Ubuntu Security Dashboard

#!/usr/bin/env python2 # # Author: Jamie Strandboge # Copyright (C) 2012 Canonical Ltd. # # This script is distributed under the terms and conditions of the GNU General # Public License, Version 2 or later. See http://www.gnu.org/copyleft/gpl.html # for details. # # Outputs a rather gross html dashboard for the security team import datetime import optparse import os import signal import subprocess import sys import time def subprocess_setup(): # Python installs a SIGPIPE handler by default. This is usually not what # non-Python subprocesses expect. signal.signal(signal.SIGPIPE, signal.SIG_DFL) def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None): '''Try to execute given command (array) and return its stdout, or return a textual error if it failed.''' try: sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, close_fds=True, preexec_fn=subprocess_setup) except OSError, e: return [127, str(e)] out, outerr = sp.communicate(input) # Handle redirection of stdout if out == None: out = '' # Handle redirection of stderr if outerr == None: outerr = '' return [sp.returncode,out+outerr] def _get_css(): '''CSS for reports''' css = ''' ''' return css def get_urls_for_packages(packages): urls = "" for p in packages.split(','): urls += "%s," % (p, p) return urls.rstrip(',') def get_dashboard_html(): gen_skipped = "linux,webkit,qt4-x11,qtwebkit-source,firefox,thunderbird,oxide-qt" todo_gen = get_todo_numbers(skipped=gen_skipped) browser_only = "oxide-qt,firefox,thunderbird" todo_browser = get_todo_numbers(only=browser_only) kernel_only = "linux" todo_kernel = get_todo_numbers(only=kernel_only) s = ''' Ubuntu Security Dashboard %s

Development

Stable

Security team backlog
Phone blocking bugs
AppArmor
- Upstream critical and high bugs
- Ubuntu critical and high bugs
- Ubuntu kernel critical and high bugs
- Ubuntu RTM critical and high bugs
- click-apparmor in Ubuntu critical and high bugs
- click-apparmor in Ubuntu RTM critical and high bugs
- apparmor-easyprof-ubuntu in Ubuntu critical and high bugs
- apparmor-easyprof-ubuntu in Ubuntu RTM critical and high bugs
Oxide
- Upstream critical and high bugs
- Ubuntu critical and high bugs
- Ubuntu RTM critical and high bugs
eCryptfs
- Upstream critical and high bugs
- Ubuntu critical and high bugs
- Ubuntu kernel critical and high bugs
- Ubuntu RTM critical and high bugs

General: %s (supported)
Kernel: %s (%s)
Browser: %s (%s)
Security team metrics and graphs
Ubuntu CVE Tracker
Open CVEs fixed in Debian

USNs over 12 months	Regressions over 12 months

''' % (_get_css(), todo_gen, todo_kernel, get_urls_for_packages(kernel_only), todo_browser, get_urls_for_packages(browser_only), time.asctime(time.gmtime()), # footer - last updated datetime.date.today().year, # footer - copyright ) return s def get_todo_numbers(skipped=None, only=None): exe = os.path.join(os.path.dirname(sys.argv[0]), 'report-todo-numbers') args = ['--show-unique-sources', '--skip-low', '-E'] if skipped: args.append('--skip-packages=%s' % skipped) elif only: args.append('--only-packages=%s' % only) rc, report = cmd([exe] + args + ['--', '-S']) s = "" for line in report.splitlines(): if " supported " in line: return line.lstrip(' * ') return s # # main # if __name__ == "__main__": parser = optparse.OptionParser() (opt, args) = parser.parse_args() print get_dashboard_html()