Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:misc-cve-lib-and-check-syntax-cleanups into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. misc-cve-lib-and-check-syntax-cleanups
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: b7100a0074408e315ffae2395875e69036d3044d
Proposed branch: ~alexmurray/ubuntu-cve-tracker:misc-cve-lib-and-check-syntax-cleanups
Merge into: ubuntu-cve-tracker:master
Diff against target: 434 lines (+94/-68)
3 files modified
scripts/check-syntax (+15/-1)
scripts/cve-mode.el (+2/-2)
scripts/cve_lib.py (+77/-65)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+440925@code.launchpad.net

Description of the change

A bunch of miscellaneous fixups to get some bits of check-syntax working betterer

To post a comment you must log in.
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I added one comment on the /proc/pid/fd/0 symlink-breaking -- and did a very quick skim on the rest; it seemed fine, but also like the sort of mechanical thing that would be easy to overlook a mistake.

Thanks

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks Seth - not sure I understand your comment so if you could help explain it for me that would be great.

Revision history for this message
Seth Arnold (seth-arnold) :
Revision history for this message
Alex Murray (alexmurray) :
Revision history for this message
Steve Beattie (sbeattie) :
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

hey Alex, is this still needed?

review: Needs Information
Revision history for this message
Alex Murray (alexmurray) wrote :

Added --stdin as first class argument to check-syntax and fixed up other bits. Yes this is still needed. As can be seen the check-syntax lpci job fails as expected currently showing check-syntax still works for the regular use-case as well as this new --stdin one (which is used by the flymake integration for emacs in cve-mode.el)

Revision history for this message
Alex Murray (alexmurray) wrote :

Any chance to get a review on this? Otherwise I'll look to merge it tomorrow during CVE triage.

