Update to v1.1.0

TODO.md

@@ -1,14 +1,15 @@
-# Ideas for improvement and evolution
+# VuXML TODOLIST
+Feel free to submit your own ideas!
 
-## Bugs to be fixed
-
-## Limitations to be removed
+## Planned changes
 * Taking [PORTREVISION and PORTEPOCH](https://people.freebsd.org/~olivierd/porters-handbook/makefile-naming.html) (ie. software versions ending with "\_number" or ",number")
 into account when checking if a vulnerable Python package is also a vulnerable FreeBSD port. This would require developping our own versions comparison library.
 
-## New features
+## Probable evolutions
 
-## Other possible features
+## Possible evolutions
 * Disabling color output.
+
+## Unprobable evolutions
 * Ability to use the local database on a FreeBSD with the port collection installed (in /usr/ports/security/vuxml/vuln/). As updating this database requires root privileges, this is not something very interesting. Furthermore the XML dialect used is not readily manageable by Python so the files need a little pre-processing.
 

VUXML.1.md

@@ -110,6 +110,8 @@ It tries to follow the [PEP 8](https://www.python.org/dev/peps/pep-0008/) style
 ## PORTABILITY
 Tested OK under Windows.
 
+Packaged for FreeBSD as *pyXX-pnu-vuxml*.
+
 ## HISTORY
 This implementation was made for the [PNU project](https://github.com/HubTou/PNU).
 

VUXML.3.md

@@ -88,6 +88,11 @@ The **vuxml** library is not a standard UNIX one.
 
 It tries to follow the [PEP 8](https://www.python.org/dev/peps/pep-0008/) style guide for [Python](https://www.python.org/) code.
 
+## PORTABILITY
+Tested OK under Windows.
+
+Packaged for FreeBSD as *pyXX-pnu-vuxml*.
+
 ## HISTORY
 This implementation was made for the [PNU project](https://github.com/HubTou/PNU).
 

