openminds / bisu

A security maintenance application.
MIT License
1 stars 2 forks source link

Debsecan functionality questions #12

Open hannesfostie opened 10 years ago

hannesfostie commented 10 years ago

EDIT: Changing this issue to be more generic about questions about debsecan's inner workings.


The original debsecan tool for debian CVE listing works with an attribute "binary_package", as well as an array of source_packages per binary_package.

However as far as I can tell this is not used in any way. There are no vulnerabilities where binary_package is true, so I removed the functionality before even committing it.

Here's my first attempt at the code:

# in the #parse_vulnerabilities method (Vulnerability.new)
truct.new({
          package: package,
          identifier: matching_cve.identifier,
          description: matching_cve.description,
          unstable_version: unstable_version,
          other_versions: other_versions.split(' '),
          binary_package: flags[0] == 'B',
          urgency: urgency_from_flag(flags[1]),
          remotely_exploitable: remotely_exploitable_from_flag(flags[2]),
          fix_available: flags[3] == 'F',
          binary_packages: binary_packages[package]
        })
# In the VulnerabilityParser class
    def binary_packages
      @packages ||= parse_binary_packages
    end

    def parse_binary_packages
      vulnerability_data.split(/\n\n/)[2].split(/\n/).each_with_object(Hash.new([])) do |package_string, packages|
        package_name, source_packages_string = package_string.split(',', 2)
        packages[package_name] = source_packages_string.split(' ')
      end
    end
hannesfostie commented 10 years ago

@vncntvandriessche feel free to take a look at these questions. It'll be easier for you to check these I'm sure.