From 203c18752f639c9d319c80677cbbf308362a0155 Mon Sep 17 00:00:00 2001
From: Ken Moore <moorekou@gmail.com>
Date: Mon, 28 Mar 2016 10:37:05 -0400
Subject: [PATCH] Add a new API call: sysadm/pkg, "action" = "pkg_audit". This
 will perform an audit of all installed packages and report any vulnerable
 packages and which other packages these impact. NOTE: The actual information
 will be returned as a Dispatcher event - this API call just queues up the pkg
 operation (limitation of pkg - only one process call at a time)

REST Request:
-------------------------------
PUT /sysadm/pkg
{
   "action" : "pkg_audit"
}

WebSocket Request:
-------------------------------
{
   "args" : {
      "action" : "pkg_audit"
   },
   "name" : "pkg",
   "id" : "fooid",
   "namespace" : "sysadm"
}

Response:
-------------------------------
{
  "args": {
    "pkg_audit": {
      "proc_cmd": "pkg audit -qr",
      "proc_id": "sysadm_pkg_audit-{257cc46b-9178-4990-810a-12416ddfad79}",
      "status": "pending"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
---
 src/server/DispatcherParsing.cpp | 17 ++++++++++++++++-
 src/server/WebBackend.cpp        | 16 ++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/server/DispatcherParsing.cpp b/src/server/DispatcherParsing.cpp
index 0f6039f..3168099 100644
--- a/src/server/DispatcherParsing.cpp
+++ b/src/server/DispatcherParsing.cpp
@@ -50,13 +50,28 @@ QJsonObject Dispatcher::CreateDispatcherEventNotification(QString ID, QJsonObjec
     namesp = "sysadm"; name="pkg";
     //most pkg commands have no special parsing the pkg output should be available as-is
     args.insert("pkg_log",cLog);
-    args.insert("action", ID.section("-",0,0).section("_pkg_",-1) ); //so the client/user can tell which type of pkg action this is for
+    args.insert("action", ID.section("-",0,0).section("_",1,-1) ); //so the client/user can tell which type of pkg action this is for
     if(ID.section("-",0,0)=="sysadm_pkg_check_upgrade"){
       if(isFinished){
 	bool hasupdates = !cLog.section("\n",-1,QString::SectionSkipEmpty).contains("packages are up to date");
 	args.insert("updates_available", hasupdates ? "true" : "false");
       }
+      
+    }else if(ID.section("-",0,0)=="sysadm_pkg_audit" && isFinished){
+      QStringList info = cLog.split("\n");
+      QStringList vuln, effects;
+      for(int i=0; i<info.length(); i++){
+        if(info[i].startsWith("Packages that depend on ")){
+	  vuln << info[i].section(":",0,0).section(" on ",1,1);
+	  effects << info[i].section(": ",1,-1).split(", ");
+	}
+      }
+      vuln.removeDuplicates(); vuln.removeAll("");
+      effects.removeDuplicates(); effects.removeAll("");
+      args.insert("vulnerable_pkgs",QJsonArray::fromStringList(vuln));
+      args.insert("impacts_pkgs",QJsonArray::fromStringList(effects));
     }
+    
   }
 	
   //Now assemble the output as needed
diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp
index 2122dbf..31d2e65 100644
--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -743,6 +743,22 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmPkgRequest(const QJsonValue
     if(!repos.isEmpty()){ out->insert("list_repos", repos); }
     else{ return RestOutputStruct::NOCONTENT; }
     
+  }else if(act=="pkg_install"){
+  
+  }else if(act=="pkg_remove"){
+	  
+  }else if(act=="pkg_lock"){
+	  
+  }else if(act=="pkg_unlock"){
+	  
+  }else if(act=="pkg_update"){
+	  
+  }else if(act=="pkg_check_upgrade"){
+	  
+  }else if(act=="pkg_upgrade"){
+	  
+  }else if(act=="pkg_audit"){
+    out->insert("pkg_audit", sysadm::PKG::pkg_audit());
   }else{
     //unknown action
     return RestOutputStruct::BADREQUEST;