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

cve_lib and check-syntax changes lgtm!
thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/check-syntax b/scripts/check-syntax
index f89a0e4..7d401f6 100755
--- a/scripts/check-syntax
+++ b/scripts/check-syntax
@@ -261,6 +261,13 @@ parser.add_option(
261 help="Number of jobs to run simultaneously (default: %d)" % multiprocessing.cpu_count(),261 help="Number of jobs to run simultaneously (default: %d)" % multiprocessing.cpu_count(),
262 default=multiprocessing.cpu_count(),262 default=multiprocessing.cpu_count(),
263)263)
264parser.add_option(
265 "--stdin",
266 help="Check the contents of stdin instead of a filelist or modified files etc",
267 action="store_true",
268 default=False,
269)
270
264# parser.add_option("-c", "--cna", help="Ensure every CVE assigned by Canonical's CNA has an entry", action='store_true')271# parser.add_option("-c", "--cna", help="Ensure every CVE assigned by Canonical's CNA has an entry", action='store_true')
265(opt, args) = parser.parse_args()272(opt, args) = parser.parse_args()
266273
@@ -304,7 +311,11 @@ if os.path.islink(cve_lib.embargoed_dir):
304debug("check_dirs %s" % check_dirs)311debug("check_dirs %s" % check_dirs)
305312
306all_files = True313all_files = True
307if len(args) == 0:314if opt.stdin:
315 debug("Using /dev/stdin as input")
316 args = ["/dev/stdin"]
317 all_files = False
318elif len(args) == 0:
308 if opt.filelist:319 if opt.filelist:
309 debug("Using filelist %s" % opt.filelist)320 debug("Using filelist %s" % opt.filelist)
310321
@@ -525,6 +536,9 @@ def check_cve(cve):
525 except ValueError as e:536 except ValueError as e:
526 print(e, file=sys.stderr)537 print(e, file=sys.stderr)
527 return False538 return False
539 # get the real CVE if we are using stdin
540 if opt.stdin:
541 cve = data["Candidate"]
528 if cve in ignored:542 if cve in ignored:
529 print(543 print(
530 "%s: %d: duplicate CVE found in not-for-us.txt" % (cvepath, 1),544 "%s: %d: duplicate CVE found in not-for-us.txt" % (cvepath, 1),
diff --git a/scripts/cve-mode.el b/scripts/cve-mode.el
index b8d8230..4f5797e 100644
--- a/scripts/cve-mode.el
+++ b/scripts/cve-mode.el
@@ -683,7 +683,7 @@ cross boundaries of block literals."
683 :name "cve-mode-flymake" :noquery t :connection-type 'pipe683 :name "cve-mode-flymake" :noquery t :connection-type 'pipe
684 ;; Make output go to a temporary buffer.684 ;; Make output go to a temporary buffer.
685 :buffer (generate-new-buffer " *cve-mode-flymake*")685 :buffer (generate-new-buffer " *cve-mode-flymake*")
686 :command `(,cve-mode--check-syntax-executable "/dev/stdin")686 :command `(,cve-mode--check-syntax-executable "--stdin")
687 :sentinel687 :sentinel
688 (lambda (proc _event)688 (lambda (proc _event)
689 (when (memq (process-status proc) '(exit signal))689 (when (memq (process-status proc) '(exit signal))
@@ -723,7 +723,7 @@ cross boundaries of block literals."
723723
724;;;###autoload724;;;###autoload
725(defun cve-mode-setup-flymake-backend ()725(defun cve-mode-setup-flymake-backend ()
726 "Setuo the `flymake' backend for `cve-mode'."726 "Setup the `flymake' backend for `cve-mode'."
727 (add-hook 'flymake-diagnostic-functions 'cve-mode-flymake nil t))727 (add-hook 'flymake-diagnostic-functions 'cve-mode-flymake nil t))
728728
729;;;###autoload729;;;###autoload
diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
index 416d5f7..811ea55 100755
--- a/scripts/cve_lib.py
+++ b/scripts/cve_lib.py
@@ -980,8 +980,8 @@ def find_external_subproject_cves(cve):
980 # top-level project directory even though this is preferred980 # top-level project directory even though this is preferred
