[gentoo-commits] proj/security:ajak-cvetool commit in: bin/

["John Helmert III" <ajak@gentoo.org>]

commit:     5976eb82d7f4af4de9083914cfb728ed1a331e38
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  5 20:10:05 2021 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Mon Jul  5 20:20:36 2021 +0000
URL:        https://gitweb.gentoo.org/proj/security.git/commit/?id=5976eb82

cvetool: reorganize cvetool code into python module and callable script

Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 bin/CVETool.py | 18 ++++++++++++++
 bin/cvetool    | 25 ++------------------
 bin/glsatool   | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 94 insertions(+), 23 deletions(-)

diff --git a/bin/CVETool.py b/bin/CVETool.py
index c5996f6..7a5c576 100644
--- a/bin/CVETool.py
+++ b/bin/CVETool.py
@@ -240,3 +240,21 @@ class CVETool:
         if jsondata:
             return response.json()
         return response.text
+
+
+def cvetool():
+    if len(sys.argv) == 1:
+        CVETool(None, 'usage', sys.argv[2:])
+
+    auth = None
+    authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth')
+    if 'CVETOOL_AUTH' in os.environ:
+        auth = os.environ['CVETOOL_AUTH']
+    elif os.path.isfile(authpath):
+        with open(authpath, 'r') as authfile:
+            auth = authfile.readlines()[0]
+    elif 'CVETOOL_AUTH' not in os.environ and not sys.argv[1] == 'pw':
+        print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.')
+        sys.exit(1)
+
+    CVETool(auth, sys.argv[1], sys.argv[2:])

diff --git a/bin/cvetool b/bin/cvetool
index 7e30837..d5aa25f 100755
--- a/bin/cvetool
+++ b/bin/cvetool
@@ -2,32 +2,11 @@
 # Copyright 2016 Alex Legler
 # Distributed under the terms of the GNU General Public License v3
 
-import os
-import re
-import sys
-
-from CVETool import CVETool
-
-def main():
-    if len(sys.argv) == 1:
-        CVETool(None, 'usage', sys.argv[2:])
-
-    auth = None
-    authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth')
-    if 'CVETOOL_AUTH' in os.environ:
-        auth = os.environ['CVETOOL_AUTH']
-    elif os.path.isfile(authpath):
-        with open(authpath, 'r') as authfile:
-            auth = authfile.readlines()[0]
-    elif 'CVETOOL_AUTH' not in os.environ and not sys.argv[1] == 'pw':
-        print('CVETOOL_AUTH environment variable missing. Generate its contents with the pw subcommand.')
-        sys.exit(1)
-
-    CVETool(auth, sys.argv[1], sys.argv[2:])
+from CVETool import CVETool, cvetool
 
 
 if __name__ == "__main__":
     try:
-        main()
+        cvetool()
     except KeyboardInterrupt:
         print('\n ! Exiting.')

diff --git a/bin/glsatool b/bin/glsatool
new file mode 100755
index 0000000..4582a40
--- /dev/null
+++ b/bin/glsatool
@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+
+import argparse
+import os
+import re
+import typing
+
+import bugzilla
+import bracex
+import pkgcore.config
+from pkgcore.ebuild import atom
+import requests
+
+from cvetool import CVETool
+
+PKG_SEPARATORS = re.compile(r':\s|[\s,;(){}[\]]')
+GLSAMAKER_URI = 'https://glsamaker.gentoo.org'
+bgo = bugzilla.Bugzilla('https://bugs.gentoo.org')
+repo = pkgcore.config.load_config().repo['gentoo']
+
+
+class GLSATool:
+    """ Utility to ease GLSA handling in GLSAMaker """
+
+    def __init__(self, auth):
+        self.auth = auth
+
+    # https://github.com/mgorny/kuroneko/blob/master/kuroneko/scraper.py#L80
+    def find_package_specs(s: str) -> typing.Iterable[atom.atom]:
+        """Find potentially valid package specifications in given string."""
+        words = set()
+        # consider all possible expansions
+        for exp in bracex.iexpand(s):
+            words.update(PKG_SEPARATORS.split(exp))
+        for w in words:
+            # skip anything that couldn't be cat/pkg early
+            if '/' not in w:
+                continue
+            try:
+                yield atom.atom(w)
+            except MalformedAtom:
+                continue
+
+    def new_glsa(auth, title, bugs):
+        post = requests.post(GLSAMAKER_URI + '/glsas',
+                             data={'title': title + ' [DRAFT]',
+                                   'bugs': ','.join(bugs),
+                                   'access': 'public',
+                                   'import_references': '1',
+                                   'what': 'request',  # ???
+                                   'authenticity_token': 'k75YYdGlcL+dlZS7RKXSVxKaKl2tiiMvwWlReFtKzt3NCKDE2AeskkrZ851xJB7uCBRUTpstV+/aqUTEx3MfIQ=='},
+                             headers={'Authorization': 'Basic ' + auth})
+        if not post.ok:
+            import pdb; pdb.set_trace()
+
+
+def get_auth():
+    authpath = os.path.join(os.path.expanduser('~'), '.config', 'cvetool_auth')
+    if 'CVETOOL_AUTH' in os.environ:
+        return os.environ['CVETOOL_AUTH']
+    elif os.path.isfile(authpath):
+        with open(authpath, 'r') as authfile:
+            return authfile.readlines()[0]
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-b', '--bugs', required=True, nargs='+')
+    parser.add_argument('-t', '--title', required=True)
+    args = parser.parse_args()
+    auth = get_auth()
+    for bug in args.bugs:
+        CVETool(auth, 'dobug', [bug])
+    new_glsa(auth, args.title, args.bugs)