Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:only-add-dne-for-ubuntu-products into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. only-add-dne-for-ubuntu-products
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 0a66e2d6d3a6ca60e6830c0e4807f5f9922b4cde
Proposed branch: ~alexmurray/ubuntu-cve-tracker:only-add-dne-for-ubuntu-products
Merge into: ubuntu-cve-tracker:master
Diff against target: 45 lines (+12/-8)
1 file modified
scripts/active_edit (+12/-8)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+425916@code.launchpad.net

Description of the change

This should avoid the previous cases where we would add snap_ entries in CVE files.

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

LGTM and tests okay, merging. Probably we will want to move release_wants_dne() into cve_lib so that e.g. check-syntax can make use of the logic as well.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/active_edit b/scripts/active_edit
2index 8f65066..ef3627b 100755
3--- a/scripts/active_edit
4+++ b/scripts/active_edit
5@@ -90,6 +90,12 @@ def create_or_update_external_subproject_cves(cve, pkgname):
6 else:
7 print("Aborted\n")
8
9+def release_wants_dne(release):
10+ '''Return true if the release wants to have DNE entries in CVE files.'''
11+ # for now only UBUNTU products should have DNE entries
12+ _, product, _, _ = cve_lib.get_subproject_details(release)
13+ return product != None and product == cve_lib.PRODUCT_UBUNTU
14+
15 def update_cve(cve, pkgname, fixed_in=None, fixed_in_release=None, fixed_in_release_version=None):
16 '''Update an existing CVE file'''
17 with open(os.path.join(cvedir, cve), "r") as f:
18@@ -153,10 +159,9 @@ def update_cve(cve, pkgname, fixed_in=None, fixed_in_release=None, fixed_in_rele
19 continue
20 state = "needs-triage"
21 if not pkg_in_rel(pkgname, release):
22- # package doesn't exist in this release - we want to
23- # specify whether it exists but only for progenitor
24- # releases, not derived ones
25- if not cve_lib.release_progenitor(release):
26+ # package doesn't exist in this release - see if it wants a
27+ # DNE entry
28+ if release_wants_dne(release):
29 state = "DNE"
30 else:
31 continue
32@@ -248,10 +253,9 @@ def create_cve(cve, pkgname, fixed_in=None, fixed_in_release=None, fixed_in_rele
33 if (rel_pat.search(line)):
34 state = "needs-triage"
35 if not pkg_in_rel(pkgname, release):
36- # package doesn't exist in this release - we want to
37- # specify whether it exists but only for progenitor
38- # releases, not derived ones
39- if not cve_lib.release_progenitor(release):
40+ # package doesn't exist in this release - see if it wants a
41+ # DNE entry
42+ if release_wants_dne(release):
43 state = "DNE"
44 else:
45 continue

Subscribers

People subscribed via source and target branches