981 for d in [get_external_subproject_cve_dir(rel),981 for d in [get_external_subproject_cve_dir(rel),
982 get_external_subproject_dir(rel)]:982 get_external_subproject_dir(rel)]:
983 path = os.path.join(d, cve)983 path = os.path.realpath(os.path.join(d, cve))
984 if os.path.exists(path):984 if os.path.exists(path) and path not in cves:
985 cves.append(path)985 cves.append(path)
986 return cves986 return cves
987987
@@ -1076,24 +1076,26 @@ def load_external_subprojects(strict=False):
1076 if project:1076 if project:
1077 subprojects[subproject].setdefault("customer", project)1077 subprojects[subproject].setdefault("customer", project)
10781078
1079load_external_subprojects()1079 # now ensure they are consistent
1080 global devel_release
1081 for release in subprojects:
1082 details = subprojects[release]
1083 rel = release_alias(release)
1084 # prefer the alias name
1085 all_releases.append(rel)
1086 if details["eol"]:
1087 eol_releases.append(rel)
1088 if "devel" in details and details["devel"]:
1089 if devel_release != "":
1090 raise ValueError("there can be only one ⚔ devel")
1091 devel_release = rel
1092 # ubuntu specific releases
1093 product, _ = product_series(release)
1094 if product == PRODUCT_UBUNTU:
1095 releases.append(rel)
10801096
1081for release in subprojects:
1082 details = subprojects[release]
1083 rel = release_alias(release)
1084 # prefer the alias name
1085 all_releases.append(rel)
1086 if details["eol"]:
1087 eol_releases.append(rel)
1088 if "devel" in details and details["devel"]:
1089 if devel_release != "":
1090 raise ValueError("there can be only one ⚔ devel")
1091 devel_release = rel
1092 # ubuntu specific releases
1093 product, series = product_series(release)
1094 if product == PRODUCT_UBUNTU:
1095 releases.append(rel)
10961097
1098load_external_subprojects()
10971099
1098def release_sort(release_list):1100def release_sort(release_list):
1099 '''takes a list of release names and sorts them in release order1101 '''takes a list of release names and sorts them in release order
@@ -2099,7 +2101,7 @@ def find_cve(cve):
2099# e.g.: git/github.com/gogo/protobuf_gogoprotobuf: needs-triage2101# e.g.: git/github.com/gogo/protobuf_gogoprotobuf: needs-triage
2100# This method should keep supporting existing current format:2102# This method should keep supporting existing current format:
2101# e.g.: bionic_jackson-databind: needs-triage2103# e.g.: bionic_jackson-databind: needs-triage
2102def parse_cve_release_package_field(cve, field, data, value, code, msg, linenum):2104def parse_cve_release_package_field(cvefile, field, data, value, code, msg, linenum):
2103 package = ""2105 package = ""
2104 release = ""2106 release = ""
2105 state = ""2107 state = ""
@@ -2107,14 +2109,14 @@ def parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)
2107 try:2109 try:
2108 release, package = field.split('_', 1)2110 release, package = field.split('_', 1)
2109 except ValueError:2111 except ValueError:
2110 msg += "%s: %d: bad field with '_': '%s'\n" % (cve, linenum, field)2112 msg += "%s: %d: bad field with '_': '%s'\n" % (cvefile, linenum, field)
2111 code = EXIT_FAIL2113 code = EXIT_FAIL
2112 return False, package, release, state, details, code, msg2114 return False, package, release, state, details, code, msg
21132115
2114 try:2116 try:
2115 info = value.split(' ', 1)2117 info = value.split(' ', 1)
2116 except ValueError:2118 except ValueError:
2117 msg += "%s: %d: missing state for '%s': '%s'\n" % (cve, linenum, field, value)2119 msg += "%s: %d: missing state for '%s': '%s'\n" % (cvefile, linenum, field, value)
2118 code = EXIT_FAIL2120 code = EXIT_FAIL
