Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:check-syntax-parallelisation into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. check-syntax-parallelisation
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: ad24039e3eec35c3803a269316f361883e5f16a4
Proposed branch: ~alexmurray/ubuntu-cve-tracker:check-syntax-parallelisation
Merge into: ubuntu-cve-tracker:master
Diff against target: 145 lines (+26/-31)
1 file modified
scripts/check-syntax (+26/-31)
Reviewer Review Type Date Requested Status
Seth Arnold Approve
Review via email: mp+439123@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for looking in to this, this has annoyed me for ages!

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks for the review Seth - indeed you are right that this was not working as expected - hopefully things are better now (indeed the lpcraft CI should show failure if it *is* working as there are check-syntax errors on this branch that are currently not being detected).

Revision history for this message
Alex Murray (alexmurray) wrote :

Yep lpcraft fails expectedly now so I am pretty confident this is working properly.

Revision history for this message
Paulo Flabiano Smorigo (pfsmorigo) wrote :

That's cool. Maybe we can try something like that for some cve_lib heavy functions like load_table

Revision history for this message
Seth Arnold (seth-arnold) wrote :

The boolean solution is *very* nice. It's so much better than what I had thought of myself.

But now I have a quibble on the debug output :) Sorry :)

Revision history for this message
Alex Murray (alexmurray) wrote :

Hmm I think the work of analysing all the CVEs in args will be a lot more than constructing a long string listing them all and so I think any performance gain here will be negligible and would rather keep things more readable.

Revision history for this message
Alex Murray (alexmurray) wrote :

I can haz reviews?

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I didn't test it :) but it all looks fine; I still suspect we'll want to re-add the debug checks before constructing the strings eventually :) but if this is still a win, hooray.

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

FWIW I tried benchmarking adding in the if opt.debug and I couldn't notice any difference.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-syntax b/scripts/check-syntax
2index d25d376..96e288e 100755
3--- a/scripts/check-syntax
4+++ b/scripts/check-syntax
5@@ -21,6 +21,7 @@ import re
6 import sys
7 import subprocess
8 import signal
9+import multiprocessing
10
11 import cve_lib
12 import kernel_lib
13@@ -253,8 +254,11 @@ parser.add_option(
14 if opt.debug:
15 pp = pprint.PrettyPrinter(indent=4)
16
17-all_okay = True
18-cves_updated = False
19+def debug(args):
20+ if opt.debug:
21+ pp.pprint(args)
22+
23+
24 warned_kernels = []
25 esm_warned = False
26
27@@ -284,14 +288,12 @@ check_dirs = [cve_lib.active_dir, cve_lib.retired_dir, cve_lib.ignored_dir]
28 if os.path.islink(cve_lib.embargoed_dir):
29 check_dirs.append(cve_lib.embargoed_dir)
30
31-if opt.debug:
32- pp.pprint("check_dirs %s" % check_dirs)
33+debug("check_dirs %s" % check_dirs)
34
35 all_files = True
36 if len(args) == 0:
37 if opt.filelist:
38- if opt.debug:
39- pp.pprint("Using filelist %s" % opt.filelist)
40+ debug("Using filelist %s" % opt.filelist)
41
42 all_files = False
43 with open(opt.filelist) as fh:
44@@ -300,8 +302,7 @@ if len(args) == 0:
45 if line.startswith("%s/CVE-" % dir):
46 args += [line.rstrip()]
47 elif opt.modified:
48- if opt.debug:
49- pp.pprint("Checking modified files only")
50+ debug("Checking modified files only")
51
52 all_files = False
53
54@@ -329,13 +330,11 @@ if len(args) == 0:
55 else:
56 all_files = False
57
58-if opt.debug:
59- pp.pprint("args %s" % args)
60+debug("args %s" % args)
61
62 ignored = cve_lib.parse_CVEs_from_uri("%s/not-for-us.txt" % cve_lib.ignored_dir)
63
64-if opt.debug:
65- pp.pprint("ignored %s" % ignored)
66+debug("ignored %s" % ignored)
67
68 cna_cves_set = CVEs_from_CNA()
69 # Just run this if we're not specifying specific CVEs
70@@ -355,12 +354,11 @@ if len(cna_cves_set) > 0 and all_files:
71 ignored_set = set(ignored)
72 args_set = {find_cves(name) for name in filter(filter_cves, args)}
73
74- if opt.debug:
75- pp.pprint("cna_cves_set: %s\n" % cna_cves_set)
76- pp.pprint("ignored_set: %s\n" % ignored_set)
77- pp.pprint("args: %s" % args)
78- pp.pprint("filtered_args: %s" % filter(filter_cves, args))
79- pp.pprint("args_set: %s\n" % args_set)
80+ debug("cna_cves_set: %s\n" % cna_cves_set)
81+ debug("ignored_set: %s\n" % ignored_set)
82+ debug("args: %s" % args)
83+ debug("filtered_args: %s" % filter(filter_cves, args))
84+ debug("args_set: %s\n" % args_set)
85
86 # if we ever assign a CVE then ignore it (vbulletin comes to mind...)
87 # we can use the "IGNORED" tag to skip these checks
88@@ -377,7 +375,7 @@ if len(cna_cves_set) > 0 and all_files:
89 aliases_cache = {}
90 generics_cache = {}
91
92-for cve in args:
93+def check_cve(cve):
94 if re.match(r"EMB-", cve):
95 cvepath = os.path.join(cve_lib.embargoed_dir, cve)
96 elif re.match(r"CVE-", cve):
97@@ -395,14 +393,13 @@ for cve in args:
98 data = cve_lib.load_cve(cvepath, opt.strict, srcmap=srcmap)
99 except ValueError as e:
100 print(e, file=sys.stderr)
101- all_okay = False
102- continue
103+ return False
104 if cve in ignored:
105 print(
106 "%s: %d: duplicate CVE found in not-for-us.txt" % (cvepath, 1),
107 file=sys.stderr,
108 )
109- all_okay = False
110+ cve_okay = False
111 matches = set()
112 for dir in [
113 cve_lib.active_dir,
114@@ -418,7 +415,7 @@ for cve in args:
115 % (cvepath, 1, ", ".join(sorted(matches))),
116 file=sys.stderr,
117 )
118- all_okay = False
119+ cve_okay = False
120
121 # verify required fields are present
122 for field in required_fields:
123@@ -1010,16 +1007,14 @@ for cve in args:
124 cve_okay = False
125
126
127- # Report on failures
128- if not cve_okay:
129- all_okay = False
130- elif opt.debug:
131+ if opt.debug:
132 pp.pprint(data)
133+ debug(data)
134+ return cve_okay
135
136-
137-if cves_updated:
138- print("CVEs updated. Please run again.", file=sys.stderr)
139- all_okay = False
140+with multiprocessing.Pool(multiprocessing.cpu_count()) as p:
141+ results = p.map(check_cve, args)
142+ all_okay = all(results)
143
144 if all_okay and opt.verbose:
145 print("OK: %d CVEs" % (len(args)))

Subscribers

People subscribed via source and target branches