man/vuxml.1

@@ -1,26 +1,26 @@
-.Dd March 21, 2023
+.Dd March 15, 2024
 .Dt VUXML 1
 .Os
 .Sh NAME
 .Nm vuxml
 .Nd FreeBSD VuXML query tool
 .Sh SYNOPSIS
 .Nm
-.Op Fl -desc|-D
-.Op Fl -id|-i Ar VID
-.Op Fl -topic|-t Ar RE
-.Op Fl -keyword|-k Ar RE
-.Op Fl -package|-p Ar PID
-.Op Fl -re-names|-R
-.Op Fl -sources|-s
-.Op Fl -ref|-r Ar RID
-.Op Fl -discovery|-d Ar DATE
-.Op Fl -entry|-e Ar DATE
-.Op Fl -modified|-m Ar DATE
-.Op Fl -debug
-.Op Fl -help|-?
-.Op Fl -version
-.Op Fl -
+.Op Fl \-desc|\-D
+.Op Fl \-id|\-i Ar VID
+.Op Fl \-topic|\-t Ar RE
+.Op Fl \-keyword|\-k Ar RE
+.Op Fl \-package|\-p Ar PID
+.Op Fl \-re\-names|\-R
+.Op Fl \-sources|\-s
+.Op Fl \-ref|\-r Ar RID
+.Op Fl \-discovery|\-d Ar DATE
+.Op Fl \-entry|\-e Ar DATE
+.Op Fl \-modified|\-m Ar DATE
+.Op Fl \-debug
+.Op Fl \-help|\-?
+.Op Fl \-version
+.Op Fl \-
 .Sh DESCRIPTION
 The
 .Nm
@@ -30,42 +30,42 @@ You can search or explore the database:
 .Bl -bullet
 .It
 by vulnerability ID (with the
-.Op Fl -id|-i
+.Op Fl \-id|\-i
 option),
 .It
 by regular expression in topics (with the
-.Op Fl -topic|-t
+.Op Fl \-topic|\-t
 option),
 .It
 by regular expression in topics and descriptions (with the
-.Op Fl -keyword|-k
+.Op Fl \-keyword|\-k
 option),
 .It
 by package name or package name and version (with the
-.Op Fl -package|-p
+.Op Fl \-package|\-p
 option),
 .Bl -bullet
 .It
 the package name can be treated as a regular expression (with the
-.Op Fl -re-names|-R
+.Op Fl \-re\-names|\-R
 option),
 .El
 .It
 by reference source, reference source and ID, or ID (with the
-.Op Fl -ref|-r
+.Op Fl \-ref|\-r
 option),
 .Bl -bullet
 .It
 existing sources can be listed (with the
-.Op Fl -sources|-s
+.Op Fl \-sources|\-s
 option),
 .El
 .It
 by discovery, entry or modification dates (with the
-.Op Fl -discovery|-d ,
-.Op Fl -entry|-e
+.Op Fl \-discovery|\-d ,
+.Op Fl \-entry|\-e
 or
-.Op Fl -modified|-m
+.Op Fl \-modified|\-m
 options),
 .Bl -bullet
 .It
@@ -74,56 +74,56 @@ these dates can be a specific day, month or year.
 .El
 .Pp
 For all these queries the detailed description is not printed, unless you use the
-.Op Fl -desc|-d
+.Op Fl \-desc|\-d
 option to render the HTML description as text.
 .Pp
 For the package and reference queries, the package and version, or reference source and ID, are separated using the '~' character.
 .Pp
 All the options can be used several times and their results are cumulative (ie. treated as logical OR).
 .Ss OPTIONS
-.Op Fl -desc|-D
+.Op Fl \-desc|\-D
 Print description
 .Pp
-.Op Fl -id|-i Ar VID
+.Op Fl \-id|\-i Ar VID
 Search for the specified Vulnerability ID
 .Pp
-.Op Fl -topic|-t Ar RE
+.Op Fl \-topic|\-t Ar RE
 Search for the specified regex in topics
 .Pp
-.Op Fl -keyword|-k Ar RE
+.Op Fl \-keyword|\-k Ar RE
 Search for the specified regex in topics and desc.
 .Pp
-.Op Fl -package|-p Ar PID
+.Op Fl \-package|\-p Ar PID
 Search for the specified name in affected packages. PID can also be name~version
 .Pp
-.Op Fl -re-names|-R
+.Op Fl \-re\-names|\-R
 The name part of a PID is a regex
 .Pp
-.Op Fl -sources|-s
+.Op Fl \-sources|\-s
 List references sources
 .Pp
-.Op Fl -ref|-r Ar RID
+.Op Fl \-ref|\-r Ar RID
 Search for the specified ID in references. RID can also be source~, source~ID
 .Pp
-.Op Fl -discovery|-d Ar DATE
+.Op Fl \-discovery|\-d Ar DATE
 Search for the specified date in discovery dates
 .Pp
-.Op Fl -entry|-e Ar DATE
+.Op Fl \-entry|\-e Ar DATE
 Search for the specified date in entry dates
