|
| 1 | +#!/usr/bin/env python3 |
| 2 | + |
| 3 | +import getopt |
| 4 | +import os |
| 5 | +import sys |
| 6 | + |
| 7 | +import cve_check |
| 8 | +import cve_apply |
| 9 | +import cve_push |
| 10 | + |
| 11 | +from utils import ioutils |
| 12 | + |
| 13 | + |
| 14 | +""" |
| 15 | +Print usage information about this program. |
| 16 | +""" |
| 17 | + |
| 18 | + |
| 19 | +def print_usage(): |
| 20 | + |
| 21 | + print("usage: main.py <OPTIONS> kernel_repo\n") |
| 22 | + print("<OPTIONS>") |
| 23 | + print("\t -h Print this text\n" + |
| 24 | + "\t -i Path to the directory containing the CVE patches\n" + |
| 25 | + "\t -o Where to store the tool output files\n" + |
| 26 | + "\t -p Specify this if you want to push to Gerrit\n" + |
| 27 | + "\t -u Your Gerrit user name\n" + |
| 28 | + "\t -b The destination branch\n") |
| 29 | + |
| 30 | + |
| 31 | +""" |
| 32 | +Entrypoint to the Python CVE toolchain. |
| 33 | +""" |
| 34 | + |
| 35 | + |
| 36 | +def main(): |
| 37 | + |
| 38 | + try: |
| 39 | + opts, args = getopt.getopt(sys.argv[1:], "hpi:o:u:b:", |
| 40 | + ["help", "push", "input=", "output=", "user=", "branch="]) |
| 41 | + except getopt.GetoptError as err: |
| 42 | + # print help information and exit |
| 43 | + print(str(err)) |
| 44 | + print_usage() |
| 45 | + sys.exit(2) |
| 46 | + |
| 47 | + # check for required args |
| 48 | + if len(sys.argv) < 3: |
| 49 | + print("[E] Invalid number of args (required: 3, found: " |
| 50 | + + str(len(sys.argv)) + ")!") |
| 51 | + print_usage() |
| 52 | + sys.exit(2) |
| 53 | + |
| 54 | + # directory containing the CVE patches |
| 55 | + input_dir = None |
| 56 | + # directory where we store our output files |
| 57 | + output_dir = None |
| 58 | + # directory containing the kernel repo to be patched |
| 59 | + kernel_repo = sys.argv[-1] |
| 60 | + # whether or not we should push to Gerrit |
| 61 | + gerrit_upload = False |
| 62 | + # Gerrit user |
| 63 | + gerrit_user = None |
| 64 | + # destination git branch |
| 65 | + branch = None |
| 66 | + |
| 67 | + for o, a in opts: |
| 68 | + if o in ("-h", "--help"): |
| 69 | + print_usage() |
| 70 | + sys.exit() |
| 71 | + elif o in ("-p", "--push"): |
| 72 | + gerrit_upload = True |
| 73 | + elif o in ("-i", "--input"): |
| 74 | + input_dir = a |
| 75 | + elif o in ("-o", "--output"): |
| 76 | + output_dir = a |
| 77 | + elif o in ("-u", "--user"): |
| 78 | + gerrit_user = a |
| 79 | + elif o in ("-b", "--branch"): |
| 80 | + branch = a |
| 81 | + else: |
| 82 | + print("[E] unhandled option: " + o) |
| 83 | + sys.exit(2) |
| 84 | + |
| 85 | + if not input_dir or not ioutils.dir_exists(input_dir): |
| 86 | + print("[E] invalid CVE input directory: " + str(input_dir)) |
| 87 | + return |
| 88 | + |
| 89 | + ioutils.check_recreate(output_dir) |
| 90 | + if not output_dir or not ioutils.dir_exists(output_dir): |
| 91 | + print("[E] invalid CVE input directory: " + str(input_dir)) |
| 92 | + return |
| 93 | + |
| 94 | + if not kernel_repo or not ioutils.dir_exists(kernel_repo): |
| 95 | + print("[E] invalid kernel directory: " + kernel_repo) |
| 96 | + return |
| 97 | + |
| 98 | + if ".git" not in os.listdir(kernel_repo): |
| 99 | + print("[E] kernel directory does not seem to be a git repository") |
| 100 | + return |
| 101 | + |
| 102 | + if gerrit_upload: |
| 103 | + # check if all requirements are met |
| 104 | + if not gerrit_user: |
| 105 | + print("[E] Gerrit upload selected, but no user provided (-u)") |
| 106 | + sys.exit(2) |
| 107 | + if not branch: |
| 108 | + print("[E] Gerrit upload selected, but no branch provided (-b)") |
| 109 | + sys.exit(2) |
| 110 | + |
| 111 | + # check patch status |
| 112 | + cve_check.run(kernel_repo, input_dir, output_dir) |
| 113 | + # we want to apply all patches which apply cleanly onto our kernel repo |
| 114 | + cleanly_applying_cves_file = os.path.join(output_dir, "CVE_clean") |
| 115 | + # apply patches |
| 116 | + cve_apply.run(kernel_repo, cleanly_applying_cves_file, input_dir) |
| 117 | + # push to gerrit if requested |
| 118 | + if gerrit_upload: |
| 119 | + cve_patches_to_push_file = os.path.join(kernel_repo, "CVE_PUSH") |
| 120 | + if not ioutils.file_exists(cve_patches_to_push_file): |
| 121 | + print("[E] File with patch push information does not exist") |
| 122 | + sys.exit(2) |
| 123 | + |
| 124 | + cve_push.run(kernel_repo, cve_patches_to_push_file, gerrit_user, branch) |
| 125 | + |
| 126 | + # offer to remove the push file |
| 127 | + answer = input("[I] Done. Do you want to remove the CVE push file (" |
| 128 | + + cve_patches_to_push_file + ")? (Y/n) ") |
| 129 | + if answer == "Y": |
| 130 | + os.remove(cve_patches_to_push_file) |
| 131 | + |
| 132 | + |
| 133 | +if __name__ == "__main__": |
| 134 | + main() |
0 commit comments