Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:check-syntax-parallelisation into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. check-syntax-parallelisation
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: ad24039e3eec35c3803a269316f361883e5f16a4
Proposed branch: ~alexmurray/ubuntu-cve-tracker:check-syntax-parallelisation
Merge into: ubuntu-cve-tracker:master
Diff against target: 145 lines (+26/-31)
1 file modified
scripts/check-syntax (+26/-31)
Reviewer Review Type Date Requested Status
Seth Arnold Approve
Review via email: mp+439123@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for looking in to this, this has annoyed me for ages!

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks for the review Seth - indeed you are right that this was not working as expected - hopefully things are better now (indeed the lpcraft CI should show failure if it *is* working as there are check-syntax errors on this branch that are currently not being detected).

Revision history for this message
Alex Murray (alexmurray) wrote :

Yep lpcraft fails expectedly now so I am pretty confident this is working properly.

Revision history for this message
Paulo Flabiano Smorigo (pfsmorigo) wrote :

That's cool. Maybe we can try something like that for some cve_lib heavy functions like load_table

Revision history for this message
Seth Arnold (seth-arnold) wrote :

The boolean solution is *very* nice. It's so much better than what I had thought of myself.

But now I have a quibble on the debug output :) Sorry :)

Revision history for this message
Alex Murray (alexmurray) wrote :

Hmm I think the work of analysing all the CVEs in args will be a lot more than constructing a long string listing them all and so I think any performance gain here will be negligible and would rather keep things more readable.

Revision history for this message
Alex Murray (alexmurray) wrote :

I can haz reviews?

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I didn't test it :) but it all looks fine; I still suspect we'll want to re-add the debug checks before constructing the strings eventually :) but if this is still a win, hooray.

