From: Vagisha Gupta Date: Fri, 12 Jul 2019 07:13:09 +0000 (+0530) Subject: Add "check-versions" subcommand X-Git-Tag: 1.1.0~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8d62ea021af8b610d4f58524ed9518813060c64;p=thirdparty%2Fsuricata-update.git Add "check-versions" subcommand Add a `suricata-update check-versions` subcommand that checks the version of suricata and logs if the versions are up to date, outdated or EOL. Redmine issue: https://redmine.openinfosecfoundation.org/issues/2341 --- diff --git a/suricata/update/commands/__init__.py b/suricata/update/commands/__init__.py index 0541a01..5d36fc7 100644 --- a/suricata/update/commands/__init__.py +++ b/suricata/update/commands/__init__.py @@ -21,3 +21,4 @@ from suricata.update.commands import updatesources from suricata.update.commands import enablesource from suricata.update.commands import disablesource from suricata.update.commands import removesource +from suricata.update.commands import checkversions diff --git a/suricata/update/commands/checkversions.py b/suricata/update/commands/checkversions.py new file mode 100644 index 0000000..c4f0bdb --- /dev/null +++ b/suricata/update/commands/checkversions.py @@ -0,0 +1,58 @@ +# Copyright (C) 2019 Open Information Security Foundation +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +import os.path +import logging +from suricata.update import sources, engine + +logger = logging.getLogger() + + +def register(parser): + parser.set_defaults(func=check_version) + + +def check_version(suricata_version): + index_filename = sources.get_index_filename() + if not os.path.exists(index_filename): + logger.warning("No index exists, will use bundled index.") + logger.warning("Please run suricata-update update-sources.") + index = sources.Index(index_filename) + version = index.get_versions() + recommended = engine.parse_version(version['suricata']['recommended']) + if suricata_version.full in recommended.full: + logger.info("Suricata version %s is up to date", suricata_version.full) + elif suricata_version.short > recommended.short: + return None + elif "dev" in suricata_version.full: + if (suricata_version.short not in recommended.short or + suricata_version.short not in version['suricata']) and \ + float(suricata_version.short) < float(recommended.short): + logger.warning( + "Suricata version %s has reached EOL. Please upgrade to %s.", + suricata_version.full, recommended.full) + elif float(suricata_version.short) >= float(recommended.short): + logger.info( + "Suricata version %s is up to date", suricata_version.full) + elif suricata_version.short in version['suricata'] and \ + suricata_version.full not in recommended.full: + logger.warning( + "Suricata version %s is outdated. Please upgrade to %s.", + suricata_version.full, recommended.full) + else: + logger.warning( + "Suricata version %s has reached EOL. Please upgrade to %s.", + suricata_version.full, recommended.full) diff --git a/suricata/update/main.py b/suricata/update/main.py index e113843..883afa7 100644 --- a/suricata/update/main.py +++ b/suricata/update/main.py @@ -1232,6 +1232,7 @@ def _main(): remove-source Remove an enabled or disabled source list-enabled-sources List all enabled sources add-source Add a new source by URL + check-versions Check version of suricata """ # The Python 2.7 argparse module does prefix matching which can be @@ -1259,6 +1260,8 @@ def _main(): "disable-source", parents=[global_parser])) commands.removesource.register(subparsers.add_parser( "remove-source", parents=[global_parser])) + commands.checkversions.register(subparsers.add_parser( + "check-versions", parents=[global_parser])) args = parser.parse_args(rem) @@ -1324,7 +1327,9 @@ def _main(): suricata.update.net.set_user_agent_suricata_version(suricata_version.full) if args.subcommand: - if hasattr(args, "func"): + if args.subcommand == "check-versions" and hasattr(args, "func"): + return args.func(suricata_version) + elif hasattr(args, "func"): return args.func() elif args.subcommand != "update": logger.error("Unknown command: %s", args.subcommand) diff --git a/suricata/update/sources.py b/suricata/update/sources.py index e87cb4a..f0ce708 100644 --- a/suricata/update/sources.py +++ b/suricata/update/sources.py @@ -130,6 +130,12 @@ class Index: return self.index["sources"][name] return None + def get_versions(self): + try: + return self.index["versions"] + except KeyError: + raise Exception("Version information not in index") + def load_source_index(config): return Index(get_index_filename())