diff options
| author | Oliver Eikemeier <eik@FreeBSD.org> | 2004-06-23 16:01:38 +0000 |
|---|---|---|
| committer | Oliver Eikemeier <eik@FreeBSD.org> | 2004-06-23 16:01:38 +0000 |
| commit | f5b10d70f91d62c9a325d777763a30777e90589b (patch) | |
| tree | e0a544408d2f352df22ef4725939239dd9064edf /security/portaudit/files | |
| parent | 358542a875563fd53911b987daf5adce4ed4616d (diff) | |
| download | ports-f5b10d70f91d62c9a325d777763a30777e90589b.tar.gz ports-f5b10d70f91d62c9a325d777763a30777e90589b.zip | |
Notes
Diffstat (limited to 'security/portaudit/files')
| -rw-r--r-- | security/portaudit/files/portaudit-cmd.sh | 16 | ||||
| -rw-r--r-- | security/portaudit/files/portaudit.functions | 83 |
2 files changed, 69 insertions, 30 deletions
diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh index 2df9a0fc4533..54c1f02952ec 100644 --- a/security/portaudit/files/portaudit-cmd.sh +++ b/security/portaudit/files/portaudit-cmd.sh @@ -37,17 +37,18 @@ portaudit_confs opt_audit=false opt_auditcwd=false opt_audittree=false -opt_verbose=false -opt_version=false opt_dbversion=false opt_fetch=false +opt_file= opt_quiet=false +opt_verbose=false +opt_version=false if [ $# -eq 0 ] ; then opt_audit=true fi -while getopts aACvVdFq opt; do +while getopts aACdf:FqvV opt; do case "$opt" in a) opt_audit=true;; @@ -57,6 +58,8 @@ while getopts aACvVdFq opt; do opt_auditcwd=true;; d) opt_dbversion=true;; + f) + opt_file=$OPTARG;; F) opt_fetch=true;; q) @@ -66,7 +69,7 @@ while getopts aACvVdFq opt; do V) opt_version=true;; ?) - echo "Usage: $0 -aACvVdFq" + echo "Usage: $0 -aACvVdFq [-f file]" exit 2;; esac done @@ -143,3 +146,8 @@ if $opt_audittree; then echo "${VULCNT} ports with unmarked vulnerabilities." fi + +if [ -n "$opt_file" ]; then + portaudit_prerequisites + audit_file "$opt_file" +fi diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions index fd0f6c4ea610..f3b6e21db458 100644 --- a/security/portaudit/files/portaudit.functions +++ b/security/portaudit/files/portaudit.functions @@ -116,7 +116,7 @@ portaudit_prerequisites() fi PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null` - if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt 20040125 ]; then + if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel" return 1 fi @@ -139,28 +139,59 @@ portaudit_prerequisites() audit_installed() { - extract_auditfile | /usr/bin/awk -F\| " + extract_auditfile | /usr/bin/awk -F\| ' BEGIN { vul=0 } /^(#|\$)/ { next } { - cmd=\"${PKG_INFO} -E \\\"\" \$1 \"\\\"\" + cmd="'"${PKG_INFO}"' -E \"" $1 "\"" while((cmd | getline pkg) > 0) { vul++ - print \"Affected package: \" pkg \"\\n\" \ - \"Type of problem: \" \$3 \".\\n\" \ - \"Reference: <\" \$2 \">\\n\" + split($2, ref, / /) + print "Affected package: " pkg + print "Type of problem: " $3 "." + for (r in ref) + print "Reference: <" ref[r] ">" + print "" } close(cmd) } END { - print vul \" problem(s) in your installed packages found.\" + print vul " problem(s) in your installed packages found." if (vul > 0) { - print \"\nYou are advised to update or deinstall\" \ - \" the affected package(s) immediately.\" + print "\nYou are advised to update or deinstall" \ + " the affected package(s) immediately." exit(1) } } - " + ' +} + +audit_file() +{ + extract_auditfile | /usr/bin/awk -F\| ' + BEGIN { vul=0 } + /^(#|\$)/ { next } + { + cmd="'"${PKG_VERSION}"' -T - \"" $1 "\" <\"'"${1}"'\"" + while((cmd | getline pkg) > 0) { + vul++ + split($2, ref, / /) + split(pkg, p) + print "Affected package: " p[1] + print "Type of problem: " $3 "." + for (r in ref) + print "Reference: <" ref[r] ">" + print "" + } + close(cmd) + } + END { + print vul " problem(s) in found." + if (vul > 0) { + exit(1) + } + } + ' } audit_cwd() @@ -174,22 +205,22 @@ audit_cwd() FORBIDDEN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '2p'` PKGORIGIN=`echo "${PKGSTATE}" | /usr/bin/sed -ne '3p'` - VLIST=`extract_auditfile | /usr/bin/awk -F\| " \ - /^[^#]/ { \ - if (!system(\"${PKG_VERSION} -T '${PKGNAME}' '\" \\$1 \"'\")) \ - print \"- <\" \\$2 \">\" \ - } \ - "` - - if [ -n "${VLIST}" -a -z "${FORBIDDEN}" ]; then - echo - echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:" - echo "${VLIST}" - VULCNT=$((${VULCNT}+1)) - elif $opt_verbose && [ -n "${VLIST}" ]; then - echo - echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}" - echo "${VLIST}" + if VLIST=`extract_auditfile | /usr/bin/grep -v '^#' | ${PKG_VERSION} -T "${PKGNAME}" -`; then + if [ -z "${FORBIDDEN}" ]; then + echo + echo "Port ${PKGNAME} (${PKGORIGIN}) should be marked FORBIDDEN:" + VULCNT=$((${VULCNT}+1)) + elif $opt_verbose; then + echo + echo "Good: port ${PKGNAME} (${PKGORIGIN}) is marked FORBIDDEN: ${FORBIDDEN}" + fi + if [ -z "${FORBIDDEN}" ] || $opt_verbose; then + echo "${VLIST}" | /usr/bin/awk -F\| '{ + split($2, ref, / /) + for (r in ref) + print "- <" ref[r] ">" + }' + fi fi } |