2119 return False, package, release, state, details, code, msg2121 return False, package, release, state, details, code, msg
21202122
@@ -2128,7 +2130,7 @@ def parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)
2128 details = info[1].strip()2130 details = info[1].strip()
21292131
2130 if details.startswith("["):2132 if details.startswith("["):
2131 msg += "%s: %d: %s has details that starts with a bracket: '%s'\n" % (cve, linenum, field, details)2133 msg += "%s: %d: %s has details that starts with a bracket: '%s'\n" % (cvefile, linenum, field, details)
2132 code = EXIT_FAIL2134 code = EXIT_FAIL
2133 return False, package, release, state, details, code, msg2135 return False, package, release, state, details, code, msg
21342136
@@ -2144,19 +2146,19 @@ def parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)
21442146
2145 valid_states = ['needs-triage', 'needed', 'active', 'pending', 'released', 'deferred', 'DNE', 'ignored', 'not-affected']2147 valid_states = ['needs-triage', 'needed', 'active', 'pending', 'released', 'deferred', 'DNE', 'ignored', 'not-affected']
2146 if state not in valid_states:2148 if state not in valid_states:
2147 msg += "%s: %d: %s has unknown state: '%s' (valid states are: %s)\n" % (cve, linenum, field, state,2149 msg += "%s: %d: %s has unknown state: '%s' (valid states are: %s)\n" % (cvefile, linenum, field, state,
2148 ' '.join(valid_states))2150 ' '.join(valid_states))
2149 code = EXIT_FAIL2151 code = EXIT_FAIL
2150 return False, package, release, state, details, code, msg2152 return False, package, release, state, details, code, msg
21512153
2152 # Verify "released" kernels have version details2154 # Verify "released" kernels have version details
2153 #if state == 'released' and package in kernel_srcs and details == '':2155 #if state == 'released' and package in kernel_srcs and details == '':
2154 # msg += "%s: %s_%s has state '%s' but lacks version note\n" % (cve, package, release, state)2156 # msg += "%s: %s_%s has state '%s' but lacks version note\n" % (cvefile, package, release, state)
2155 # code = EXIT_FAIL2157 # code = EXIT_FAIL
21562158
2157 # Verify "active" states have an Assignee2159 # Verify "active" states have an Assignee
2158 if state == 'active' and data['Assigned-to'].strip() == "":2160 if state == 'active' and data['Assigned-to'].strip() == "":
2159 msg += "%s: %d: %s has state '%s' but lacks 'Assigned-to'\n" % (cve, linenum, field, state)2161 msg += "%s: %d: %s has state '%s' but lacks 'Assigned-to'\n" % (cvefile, linenum, field, state)
2160 code = EXIT_FAIL2162 code = EXIT_FAIL
2161 return False, package, release, state, details, code, msg2163 return False, package, release, state, details, code, msg
21622164
@@ -2247,16 +2249,25 @@ def amend_external_subproject_pkg(cve, data, srcmap, amendments, code, msg):
2247 return code, msg2249 return code, msg
22482250
2249 if '_' in field:2251 if '_' in field:
2250 success, pkg, release, state, details, code, msg = parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)2252 success, pkg, rel, state, details, code, msg = parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)
2251 if not success:2253 if not success:
2252 return code, msg2254 return code, msg
22532255
2256 canon, _, _, _ = get_subproject_details(rel)
2257 if canon is None and rel not in ['upstream', 'devel']:
2258 msg += "%s: %d: unknown entry '%s'\n" % (cve, linenum, rel)
2259 code = EXIT_FAIL
2260 return code, msg
2254 data.setdefault("pkgs", dict())2261 data.setdefault("pkgs", dict())
2255 data["pkgs"].setdefault(pkg, dict())2262 data["pkgs"].setdefault(pkg, dict())
2256 srcmap["pkgs"].setdefault(pkg, dict())2263 srcmap["pkgs"].setdefault(pkg, dict())
