Kezdőlap Felfedezés Súgó
Bejelentkezés
Nikolaos.Alexopoulos
/
TrustMiner2
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 8ab049db0f
Branch-ok Tag-ek
TrustMiner2
/
ubuntu-security-advisory.pl

ubuntu-security-advisory.pl 4.8 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. #!/usr/bin/perl
    2. 

  2. 

  3. ###############################################################################
    4. 

  4. ##
    5. 

  5. ## Functions for downloading and parsing Ubuntu Security Advisories (USNs)
    6. 

  6. ##
    7. 

  7. ###############################################################################
    8. 

  8. 

  9. use strict;
    10. 

  10. use warnings;
    11. 

  11. 

  12. #use Storable; # persistant storage
    13. 

  13. use LWP::UserAgent;
    14. 

  14. #use Config::Auto; # libconfig-auto-perl
    15. 

  15. use Time::ParseDate; # libtime-modules-perl
    16. 

  16. #use IO::Uncompress::Bunzip2 qw(bunzip2 $Bunzip2Error);
    17. 

  17. #use IO::Uncompress::Gunzip qw(gunzip $GunzipError);
    18. 

  18. #use Digest::MD5 qw(md5_hex);
    19. 

  19. use POSIX qw(mktime);
    20. 

  20. #use File::Path qw(make_path);
    21. 

  21. use HTML::Parser;
    22. 

  22. 

  23. use feature "switch";
    24. 

  24. 

  25. ## Fetch USN from ubuntu archive. Can't use tracker since dates are missing.
    26. 

  26. sub fetchUSN {
    27. 

  27. 	my $id= shift;
    28. 

  28. 	my $usn_base_url = shift;
    29. 

  29. 	my $usn;
    30. 

  30. 	
    31. 

  31. 	trace "  Fetching USN-$id\n";
    32. 

  32. 	
    33. 

  33. 	my $url=	$usn_base_url . "usn-" . $id;
    34. 

  34. 	debug "USN URL: $url\n";
    35. 

  35. 	$usn = get $url;
    36. 

  36. 	unless (defined $usn) {
    37. 

  37. 		note "  USN-$id is not available\n";
    38. 

  38. 		return "";
    39. 

  39. 	}
    40. 

  40. 	return $usn;
    41. 

  41. }
    42. 

  42. 

  43. ## Try to find new USNs by iteration, return table of USNs to process
    44. 

  44. ## Ignores advisory revisions (not clear what to do with them, mostly junk)
    45. 

  45. sub checkUSNs($$) {
    46. 

  46. 	my $state = shift;
    47. 

  47. 	my $config = shift;
    48. 

  48. 	my %usntable;
    49. 

  49. 	my $next_usn = $state->{"next_adv"};
    50. 

  50. 	my $rev = 1;
    51. 

  51. 	my $id;
    52. 

  52. 	
    53. 

  53. 	trace "Checking for new USNs..\n";
    54. 

  54.  	
    55. 

  55. 	if ($next_usn < $config->{"first_usn"}) {
    56. 

  56. 		note "Cache was deleted, starting at USN $next_usn\n";
    57. 

  57. 		$next_usn = $config->{"first_usn"};
    58. 

  58. 	}
    59. 

  59. 

  60. 	$rev = 0 if ($next_usn == 60); # fuck
    61. 

  61. 	$id	= sprintf("%d-%d",$next_usn, $rev);
    62. 

  62. 	my $usn = fetchUSN($id, $config->{"usn_base_url"});
    63. 

  63. 	
    64. 

  64. 	until ($usn eq "") {
    65. 

  65. 		debug "  Got USN-$id\n";
    66. 

  66. 		
    67. 

  67. 		# strip and save USN content
    68. 

  68. 		$usn =~ s/.*<div\ class="usn">//si;
    69. 

  69. 		$usn =~ s/<\/div>.*//si;
    70. 

  70. 		$usntable{$id} = $usn;
    71. 

  71. 		
    72. 

  72. 		### check for advisory revisions?
    73. 

  73. 		#until ($usn eq "") {
    74. 

  74. 		#	msg 10, "  Got USN-$id";
    75. 

  75. 		# $usn =~ s/.*<div\ class="usn">//si;
    76. 

  76. 		# $usn =~ s/<\/div>.*//si;
    77. 

  77. 		#	$usntable{$id} = $usn;
    78. 

  78. 		#	
    79. 

  79. 		#	$rev++;
    80. 

  80. 		#	$rev++ unless (fixUSNquirks($next_usn,$rev)); # skip USN?
    81. 

  81. 		#	$id = sprintf("%d-%d", $next_usn, $rev);
    82. 

  82. 		#	$usn = fetchUSN($id);
    83. 

  83. 		#}
    84. 

  84. 		$rev = 1;
    85. 

  85. 		$next_usn++;
    86. 

  86. 		$next_usn++ if (blacklistedUSN("USN-".$next_usn));
    87. 

  87. 		
    88. 

  88. 		$rev = 0 if ($next_usn == 60);
    89. 

  89. 		$id = sprintf("%d-%d", $next_usn, $rev);
    90. 

  90. 		$usn = fetchUSN($id, $config->{"usn_base_url"});
    91. 

  91. 	}
    92. 

  92. 

  93. 	return \%usntable;
    94. 

  94. }
    95. 

