Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:fix-lp-2028915-by-moving-priority-reason-checking-to-check-syntax into ubuntu-cve-tracker:master

  1. Git
  2. lp:~alexmurray/ubuntu-cve-tracker
  3. fix-lp-2028915-by-moving-priority-reason-checking-to-check-syntax
  4. Merge into master
Proposed by Alex Murray
Status: Needs review
Proposed branch: ~alexmurray/ubuntu-cve-tracker:fix-lp-2028915-by-moving-priority-reason-checking-to-check-syntax
Merge into: ubuntu-cve-tracker:master
Diff against target: 57 lines (+14/-7)
2 files modified
scripts/check-syntax (+14/-0)
scripts/cve_lib.py (+0/-7)
Reviewer Review Type Date Requested Status
Steve Beattie Pending
Review via email: mp+447968@code.launchpad.net

Description of the change

Quick change to move priority reason checking out of cve_lib and into check-syntax as per https://bugs.launchpad.net/ubuntu-cve-tracker/+bug/2028915

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Should we revive and rebase this PR?

Reply
Revision history for this message
Alex Murray (alexmurray) wrote :

I have rebased this on current master but I suspect it will be redundant now that we are redoing all the work to rebase priority checking on NVD CVSS as per https://code.launchpad.net/~emitorino/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/459935

Reply

Unmerged commits

c0ceaff... by Alex Murray

scripts: move priority reason checking to check-syntax (LP: #2028915)

Signed-off-by: Alex Murray <email address hidden>

Failed
[SUCCEEDED] unit-tests:0 (build)
[FAILED] check-cves:0 (build)
12 of 2 results FirstPreviousNextLast

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-syntax b/scripts/check-syntax
2index 3d7ee58..ba0aab7 100755
3--- a/scripts/check-syntax
4+++ b/scripts/check-syntax
5@@ -52,6 +52,9 @@ required_fields = [
6 'Ubuntu-Description',
7 ]
8
9+PRIORITY_REASON_REQUIRED = ["low", "high", "critical"]
10+PRIORITY_REASON_DATE_START = "2023-07-11"
11+
12 def CVEs_from_CNA():
13 """Returns a dict of CVEs assigned from the README in the embargoed cna
14 directory, using a space and text after CVE-NNNN-NNNN as indicator of
15@@ -442,6 +445,17 @@ def check_cve(cve):
16 )
17 cve_okay = False
18
19+ if data["PublicDate"] > PRIORITY_REASON_DATE_START and \
20+ data["Priority"][0] in PRIORITY_REASON_REQUIRED and not data["Priority"][1]:
21+ filename = srcmap["Priority"][0]
22+ linenum = srcmap["Priority"][1]
23+ print(
24+ "%s: %d: needs a reason for being '%s'"
25+ % (filename, linenum, data["Priority"][0]),
26+ file=sys.stderr,
27+ )
28+ cve_okay = False
29+
30 supported = []
31 for pkg in sorted(data["pkgs"].keys()):
32 # Verify have required releases for each package
33diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
34index a4690dd..4081ca0 100755
35--- a/scripts/cve_lib.py
36+++ b/scripts/cve_lib.py
37@@ -64,8 +64,6 @@ else:
38 boilerplates_dir = "boilerplates"
39
40 PRODUCT_UBUNTU = "ubuntu"
41-PRIORITY_REASON_REQUIRED = ["low", "high", "critical"]
42-PRIORITY_REASON_DATE_START = "2023-07-11"
43
44 # common to all scripts
45 # these get populated by the contents of subprojects defined below
46@@ -2403,11 +2401,6 @@ def load_cve(cve, strict=False, srcmap=None):
47 data['PublicDate'] = data['CRD']
48 srcmap['PublicDate'] = srcmap['CRD']
49
50- if data["PublicDate"] > PRIORITY_REASON_DATE_START and \
51- data["Priority"][0] in PRIORITY_REASON_REQUIRED and not priority_reason:
52- linenum = srcmap["Priority"][1]
53- msg += "%s: %d: needs a reason for being '%s'\n" % (cve, linenum, data["Priority"][0])
54- code = EXIT_FAIL
55 for item in priority_reason:
56 field = 'Priority' if not item else 'Priority_' + item
57 data[field][1] = ' '.join(priority_reason[item])

Subscribers

People subscribed via source and target branches