chiark / gitweb /
~ianmdlvl / fdroidserver.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
build: limit --all to 10 apps at a time
[fdroidserver.git] / tests / openssl-version-check-test.py
1 #!/usr/bin/env python3
2 #
3 # implementing a version check of known bad OpenSSL versions, for example:
4 # https://support.google.com/faqs/answer/6376725?hl=en
5 #
6 # This is used in update.has_known_vulnerability()
7
8 import re
9 import requests
10
11 # this list was generated using:
12 # for f in `curl  | grep -Eo '[0-9]\.[0-9]\.[0-9][a-z]?' | sort -u`; do echo "'$f',"; done
13 versions = [
14 ]
15
16 r = requests.get('https://www.openssl.org/news/changelog.html')
17
18 safe = set()
19 bad = set()
20
21 for m in re.findall(b'[0-9]\.[0-9]\.[0-9][a-z]?', r.content):
22     version = str(m, encoding='utf-8')
23     if (version.startswith('1.0.1') and len(version) > 5 and version[5] >= 'r') \
24       or (version.startswith('1.0.2') and len(version) > 5 and version[5] >= 'f') \
25       or re.match(r'[1-9]\.[1-9]\.[0-9].*', version):
26         safe.add(version)
27     else:
28         bad.add(version)
29
30 print('safe:', sorted(safe))
31 print('bad:', sorted(bad))
Unnamed repository; edit this file 'description' to name the repository.