1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
#!/usr/bin/python2.4
# Copyright 2004-2005 Canonical Ltd. All rights reserved.
# pylint: disable-msg=C0103,W0403
"""A cron script that fetches the latest database of CVE details and ensures
that all of the known CVE's are fully registered in Launchpad."""
__metaclass__ = type
import urllib2
import gzip
import StringIO
import timing
import _pythonpath
import cElementTree
from canonical.config import config
from canonical.launchpad.scripts.cveimport import CVEDB_NS, update_one_cve
from canonical.launchpad.scripts.base import (
LaunchpadCronScript, LaunchpadScriptFailure)
class CVEUpdater(LaunchpadCronScript):
def add_my_options(self):
"""Parse command line arguments."""
self.parser.add_option("-f", "--cvefile", dest="cvefile",
default=None,
help="An XML file containing the CVE database.")
self.parser.add_option("-u", "--cveurl", dest="cveurl",
default=config.cveupdater.cve_db_url,
help="The URL for the gzipped XML CVE database.")
def main(self):
self.logger.info('Initializing...')
if self.options.cvefile is not None:
try:
cve_db = open(self.options.cvefile, 'r').read()
except IOError:
raise LaunchpadScriptFailure(
'Unable to open CVE database in %s'
% self.options.cvefile)
elif self.options.cveurl is not None:
self.logger.info("Downloading CVE database from %s..." %
self.options.cveurl)
try:
url = urllib2.urlopen(self.options.cveurl)
except (urllib2.HTTPError, urllib2.URLError), val:
raise LaunchpadScriptFailure(
'Unable to connect for CVE database %s'
% self.options.cveurl)
cve_db_gz = url.read()
self.logger.info("%d bytes downloaded." % len(cve_db_gz))
cve_db = gzip.GzipFile(fileobj=StringIO.StringIO(cve_db_gz)).read()
else:
raise LaunchpadScriptFailure('No CVE database file or URL given.')
# start analysing the data
timing.start()
self.logger.info("Processing CVE XML...")
dom = cElementTree.fromstring(cve_db)
items = dom.findall(CVEDB_NS + 'item')
self.logger.info("Updating database...")
for item in items:
self.txn.begin()
update_one_cve(item, self.logger)
self.txn.commit()
timing.finish()
self.logger.info('%d seconds to update database.' % timing.seconds())
if __name__ == '__main__':
script = CVEUpdater("updatecve", config.cveupdater.dbuser)
script.lock_and_run()
|