTPError, urllib2.URLError), val:
log.error('Unable to connect for CVE database')
return 1
cve_db_gz = url.read()
log.info("%d bytes downloaded." % len(cve_db_gz))
cve_db = gzip.GzipFile(fileobj=StringIO.StringIO(cve_db_gz)).read()
else:
log.error('No CVE database file or URL given.')
return 1
# start analysing the data
timing.start()
log.info("Processing CVE XML...")
dom = parseString(cve_db)
items = dom.getElementsByTagName('item')
log.info("Updating database...")
for item in items:
txn.begin()
update_one_cve(item, log)
txn.commit()
timing.finish()
log.info('%d seconds to update database.' % timing.seconds())
log.info('Cleaning up...')
dom.unlink()
if __name__ == '__main__':
options = parse_options()
log = logger(options, "updatecve")
lockfile = LockFile(options.lockfilename, logger=log)
try:
lockfile.acquire()
except OSError:
log.info('Lockfile %s in use' % options.lockfilename)
sys.exit(1)
try:
main(log, options.cvefile, options.cveurl)
finally:
lockfile.release()
|