2257 # override existing release info if it exists2264 if rel in data["pkgs"][pkg]:
2258 data["pkgs"][pkg][release] = [state, details]2265 msg += ("%s: %d: duplicate entry for '%s': original at %s line %d (%s)\n"
2259 srcmap["pkgs"][pkg][release] = (cve, linenum)2266 % (cve, linenum, rel, srcmap['pkgs'][pkg][rel][0], srcmap['pkgs'][pkg][rel][1], data["pkgs"][pkg][rel]))
2267 code = EXIT_FAIL
2268 return code, msg
2269 data["pkgs"][pkg][rel] = [state, details]
2270 srcmap["pkgs"][pkg][rel] = (cve, linenum)
22602271
2261 return code, msg2272 return code, msg
22622273
@@ -2271,7 +2282,7 @@ def load_external_subproject_cve_data(cve, data, srcmap, code, msg):
22712282
2272 return code, msg2283 return code, msg
22732284
2274def load_cve(cve, strict=False, srcmap=None):2285def load_cve(cvefile, strict=False, srcmap=None):
2275 '''Loads a given CVE into:2286 '''Loads a given CVE into:
2276 dict( fields...2287 dict( fields...
2277 'pkgs' -> dict( pkg -> dict( release -> (state, details) ) )2288 'pkgs' -> dict( pkg -> dict( release -> (state, details) ) )
@@ -2298,13 +2309,13 @@ def load_cve(cve, strict=False, srcmap=None):
2298 affected = dict()2309 affected = dict()
2299 lastfield = ""2310 lastfield = ""
2300 fields_seen = []2311 fields_seen = []
2301 if not os.path.exists(cve):2312 if not os.path.exists(cvefile):
2302 raise ValueError("File does not exist: '%s'" % (cve))2313 raise ValueError("File does not exist: '%s'" % cvefile)
2303 linenum = 02314 linenum = 0
2304 notes_parser = NotesParser()2315 notes_parser = NotesParser()
2305 priority_reason = {}2316 priority_reason = {}
2306 cvss_entries = []2317 cvss_entries = []
2307 with codecs.open(cve, encoding="utf-8") as inF:2318 with codecs.open(cvefile, encoding="utf-8") as inF:
2308 lines = inF.readlines()2319 lines = inF.readlines()
2309 for line in lines:2320 for line in lines:
2310 line = line.rstrip()2321 line = line.rstrip()
@@ -2317,7 +2328,7 @@ def load_cve(cve, strict=False, srcmap=None):
2317 try:2328 try:
2318 # parse Notes properly2329 # parse Notes properly
2319 if lastfield == 'Notes':2330 if lastfield == 'Notes':
2320 code, newmsg = notes_parser.parse_line(cve, line, linenum, code)2331 code, newmsg = notes_parser.parse_line(cvefile, line, linenum, code)
2321 if code != EXIT_OKAY:2332 if code != EXIT_OKAY:
2322 msg += newmsg2333 msg += newmsg
2323 elif lastfield.startswith('Priority'):2334 elif lastfield.startswith('Priority'):
@@ -2333,9 +2344,9 @@ def load_cve(cve, strict=False, srcmap=None):
2333 patch_type = patch_type.strip()2344 patch_type = patch_type.strip()
2334 entry = entry.strip()2345 entry = entry.strip()
2335 data['patches'][pkg].append((patch_type, entry))2346 data['patches'][pkg].append((patch_type, entry))
2336 srcmap['patches'][pkg].append((cve, linenum))2347 srcmap['patches'][pkg].append((cvefile, linenum))
2337 except Exception as e:2348 except Exception as e:
2338 msg += "%s: %d: Failed to parse '%s' entry %s: %s\n" % (cve, linenum, lastfield, line, e)2349 msg += "%s: %d: Failed to parse '%s' entry %s: %s\n" % (cvefile, linenum, lastfield, line, e)
2339 code = EXIT_FAIL2350 code = EXIT_FAIL
2340 elif lastfield == 'CVSS':2351 elif lastfield == 'CVSS':
2341 try:2352 try:
@@ -2358,36 +2369,36 @@ def load_cve(cve, strict=False, srcmap=None):
2358 # to a dict first if needed2369 # to a dict first if needed
2359 if type(srcmap["CVSS"]) is tuple:2370 if type(srcmap["CVSS"]) is tuple:
2360 srcmap["CVSS"] = dict()2371 srcmap["CVSS"] = dict()
2361 srcmap["CVSS"].setdefault(cvss['source'], (cve, linenum))2372 srcmap["CVSS"].setdefault(cvss['source'], (cvefile, linenum))
2362 except Exception as e:2373 except Exception as e:
