build_votds

#!/usr/bin/env python

# Copyright 2012 Andrew Meneely and Samuel Lucidi. 
# Licensed under the Educational Community License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at http://www.osedu.org/licenses/ECL-2.0. 
# Unless required by applicable law or agreed to in writing, 
# software distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions 
# and limitations under the License.

import os
import re
import sys
import glob
import shutil
import zipfile
import argparse
import subprocess
from argparse import RawTextHelpFormatter

try:
	# make sure deflate is available
	import zlib
	compression = zipfile.ZIP_DEFLATED
except ImportError:
	compression = zipfile.ZIP_STORED

# Convert a votd name entered at the command line to something
# that is reasonably safe to be used as a directory name.
def safe_name(votd_name):
	import unicodedata
	if isinstance(votd_name, unicode):
		votd_name = unicodedata.normalize('NFKD', votd_name).encode('ascii', 'ignore')
	votd_name = unicode(re.sub("[^\w\s-]", "", votd_name))
	votd_name.strip()
	votd_name.lower()
	votd_name = unicode(re.sub("[-\s]+", "-", votd_name))
	if len(votd_name) < 1:
		raise ValueError("zero-length votd name")
	return votd_name

# Write out a directory and set of empty
# files for a new vulnerability of the day
def build_skeleton(exploit_name, src, dest):
	try:
		os.makedirs(os.path.join(dest, exploit_name, "demo"))
	except OSError:
		print "Skipping %s: example already exists" % exploit_name
	subprocess.call(["cp", os.path.join(src, "www-template", "template.html"), os.path.join(dest, "%s" % exploit_name, "%s.html" % exploit_name)])
	subprocess.call(["touch", os.path.join(dest, "%s" % exploit_name, "notes.markdown")])
	subprocess.call(["touch", os.path.join(dest, "%s" % exploit_name, "compatability.markdown")])

# Concatenate html files for selected votds into
# one index.html file.
def build_webpage(votds, src, dest):
	with open(os.path.join(dest, "index.html"), 'wb') as destination:
		shutil.copyfileobj(open(os.path.join(src, 'www-template', 'prefix.html'), 'rb'), destination)
		for votd in votds:
			try:
				shutil.copyfileobj(open(os.path.join(src, votd, "%s.html" % votd)), destination)
			except IOError:
				print "Skipping %s: no html file" % votd
		shutil.copyfileobj(open(os.path.join(src, 'www-template', 'suffix.html'), 'rb'), destination)

# Zip up the selected votds into one archive suitable
# for downloading.
def build_zip(votds, src, dest):
	with zipfile.ZipFile(os.path.join(dest, 'votds.zip'), mode='w') as zfile:
		# add files
		zfile.write(os.path.join(dest, 'index.html'), 'index.html', compression)
		zfile.write(os.path.join(src, 'www-template', 'toc.js'), 'toc.js', compression)
		zfile.write(os.path.join(src, 'www-template', 'votd.css'), 'votd.css', compression)
		os.chdir(src)
		for votd in votds:
			zip_folder(zfile, votd)

# Add the contents of a directory to a zip file,
# maintaining the directory structure.
def zip_folder(zfile, folder_name):
	folder_name = folder_name.encode('ascii')
	for f in glob.glob(os.path.join(folder_name, '*')):
		if os.path.isfile(f):
			print f
			zfile.write(f, f, compression)
		elif os.path.isdir(f):
			zip_folder(zfile, f)	

# Insert documentation for a list of votds into an existing
# index file.
def insert_votds(votds, src, dest):
	replace_text = "<!-- insert next one here -->"
	index_file = open("index.html", 'r')
	index_text = index_file.read()
	index_file.close()
	insert_text = "\n"
	for votd in votds:
		try:
			votd_file = open(os.path.join("%s" % votd, "%s.html" % votd), 'r')
			votd_text = votd_file.read()
			insert_text += votd_text
		except IOError:
			print "Skipping %s: no html file" % votd
		finally:
			votd_file.close()
	insert_text += "\n" + replace_text
	index_text = index_text.replace(replace_text, insert_text)
	index_file = open("index.html", 'w')
	index_file.write(index_text)
	index_file.close()
	print "Inserted %d vulnerability descriptions." % len(votds)

if __name__ == '__main__':
	parser = argparse.ArgumentParser(description='Build VotD examples.',
		formatter_class=RawTextHelpFormatter)
	parser.add_argument('command', choices=["new", "www", "add", "zip"], help="""
	new: create skeleton directory for new votds
	www: compile html page for selection of votds
	add: insert votd descriptions into existing index
	zip: zip up selection of votds

	""")
	parser.add_argument('source', type=unicode, help="source directory containing votds")
	parser.add_argument('dest', type=unicode, help="destination to output index or zipfile")
	parser.add_argument('votds', metavar='V', type=unicode, nargs='+',
		help="an exploit to build")
	args = parser.parse_args()

	if not os.path.exists(args.dest):
		print "Destination path %s does not exist." % args.dest
		sys.exit(1)
	if not os.path.exists(args.source):
		print "Source path %s does not exist." % args.source
		sys.exit(1)

	votds = []
	for votd in args.votds:
		votds.append(safe_name(votd))

	if args.command == "new":
		for votd in votds:
			build_skeleton(votd, args.source, args.dest)
	elif args.command == "www":
		build_webpage(votds, args.source, args.dest),
	elif args.command == "zip":
		build_webpage(votds, args.source, args.dest)
		build_zip(votds, args.source, args.dest)
	elif args.command == "add":
		if os.path.isfile("index.html"):
			insert_votds(votds, args.source, args.dest)
		else:
			print "No index.html, creating one."
			build_webpage(votds, args.source, args.dest)