 .Pp
-.Op Fl -modified|-m Ar DATE
-Search for the specified date in modified dates. DATE can be YYYY-MM-DD, YYYY-MM or YYYY
+.Op Fl \-modified|\-m Ar DATE
+Search for the specified date in modified dates. DATE can be YYYY\-MM\-DD, YYYY\-MM or YYYY
 .Pp
-.Op Fl -debug
+.Op Fl \-debug
 Enable debug mode
 .Pp
-.Op Fl -help|-?
+.Op Fl \-help|\-?
 Print usage and this help message and exit
 .Pp
-.Op Fl -version
+.Op Fl \-version
 Print version and exit
 .Pp
-.Op Fl -
+.Op Fl \-
 Options processing terminator
 .Sh ENVIRONMENT
 The
@@ -143,7 +143,7 @@ environment variables under other operating systems can influence the caching di
 .Sh FILES
 The
 .Nm
-utility will attempt to maintain a caching directory for the web service it uses, where the downloaded database will be re-used within the next 24 hours.
+utility will attempt to maintain a caching directory for the web service it uses, where the downloaded database will be re\-used within the next 24 hours.
 .Pp
 This directory will be located in one of the following places:
 .Bl -bullet
@@ -171,20 +171,20 @@ Unix:
 .Sh EXAMPLES
 Use the following command to search for vulnerabilities affecting the "gnutls" package:
 .Bd -literal
-vuxml -p gnutls
+vuxml \-p gnutls
 .Ed
 .Pp
-And the following one to search for vulnerabilities affecting packages whose name starts with "gnutls" ("gnutls", "gnutls-devel", "gnutls3" will match, while "linux-f10-gnutls" won't):
+And the following one to search for vulnerabilities affecting packages whose name starts with "gnutls" ("gnutls", "gnutls\-devel", "gnutls3" will match, while "linux\-f10\-gnutls" won't):
 .Bd -literal
-vuxml -Rp "^gnutls"
+vuxml \-Rp "^gnutls"
 .Ed
 .Sh SEE ALSO
 .Xr vuxml 3 ,
 .Lk https://www.vuxml.org/ VuXML website
 .Lk https://www.vuxml.org/freebsd/ FreeBSD VuXML website
-.Lk https://docs.freebsd.org/en/books/porters-handbook/security/ VuXML database explanation in the Porter's handbook
+.Lk https://docs.freebsd.org/en/books/porters\-handbook/security/ VuXML database explanation in the Porter's handbook
 .Lk https://www.freshports.org/security/vuxml/ VuXML database as a FreeBSD port
-.Xr pkg-audit 8 ,
+.Xr pkg\-audit 8 ,
 .Xr vxquery
 .Sh STANDARDS
 The
@@ -194,6 +194,11 @@ utility is not a standard UNIX command.
 It tries to follow the PEP 8 style guide for Python code.
 .Sh PORTABILITY
 Tested OK under Windows.
+.Pp
+Packaged for
+.Fx
+as
+.Em pyXX\\-pnu\\-vuxml .
 .Sh HISTORY
 This implementation was made for the
 .Lk https://github.com/HubTou/PNU PNU project
@@ -208,10 +213,10 @@ I made a tool to check the 4000+ FreeBSD ports of Python packages, and found aro
 So I made a library in order to verify if these vulnerable ports where also marked as vulnerable in FreeBSD VuXML,
 and got carried away writing this utility to demonstrate the use of the library!
 .Sh LICENSE
-This utility is available under the 3-clause BSD license.
+This utility is available under the 3\-clause BSD license.
 .Sh AUTHORS
 .An Hubert Tournier
 .Sh CAVEATS
 PORTREVISION and PORTEPOCH (ie. software versions ending with "_number" or ",number")
 are not taken into account when checking if a vulnerable Python package is also a vulnerable FreeBSD port.
-I would have to develop my own versions comparison library in order to handle that (well, maybe one day :-) ).
+I would have to develop my own versions comparison library in order to handle that (well, maybe one day :\-) ).