2363 msg += "%s: %d: Failed to parse CVSS: %s\n" % (cve, linenum, e)2374 msg += "%s: %d: Failed to parse CVSS: %s\n" % (cvefile, linenum, e)
2364 code = EXIT_FAIL2375 code = EXIT_FAIL
2365 else:2376 else:
2366 data[lastfield] += '\n%s' % (line[1:])2377 data[lastfield] += '\n%s' % (line[1:])
2367 except KeyError as e:2378 except KeyError as e:
2368 msg += "%s: %d: bad line '%s' (%s)\n" % (cve, linenum, line, e)2379 msg += "%s: %d: bad line '%s' (%s)\n" % (cvefile, linenum, line, e)
2369 code = EXIT_FAIL2380 code = EXIT_FAIL
2370 continue2381 continue
23712382
2372 try:2383 try:
2373 field, value = line.split(':', 1)2384 field, value = line.split(':', 1)
2374 except ValueError as e:2385 except ValueError as e:
2375 msg += "%s: %d: bad line '%s' (%s)\n" % (cve, linenum, line, e)2386 msg += "%s: %d: bad line '%s' (%s)\n" % (cvefile, linenum, line, e)
2376 code = EXIT_FAIL2387 code = EXIT_FAIL
2377 continue2388 continue
23782389
2379 lastfield = field = field.strip()2390 lastfield = field = field.strip()
2380 if field in fields_seen:2391 if field in fields_seen:
2381 msg += "%s: %d: repeated field '%s'\n" % (cve, linenum, field)2392 msg += "%s: %d: repeated field '%s'\n" % (cvefile, linenum, field)
2382 code = EXIT_FAIL2393 code = EXIT_FAIL
2383 else:2394 else:
2384 fields_seen.append(field)2395 fields_seen.append(field)
2385 value = value.strip()2396 value = value.strip()
2386 if field == 'Candidate':2397 if field == 'Candidate':
2387 data.setdefault(field, value)2398 data.setdefault(field, value)
2388 srcmap.setdefault(field, (cve, linenum))2399 srcmap.setdefault(field, (cvefile, linenum))
2389 if value != "" and not value.startswith('CVE-') and not value.startswith('UEM-') and not value.startswith('EMB-'):2400 if value != "" and not value.startswith('CVE-') and not value.startswith('UEM-') and not value.startswith('EMB-'):
2390 msg += "%s: %d: unknown Candidate '%s' (must be /(CVE|UEM|EMB)-/)\n" % (cve, linenum, value)2401 msg += "%s: %d: unknown Candidate '%s' (must be /(CVE|UEM|EMB)-/)\n" % (cvefile, linenum, value)
2391 code = EXIT_FAIL2402 code = EXIT_FAIL
2392 elif 'Priority' in field:2403 elif 'Priority' in field:
2393 # For now, throw away comments on Priority fields2404 # For now, throw away comments on Priority fields
@@ -2397,26 +2408,26 @@ def load_cve(cve, strict=False, srcmap=None):
2397 try:2408 try:
2398 _, pkg = field.split('_', 1)2409 _, pkg = field.split('_', 1)
2399 except ValueError:2410 except ValueError:
2400 msg += "%s: %d: bad field with 'Priority_': '%s'\n" % (cve, linenum, field)2411 msg += "%s: %d: bad field with 'Priority_': '%s'\n" % (cvefile, linenum, field)
2401 code = EXIT_FAIL2412 code = EXIT_FAIL
2402 continue2413 continue
2403 # initially set the priority reason as an empty string - this will2414 # initially set the priority reason as an empty string - this will
2404 # be fixed up later with a real value if one is found2415 # be fixed up later with a real value if one is found
2405 data.setdefault(field, [value, ""])2416 data.setdefault(field, [value, ""])
2406 srcmap.setdefault(field, (cve, linenum))2417 srcmap.setdefault(field, (cvefile, linenum))
2407 if value not in ['untriaged', 'not-for-us'] + priorities:2418 if value not in ['untriaged', 'not-for-us'] + priorities:
2408 msg += "%s: %d: unknown Priority '%s'\n" % (cve, linenum, value)2419 msg += "%s: %d: unknown Priority '%s'\n" % (cvefile, linenum, value)
2409 code = EXIT_FAIL2420 code = EXIT_FAIL
2410 elif 'Patches_' in field:2421 elif 'Patches_' in field:
2411 try:2422 try:
2412 _, pkg = field.split('_', 1)2423 _, pkg = field.split('_', 1)
2413 except ValueError:2424 except ValueError:
2414 msg += "%s: %d: bad field with 'Patches_': '%s'\n" % (cve, linenum, field)2425 msg += "%s: %d: bad field with 'Patches_': '%s'\n" % (cvefile, linenum, field)