  95. 

  96. ## static map to correct errors in USNs
    97. 

  97. ## returns fixed list of CVE IDs or 0 to skip DSA
    98. 

  98. sub fixUSNquirks {
    99. 

  99. 	my $usn_id = shift;
    100. 

  100. 	my $usn_state = shift;
    101. 

  101. 	
    102. 

  102. 	my @new_names = @{@$usn_state[0]};
    103. 

  103. 	my $new_date = @$usn_state[1];
    104. 

  104. 	my @new_cves = @{@$usn_state[2]};
    105. 

  105. 	
    106. 

  106. 	## These DSAs are totally screwed up..
    107. 

  107. 	given ($usn_id) {
    108. 

  108. 		when ($_ eq "291") {
    109. 

  109. 		 	@new_cves = ("CVE-2006-0747", "CVE-2006-1861", "CVE-2006-2661");
    110. 

  110. 		}
    111. 

  111. 		when ($_ eq "853") {
    112. 

  112. 		 	@new_cves = (
    113. 

  113. 				"CVE-2009-0689", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3371",
    114. 

  114. 				"CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375",
    115. 

  115. 				"CVE-2009-3376", "CVE-2009-3377", "CVE-2009-3380", "CVE-2009-3381",
    116. 

  116. 				"CVE-2009-3382", "CVE-2009-3383");
    117. 

  117. 		}
    118. 

  118. 	};
    119. 

  119. 	
    120. 

  120. 	return (\@new_names, $new_date, \@new_cves);
    121. 

  121. }
    122. 

  122. 

  123. ## Should this advisory be skipped?
    124. 

  124. sub blacklistedUSN {
    125. 

  125. 	my $id = shift or die "Advisory blacklist: no id given..";
    126. 

  126. 	
    127. 

  127. 	## check if Adv is blacklisted..
    128. 

  128. 	my @id_blacklist = ("USN-667", "USN-718", "USN-910", "USN-935",
    129. 

  129. 		"USN-950", "USN-1034", "USN-1049", "USN-1050");
    130. 

  130. 	
    131. 

  131. 	grep ($_ eq $id, @id_blacklist) and return "true";
    132. 

  132. 	
    133. 

  133. 	return; # FALSE
    134. 

  134. }
    135. 

  135. 

  136. 

  137. ## Parse USN data and return array
    138. 

  138. ## (src-pkg-name date (CVE-id)*)
    139. 

  139. sub parseUSNhtml {
    140. 

  140. 	my $usn = shift;
    141. 

  141. 	
    142. 

  142. 	my @usn_names;
    143. 

  143. 	my @usn_CVEs;
    144. 

  144. 	my $usn_date;
    145. 

  145. 	my $usn_type;
    146. 

  146. 	my @tmp;
    147. 

  147. 	
    148. 

  148. 	my @lines = split(/\n/,$usn);
    149. 

  149.   LINE: foreach my $line (@lines) {
    150. 

  150. 

  151.     # Date Reported -> $dsa_date
    152. 

  152.     unless ($usn_date) {
    153. 

  153.       #print "Looking for date\n";
    154. 

  154.       #print "Line: $line\n";
    155. 

  155.       if ($line =~ /^Ubuntu\ Security\ Notice\ .*\d+-\d+\s+(\w+)\s+(\d+),\s+(\d+)/) {
    156. 

  156.         $usn_date = parsedate("$1 $2, $3");
    157. 

  157.       }
    158. 

  158.       next LINE;
    159. 

  159.     }
    160. 

  160. 

  161.     # Affected Packages -> @dsa_names
    162. 

  162.     unless (@usn_names) {
    163. 

  163.       #print "Looking for name\n";
    164. 

  164.       #print "Line: $line\n";
    165. 

  165.       if ($line =~ m/^CVE-/ || $line =~ m/^CAN-/ || $line =~ m/^http.*launchpad.net\/bugs/|| $line =~ m/^===========/) {
    166. 

  166.         @usn_names = @tmp;
    167. 

  167.         @tmp=();
    168. 

  168.         $usn_type = pop @usn_names;
    169. 

  169.       } else {
    170. 

  170.         foreach my $w (split(/\s+/, $line)) {
    171. 

  171.           $w =~ s/,\s*//;
    172. 

  172.           push @tmp, $w;
    173. 

  173.         }
    174. 

  174.         next LINE;
    175. 

  175.       }
    176. 

  176.     }
    177. 

  177. 

  178.     # Security database references (CVEs) -> @dsa_CVEs
    179. 

  179.     unless (@usn_CVEs) {
    180. 

  180.       #print "Looking for cve\n";
    181. 

  181.       #print "Line: $line\n";
    182. 

  182.       if ($line =~ m/^===========/) {
    183. 

  183.         @usn_CVEs = @tmp;
    184. 

  184.       } else {
    185. 

  185.         foreach my $w (split(/\s+/, $line)) {
    186. 

  186.           $w =~ s/,\s*//;
    187. 

  187.           push @tmp, $w;
    188. 

  188.         }
    189. 

  189.       }
    190. 

  190.     }
    191. 

  191. 	}
    192. 

  192. 	
    193. 

  193. 	return (\@usn_names, $usn_date, \@usn_CVEs);
    194. 

  194. }
    195. 

  195. 

  196. 

  197. 1;
    198.