Merge pull request #3086 from shadowfax-chc/glsa-check

glsa check list function
2024-11-08 17:33:54 +00:00 · 2012-12-31 08:13:43 -08:00 · 2012-12-31 08:13:43 -08:00 · a3bd9ec366
commit a3bd9ec366
parent 49d18225c4 8774862603
1 changed files with 60 additions and 0 deletions
--- a/salt/modules/gentoolkitmod.py
+++ b/salt/modules/gentoolkitmod.py
@ -200,3 +200,63 @@ def eclean_pkg(destructive=False, package_names=False, time_limit=0,
        ret = {e: 'Invalid exclusion file: {0}'.format(exclude_file)}
    finally:
        return ret
+
+def _glsa_list_process_output(output):
+    '''
+    Process output from glsa_check_list into a dict
+
+    Returns a dict containing the glsa id, description, status, and CVEs
+    '''
+    ret = dict()
+    for line in output:
+        try:
+            glsa_id, status, desc = line.split(None, 2)
+            if 'U' in status:
+                status += ' Not Affected'
+            elif 'N' in status:
+                status += ' Might be Affected'
+            elif 'A' in status:
+                status += ' Applied (injected)'
+            if 'CVE' in desc:
+                desc, cves = desc.rsplit(None, 1)
+                cves = cves.split(',')
+            else:
+                cves = list()
+            ret[glsa_id] = {'description': desc, 'status': status,
+                            'CVEs': cves}
+        except ValueError:
+            pass
+    return ret
+
+def glsa_check_list(glsa_list):
+    '''
+    List the status of Gentoo Linux Security Advisories
+
+    glsa_list
+         can contain an arbitrary number of GLSA ids, filenames
+         containing GLSAs or the special identifiers 'all' and 'affected'
+
+    Returns a dict containing glsa ids with a description, status, and CVEs::
+
+        {<glsa id>: {'description': <glsa description>,
+            'status': <glsa status>,
+            'CVEs': [<list of CVEs>]}}
+
+    CLI Example::
+
+        salt '*' gentoolkit.glsa_check_list 'affected'
+    '''
+    cmd = 'glsa-check --quiet --nocolor --cve --list '
+    if isinstance(glsa_list, list):
+        for glsa in glsa_list:
+            cmd += glsa + ' '
+    elif glsa_list == 'all' or glsa_list == 'affected':
+        cmd += glsa_list
+    else:
+        # TODO: Should this return some type of error? or just fail quietly?
+        return {}
+
+    ret = dict()
+    out = __salt__['cmd.run'](cmd).split('\n')
+    ret = _glsa_list_process_output(out)
+    return ret