Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:cleanup-cve-lib-subprojects-api into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. cleanup-cve-lib-subprojects-api
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 83e69cc5a95f0e3b4654dd2afde49ec875c3eefe
Proposed branch: ~alexmurray/ubuntu-cve-tracker:cleanup-cve-lib-subprojects-api
Merge into: ubuntu-cve-tracker:master
Diff against target: 171 lines (+19/-32)
4 files modified
scripts/check-syntax-fixup (+1/-1)
scripts/cve_lib.py (+14/-26)
scripts/generate-oval (+2/-3)
scripts/source_map.py (+2/-2)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+410574@code.launchpad.net

Description of the change

Clean up the cve_lib API recently added for handling subprojects

See the corresponding MR for ubuntu-security-tools in https://code.launchpad.net/~alexmurray/ubuntu-security-tools/+git/ubuntu-security-tools/+merge/410575

To post a comment you must log in.
Revision history for this message
Seth Arnold (seth-arnold) wrote :

This feels like a nice cleanup to me.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-syntax-fixup b/scripts/check-syntax-fixup
2index f7d7631..452d253 100755
3--- a/scripts/check-syntax-fixup
4+++ b/scripts/check-syntax-fixup
5@@ -112,7 +112,7 @@ for line in args.infile:
6 # get status from the parent release if there is one
7 status = "needs-triage"
8 try:
9- _, _, details = cve_lib.get_subproject(rel)
10+ _, _, _, details = cve_lib.get_subproject_details(rel)
11 parent = details["parent"]
12 # this may be either an alias or a full name but cve_lib only
13 # uses aliases
14diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
15index 4d5851f..a5b5ae5 100755
16--- a/scripts/cve_lib.py
17+++ b/scripts/cve_lib.py
18@@ -315,13 +315,13 @@ def product_series(rel):
19 series = parts[1]
20 return product, series
21
22-# get the subproject details for rel along with the product and series
23-def get_subproject(rel):
24+# get the subproject details for rel along with it's canonical name, product and series
25+def get_subproject_details(rel):
26 """Return the product,series,details tuple for rel."""
27 product, series, details = None, None, None
28 try:
29- product, series = product_series(rel)
30 details = subprojects[rel]
31+ product, series = product_series(rel)
32 except (ValueError, KeyError):
33 # look for alias
34 for r in subprojects:
35@@ -336,55 +336,44 @@ def get_subproject(rel):
36 break
37 if product is None:
38 raise ValueError("Unknown release" % rel)
39- return product, series, details
40+ return product + "/" + series, product, series, details
41
42-def get_subproject_by_ppa_url_and_series(url, series):
43- """Return the product,series,details subproject tuple matching url and series.
44+def get_subproject_details_by_ppa_url_and_series(url, series):
45+ """Return the canonical_name,product,series,details subproject tuple matching url and series.
46
47 Searches for a known subproject that defines series and which has a ppa
48 property defined that is a substring of url.
49
50 """
51+ canon = None
52 product = None
53 details = None
54-
55 for rel in subprojects:
56 prod, ser = product_series(rel)
57 if ser == series:
58 try:
59 if subprojects[rel]["ppa"] in url:
60 product = prod
61+ canon = product + "/" + series
62 details = subprojects[rel]
63 break
64 except KeyError:
65 pass
66 if details is not None:
67 break
68- return product, series, details
69+ return canon, product, series, details
70
71 def release_alias(rel):
72 """Return the alias for rel or just rel if no alias is defined."""
73 alias = rel
74- product, series, details = get_subproject(rel)
75- if product and series and details:
76+ _, _, _, details = get_subproject_details(rel)
77+ if details:
78 try:
79 alias = details["alias"]
80 except KeyError:
81 pass
82 return alias
83
84-def canonical_release_name(rel):
85- """Return the canonical name for rel."""
86- name = None
87- product, series, details = get_subproject(rel)
88- if product and series and details:
89- name = product + "/" + series
90- if name not in subprojects:
91- name = None
92- if name is None:
93- raise(KeyError("Unknown release %s" % rel))
94- return name
95-
96 def get_external_subproject_cve_dir(subproject):
97 """Get the directory where CVE files are stored for the subproject.
98
99@@ -394,16 +383,15 @@ def get_external_subproject_cve_dir(subproject):
100 subproject.
101
102 """
103- rel = canonical_release_name(subproject)
104+ rel, product, _, _ = get_subproject_details(subproject)
105 if rel not in external_releases:
106 raise ValueError("%s is not an external subproject" % rel)
107 # CVEs live in the product dir
108- product, _ = product_series(rel)
109 return os.path.join(subprojects_dir, product)
110
111 def get_external_subproject_dir(subproject):
112 """Get the directory for the given external subproject."""
113- rel = canonical_release_name(subproject)
114+ rel, _, _, _ = get_subproject_details(subproject)
115 if rel not in external_releases:
116 raise ValueError("%s is not an external subproject" % rel)
117 return os.path.join(subprojects_dir, rel)
118@@ -1664,7 +1652,7 @@ def load_cve(cve, strict=False, srcmap=None):
119 if not success:
120 assert(code == EXIT_FAIL)
121 continue
122- _, _, subproject = get_subproject(rel)
123+ _, _, subproject = get_subproject_details(rel)
124 if subproject is None and rel not in ['upstream', 'devel']:
125 msg += "%s: %d: unknown entry '%s'\n" % (cve, linenum, rel)
126 code = EXIT_FAIL
127diff --git a/scripts/generate-oval b/scripts/generate-oval
128index f0b94a0..debdd83 100755
129--- a/scripts/generate-oval
130+++ b/scripts/generate-oval
131@@ -36,7 +36,7 @@ import tempfile
132 from launchpadlib.launchpad import Launchpad
133
134 import apt_pkg
135-from cve_lib import (canonical_release_name, kernel_srcs, get_orig_rel_name, is_active_esm_release, load_cve, canonical_release_name, product_series, PRODUCT_UBUNTU)
136+from cve_lib import (kernel_srcs, get_orig_rel_name, is_active_esm_release, load_cve, get_subproject_details, PRODUCT_UBUNTU)
137 from kernel_lib import (meta_kernels, kernel_package_abi, kernel_package_version)
138 import oval_lib
139 #import lpl_common
140@@ -374,8 +374,7 @@ def parse_cve_file(filepath, cache):
141 continue
142 # TODO: deal with non-ubuntu products - skip them for now
143 try:
144- release = canonical_release_name(rel)
145- product, _ = product_series(release)
146+ _, product, _, _ = get_subproject_details(rel)
147 if product != PRODUCT_UBUNTU:
148 continue
149 except KeyError:
150diff --git a/scripts/source_map.py b/scripts/source_map.py
151index 9eafa26..d22f4be 100755
152--- a/scripts/source_map.py
153+++ b/scripts/source_map.py
154@@ -120,7 +120,7 @@ def _find_from_mirror(ubuntu, canonical, data_type, arch='amd64', pockets=None,
155 for rel in releases:
156 if skip_eol_releases and rel in cve_lib.eol_releases:
157 continue
158- _, series, details = cve_lib.get_subproject(rel)
159+ _, _, series, details = cve_lib.get_subproject_details(rel)
160 if details is None:
161 print("Failed to load details for %s" % rel)
162 continue
163@@ -426,7 +426,7 @@ def load_subprojects_lists(releases=None):
164 releases = cve_lib.all_releases
165
166 for rel in releases:
167- _, _, details = cve_lib.get_subproject(rel)
168+ _, _, _, details = cve_lib.get_subproject_details(rel)
169 if details is None:
170 print("Failed to load details for %s" % rel)
171 continue

Subscribers

People subscribed via source and target branches