2415 code = EXIT_FAIL2426 code = EXIT_FAIL
2416 continue2427 continue
2417 # value should be empty2428 # value should be empty
2418 if len(value) > 0:2429 if len(value) > 0:
2419 msg += "%s: %d: '%s' field should have no value\n" % (cve, linenum, field)2430 msg += "%s: %d: '%s' field should have no value\n" % (cvefile, linenum, field)
2420 code = EXIT_FAIL2431 code = EXIT_FAIL
2421 continue2432 continue
2422 data['patches'].setdefault(pkg, list())2433 data['patches'].setdefault(pkg, list())
@@ -2426,41 +2437,42 @@ def load_cve(cve, strict=False, srcmap=None):
2426 try:2437 try:
2427 _, pkg = field.split('_', 1)2438 _, pkg = field.split('_', 1)
2428 except ValueError:2439 except ValueError:
2429 msg += "%s: %d: bad field with 'Tags_': '%s'\n" % (cve, linenum, field)2440 msg += "%s: %d: bad field with 'Tags_': '%s'\n" % (cvefile, linenum, field)
2430 code = EXIT_FAIL2441 code = EXIT_FAIL
2431 continue2442 continue
2432 data['tags'].setdefault(pkg, set())2443 data['tags'].setdefault(pkg, set())
2433 srcmap['tags'].setdefault(pkg, (cve, linenum))2444 srcmap['tags'].setdefault(pkg, (cvefile, linenum))
2434 for word in value.strip().split(' '):2445 for word in value.strip().split(' '):
2435 if word not in valid_tags:2446 if word not in valid_tags:
2436 msg += "%s: %d: invalid tag '%s': '%s'\n" % (cve, linenum, word, field)2447 msg += "%s: %d: invalid tag '%s': '%s'\n" % (cvefile, linenum, word, field)
2437 code = EXIT_FAIL2448 code = EXIT_FAIL
2438 continue2449 continue
2439 data['tags'][pkg].add(word)2450 data['tags'][pkg].add(word)
2440 elif '_' in field:2451 elif '_' in field:
2441 success, pkg, rel, state, details, code, msg = parse_cve_release_package_field(cve, field, data, value, code, msg, linenum)2452 success, pkg, rel, state, details, code, msg = parse_cve_release_package_field(cvefile, field, data, value, code, msg, linenum)
2442 if not success:2453 if not success:
2443 assert(code == EXIT_FAIL)2454 assert(code == EXIT_FAIL)
2444 continue2455 continue
2445 canon, _, _, _ = get_subproject_details(rel)2456 canon, _, _, _ = get_subproject_details(rel)
2446 if canon is None and rel not in ['upstream', 'devel']:2457 if canon is None and rel not in ['upstream', 'devel']:
2447 msg += "%s: %d: unknown entry '%s'\n" % (cve, linenum, rel)2458 msg += "%s: %d: unknown entry '%s'\n" % (cvefile, linenum, rel)
2448 code = EXIT_FAIL2459 code = EXIT_FAIL
2449 continue2460 continue
2450 affected.setdefault(pkg, dict())2461 affected.setdefault(pkg, dict())
2451 if rel in affected[pkg]:2462 if rel in affected[pkg]:
2452 msg += "%s: %d: duplicate entry for '%s': original at line %d\n" % (cve, linenum, rel, srcmap['pkgs'][pkg][rel][1])2463 msg += ("%s: %d: duplicate entry for '%s': original at %s line %d\n"
2464 % (cvefile, linenum, rel, srcmap['pkgs'][pkg][rel][0], srcmap['pkgs'][pkg][rel][1]))
2453 code = EXIT_FAIL2465 code = EXIT_FAIL
2454 continue2466 continue
2455 affected[pkg].setdefault(rel, [state, details])2467 affected[pkg].setdefault(rel, [state, details])
2456 srcmap['pkgs'].setdefault(pkg, dict())2468 srcmap['pkgs'].setdefault(pkg, dict())
2457 srcmap['pkgs'][pkg].setdefault(rel, (cve, linenum))2469 srcmap['pkgs'][pkg].setdefault(rel, (cvefile, linenum))
2458 elif field not in required_fields + extra_fields:2470 elif field not in required_fields + extra_fields:
2459 msg += "%s: %d: unknown field '%s'\n" % (cve, linenum, field)2471 msg += "%s: %d: unknown field '%s'\n" % (cvefile, linenum, field)
2460 code = EXIT_FAIL2472 code = EXIT_FAIL
2461 else:2473 else:
2462 data.setdefault(field, value)2474 data.setdefault(field, value)