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

FWIW I tried benchmarking adding in the if opt.debug and I couldn't notice any difference.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/check-syntax b/scripts/check-syntax
index d25d376..96e288e 100755
--- a/scripts/check-syntax
+++ b/scripts/check-syntax
@@ -21,6 +21,7 @@ import re
21import sys21import sys
22import subprocess22import subprocess
23import signal23import signal
24import multiprocessing
2425
25import cve_lib26import cve_lib
26import kernel_lib27import kernel_lib
@@ -253,8 +254,11 @@ parser.add_option(
253if opt.debug:254if opt.debug:
254 pp = pprint.PrettyPrinter(indent=4)255 pp = pprint.PrettyPrinter(indent=4)
255256
256all_okay = True257def debug(args):
257cves_updated = False258 if opt.debug:
259 pp.pprint(args)
260
261
258warned_kernels = []262warned_kernels = []
259esm_warned = False263esm_warned = False
260264
@@ -284,14 +288,12 @@ check_dirs = [cve_lib.active_dir, cve_lib.retired_dir, cve_lib.ignored_dir]
284if os.path.islink(cve_lib.embargoed_dir):288if os.path.islink(cve_lib.embargoed_dir):
285 check_dirs.append(cve_lib.embargoed_dir)289 check_dirs.append(cve_lib.embargoed_dir)
286290
287if opt.debug:291debug("check_dirs %s" % check_dirs)
288 pp.pprint("check_dirs %s" % check_dirs)
289292
290all_files = True293all_files = True
291if len(args) == 0:294if len(args) == 0:
292 if opt.filelist:295 if opt.filelist:
293 if opt.debug:296 debug("Using filelist %s" % opt.filelist)
294 pp.pprint("Using filelist %s" % opt.filelist)
295297
296 all_files = False298 all_files = False
297 with open(opt.filelist) as fh:299 with open(opt.filelist) as fh:
@@ -300,8 +302,7 @@ if len(args) == 0:
300 if line.startswith("%s/CVE-" % dir):302 if line.startswith("%s/CVE-" % dir):
301 args += [line.rstrip()]303 args += [line.rstrip()]
302 elif opt.modified:304 elif opt.modified:
303 if opt.debug:305 debug("Checking modified files only")
304 pp.pprint("Checking modified files only")
305306
306 all_files = False307 all_files = False
307308
@@ -329,13 +330,11 @@ if len(args) == 0:
329else:330else:
330 all_files = False331 all_files = False
331332
332if opt.debug:333debug("args %s" % args)
333 pp.pprint("args %s" % args)
334334
335ignored = cve_lib.parse_CVEs_from_uri("%s/not-for-us.txt" % cve_lib.ignored_dir)335ignored = cve_lib.parse_CVEs_from_uri("%s/not-for-us.txt" % cve_lib.ignored_dir)
336336
337if opt.debug:337debug("ignored %s" % ignored)
338 pp.pprint("ignored %s" % ignored)
339338
340cna_cves_set = CVEs_from_CNA()339cna_cves_set = CVEs_from_CNA()
341# Just run this if we're not specifying specific CVEs340# Just run this if we're not specifying specific CVEs
@@ -355,12 +354,11 @@ if len(cna_cves_set) > 0 and all_files:
355 ignored_set = set(ignored)354 ignored_set = set(ignored)
356 args_set = {find_cves(name) for name in filter(filter_cves, args)}355 args_set = {find_cves(name) for name in filter(filter_cves, args)}
357356
358 if opt.debug:357 debug("cna_cves_set: %s\n" % cna_cves_set)
359 pp.pprint("cna_cves_set: %s\n" % cna_cves_set)358 debug("ignored_set: %s\n" % ignored_set)
360 pp.pprint("ignored_set: %s\n" % ignored_set)359 debug("args: %s" % args)
361 pp.pprint("args: %s" % args)360 debug("filtered_args: %s" % filter(filter_cves, args))
362 pp.pprint("filtered_args: %s" % filter(filter_cves, args))361 debug("args_set: %s\n" % args_set)
363 pp.pprint("args_set: %s\n" % args_set)
364362
365 # if we ever assign a CVE then ignore it (vbulletin comes to mind...)363 # if we ever assign a CVE then ignore it (vbulletin comes to mind...)
366 # we can use the "IGNORED" tag to skip these checks364 # we can use the "IGNORED" tag to skip these checks
@@ -377,7 +375,7 @@ if len(cna_cves_set) > 0 and all_files:
377aliases_cache = {}375aliases_cache = {}
378generics_cache = {}376generics_cache = {}
379377
380for cve in args:378def check_cve(cve):
381 if re.match(r"EMB-", cve):379 if re.match(r"EMB-", cve):
382 cvepath = os.path.join(cve_lib.embargoed_dir, cve)380 cvepath = os.path.join(cve_lib.embargoed_dir, cve)
383 elif re.match(r"CVE-", cve):381 elif re.match(r"CVE-", cve):
@@ -395,14 +393,13 @@ for cve in args:
395 data = cve_lib.load_cve(cvepath, opt.strict, srcmap=srcmap)393 data = cve_lib.load_cve(cvepath, opt.strict, srcmap=srcmap)
396 except ValueError as e:394 except ValueError as e:
397 print(e, file=sys.stderr)395 print(e, file=sys.stderr)
398 all_okay = False396 return False
399 continue
400 if cve in ignored:397 if cve in ignored:
401 print(398 print(
402 "%s: %d: duplicate CVE found in not-for-us.txt" % (cvepath, 1),399 "%s: %d: duplicate CVE found in not-for-us.txt" % (cvepath, 1),
403 file=sys.stderr,400 file=sys.stderr,
404 )401 )
405 all_okay = False402 cve_okay = False
406 matches = set()403 matches = set()
407 for dir in [404 for dir in [
408 cve_lib.active_dir,405 cve_lib.active_dir,
@@ -418,7 +415,7 @@ for cve in args:
418 % (cvepath, 1, ", ".join(sorted(matches))),415 % (cvepath, 1, ", ".join(sorted(matches))),
419 file=sys.stderr,416 file=sys.stderr,
420 )417 )
421 all_okay = False418 cve_okay = False
422419
423 # verify required fields are present420 # verify required fields are present
424 for field in required_fields:421 for field in required_fields:
@@ -1010,16 +1007,14 @@ for cve in args:
1010 cve_okay = False1007 cve_okay = False
10111008
10121009
1013 # Report on failures1010 if opt.debug:
1014 if not cve_okay:
1015 all_okay = False
1016 elif opt.debug:
1017 pp.pprint(data)1011 pp.pprint(data)
1012 debug(data)
1013 return cve_okay
10181014
10191015with multiprocessing.Pool(multiprocessing.cpu_count()) as p:
1020if cves_updated:1016 results = p.map(check_cve, args)
1021 print("CVEs updated. Please run again.", file=sys.stderr)1017 all_okay = all(results)
1022 all_okay = False
10231018
1024if all_okay and opt.verbose:1019if all_okay and opt.verbose:
1025 print("OK: %d CVEs" % (len(args)))1020 print("OK: %d CVEs" % (len(args)))

Subscribers

People subscribed via source and target branches