man/vuxml.3

@@ -1,4 +1,4 @@
-.Dd March 21, 2023
+.Dd March 15, 2024
 .Dt VUXML 3
 .Os
 .Sh NAME
@@ -130,7 +130,7 @@ is a regular expression.
 .Pp
 The
 .Fn is_valid_date
-function returns True if the given string is a recognized date format (ie. "YYYY-MM-DD", "YYYY-MM" or "YYYY").
+function returns True if the given string is a recognized date format (ie. "YYYY\-MM\-DD", "YYYY\-MM" or "YYYY").
 .Pp
 The
 .Fn search_vulns_by_discovery_date
@@ -169,16 +169,23 @@ environment variables under other operating systems can influence the caching di
 .Xr vuxml 1 ,
 .Lk https://www.vuxml.org/ VuXML website
 .Lk https://www.vuxml.org/freebsd/ FreeBSD VuXML website
-.Lk https://docs.freebsd.org/en/books/porters-handbook/security/ VuXML database explanation in the Porter's handbook
+.Lk https://docs.freebsd.org/en/books/porters\-handbook/security/ VuXML database explanation in the Porter's handbook
 .Lk https://www.freshports.org/security/vuxml/ VuXML database as a FreeBSD port
-.Xr pkg-audit 8 ,
+.Xr pkg\-audit 8 ,
 .Xr vxquery
 .Sh STANDARDS
 The
 .Lb vuxml
 is not a standard UNIX one.
 .Pp
 It tries to follow the PEP 8 style guide for Python code.
+.Sh PORTABILITY
+Tested OK under Windows.
+.Pp
+Packaged for
+.Fx
+as
+.Em pyXX\\-pnu\\-vuxml .
 .Sh HISTORY
 This library was made for the
 .Lk https://github.com/HubTou/PNU PNU project
@@ -193,10 +200,10 @@ I made a tool to check the 4000+ FreeBSD ports of Python packages, and found aro
 So I made this library in order to verify if these vulnerable ports where also marked as vulnerable in FreeBSD VuXML,
 and got carried away writing a full utility demonstrating its use!
 .Sh LICENSE
-This library is available under the 3-clause BSD license.
+This library is available under the 3\-clause BSD license.
 .Sh AUTHORS
 .An Hubert Tournier
 .Sh CAVEATS
 PORTREVISION and PORTEPOCH (ie. software versions ending with "_number" or ",number")
 are not taken into account when checking if a vulnerable Python package is also a vulnerable FreeBSD port.
-I would have to develop my own versions comparison library in order to handle that (well, maybe one day :-) ).
+I would have to develop my own versions comparison library in order to handle that (well, maybe one day :\-) ).

pyproject.toml

@@ -1,6 +1,3 @@
 [build-system]
-requires = [
-    "setuptools>=42",
-    "wheel"
-]
+requires = ["setuptools"]
 build-backend = "setuptools.build_meta"

setup.cfg

@@ -3,7 +3,7 @@ name = pnu-vuxml
 description = FreeBSD VuXML library and query tool
 long_description = file: README.md
 long_description_content_type = text/markdown
-version = 1.0.2
+version = 1.1.0
 license = BSD 3-Clause License
 license_files = License
 author = Hubert Tournier
@@ -22,7 +22,6 @@ classifiers =
     Operating System :: OS Independent
     Operating System :: POSIX :: BSD :: FreeBSD
     Operating System :: Microsoft :: Windows
-    Programming Language :: Python :: 3
     Programming Language :: Python :: 3.6
     Programming Language :: Python :: 3.7
     Programming Language :: Python :: 3.8
@@ -40,7 +39,7 @@ package_dir =
 packages = find:
 python_requires = >=3.6
 install_requires =
-    pnu-libpnu
+    pnu-libpnu >= 1.3.0
     colorama
     defusedxml
     html2text

src/vuxml/main.py

@@ -21,7 +21,7 @@
                      search_vulns_by_modified_date, print_vuln
 
 # Version string used by the what(1) and ident(1) commands:
-ID = "@(#) $Id: vuxml - FreeBSD VuXML library and query tool v1.0.2 (March 2, 2024) by Hubert Tournier $"
+ID = "@(#) $Id: vuxml - FreeBSD VuXML library and query tool v1.1.0 (March 15, 2024) by Hubert Tournier $"
 
 # Default parameters. Can be overcome by environment variables, then command line options
 parameters = {
@@ -72,13 +72,6 @@ def _display_help():
     #pylint: enable=C0301
 
 
-####################################################################################################
-def _handle_interrupts(signal_number, current_stack_frame):
-    """ Prevent SIGINT signals from displaying an ugly stack trace """
-    print(" Interrupted!\n", file=sys.stderr)
-    sys.exit(0)
-
-
 ####################################################################################################
 def _process_environment_variables():
     """ Process environment variables """
@@ -232,7 +225,7 @@ def main():
     program_name = os.path.basename(sys.argv[0])
 
     libpnu.initialize_debugging(program_name)
-    libpnu.handle_interrupt_signals(_handle_interrupts)
+    libpnu.handle_interrupt_signals(libpnu.interrupt_handler_function)
     _process_environment_variables()
     _ = _process_command_line()