2463 srcmap.setdefault(field, (cve, linenum))2475 srcmap.setdefault(field, (cvefile, linenum))
24642476
2465 data['Notes'] = notes_parser.finalize()2477 data['Notes'] = notes_parser.finalize()
2466 data['CVSS'] = cvss_entries2478 data['CVSS'] = cvss_entries
@@ -2468,28 +2480,28 @@ def load_cve(cve, strict=False, srcmap=None):
2468 # Check for required fields2480 # Check for required fields
2469 for field in required_fields:2481 for field in required_fields:
2470 # boilerplate files are special and can (should?) be empty2482 # boilerplate files are special and can (should?) be empty
2471 nonempty = [] if "boilerplate" in cve else ['Candidate']2483 nonempty = [] if "boilerplate" in cvefile else ['Candidate']
2472 if strict:2484 if strict:
2473 nonempty += ['PublicDate']2485 nonempty += ['PublicDate']
24742486
2475 if field not in data or field not in fields_seen:2487 if field not in data or field not in fields_seen:
2476 msg += "%s: %d: missing field '%s'\n" % (cve, linenum, field)2488 msg += "%s: %d: missing field '%s'\n" % (cvefile, linenum, field)
2477 code = EXIT_FAIL2489 code = EXIT_FAIL
2478 elif field in nonempty and data[field].strip() == "":2490 elif field in nonempty and data[field].strip() == "":
2479 msg += "%s: %d: required field '%s' is empty\n" % (cve, linenum, field)2491 msg += "%s: %d: required field '%s' is empty\n" % (cvefile, linenum, field)
2480 code = EXIT_FAIL2492 code = EXIT_FAIL
24812493
2482 # Fill in defaults for missing fields2494 # Fill in defaults for missing fields
2483 if 'Priority' not in data:2495 if 'Priority' not in data:
2484 data.setdefault('Priority', ['untriaged'])2496 data.setdefault('Priority', ['untriaged'])
2485 srcmap.setdefault('Priority', (cve, 1))2497 srcmap.setdefault('Priority', (cvefile, 1))
2486 # Perform override fields2498 # Perform override fields
2487 if 'PublicDateAtUSN' in data:2499 if 'PublicDateAtUSN' in data:
2488 data['PublicDate'] = data['PublicDateAtUSN']2500 data['PublicDate'] = data['PublicDateAtUSN']
2489 srcmap['PublicDate'] = srcmap['PublicDateAtUSN']2501 srcmap['PublicDate'] = srcmap['PublicDateAtUSN']
2490 if 'CRD' in data and data['CRD'].strip() != '' and data['PublicDate'] != data['CRD']:2502 if 'CRD' in data and data['CRD'].strip() != '' and data['PublicDate'] != data['CRD']:
2491 if cve.startswith("embargoed"):2503 if cvefile.startswith("embargoed"):
2492 print("%s: %d: adjusting PublicDate to use CRD: %s" % (cve, linenum, data['CRD']), file=sys.stderr)2504 print("%s: %d: adjusting PublicDate to use CRD: %s" % (cvefile, linenum, data['CRD']), file=sys.stderr)
2493 data['PublicDate'] = data['CRD']2505 data['PublicDate'] = data['CRD']
2494 srcmap['PublicDate'] = srcmap['CRD']2506 srcmap['PublicDate'] = srcmap['CRD']
24952507
@@ -2510,12 +2522,12 @@ def load_cve(cve, strict=False, srcmap=None):
2510 if rel not in external_releases:2522 if rel not in external_releases:
2511 needs_upstream = True2523 needs_upstream = True
2512 if needs_upstream and 'upstream' not in affected[pkg]:2524 if needs_upstream and 'upstream' not in affected[pkg]:
2513 msg += "%s: %d: missing upstream '%s'\n" % (cve, linenum, pkg)2525 msg += "%s: %d: missing upstream '%s'\n" % (cvefile, linenum, pkg)
2514 code = EXIT_FAIL2526 code = EXIT_FAIL
25152527
2516 data['pkgs'] = affected2528 data['pkgs'] = affected
25172529
2518 code, msg = load_external_subproject_cve_data(cve, data, srcmap, code, msg)2530 code, msg = load_external_subproject_cve_data(cvefile, data, srcmap, code, msg)
25192531
2520 if code != EXIT_OKAY:2532 if code != EXIT_OKAY:
2521 raise ValueError(msg.strip())2533 raise ValueError(msg.strip())

Subscribers

People subscribed via source and target branches