Merge into master : fix-pyright-warnings-in-check-cves : lp:~alexmurray/ubuntu-cve-tracker : Git : Code : Ubuntu CVE Tracker

Status:	Merged
Merged at revision:	9ede61eeb5252dfdeea967aac5d56debd84c78f0
Proposed branch:	~alexmurray/ubuntu-cve-tracker:fix-pyright-warnings-in-check-cves
Merge into:	ubuntu-cve-tracker:master
Diff against target:	110 lines (+13/-10) 1 file modified scripts/check-cves (+13/-10)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Steve Beattie		2024-03-18	Approve on 2024-03-18
Review via email: mp+462558@code.launchpad.net

This proposal supersedes a proposal from 2024-03-18.

Description of the change

scripts/check-cves: fix a bunch of pyright warnings

Before:

    ± pyright scripts/check-cves
    /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:211:32 - error: Object of type "str" is not callable (reportCallIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:252:37 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/DSA/list']"
        Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/DSA/list']"
        Operator "+" not supported for types "list[Unknown]" and "Literal['/data/DSA/list']" (reportOperatorIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:326:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
        "function" is incompatible with "str" (reportArgumentType)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:414:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
        "function" is incompatible with "str" (reportArgumentType)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:497:32 - error: Argument of type "(c: Unknown) -> str" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
        "function" is incompatible with "str" (reportArgumentType)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:597:52 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/CVE/list']"
        Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/CVE/list']"
        Operator "+" not supported for types "list[Unknown]" and "Literal['/data/CVE/list']" (reportOperatorIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:780:49 - error: Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "str | None"
        Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "None" (reportOperatorIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:786:30 - error: "split" is not a known member of "None" (reportOptionalMemberAccess)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:27 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:59 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1474:20 - error: "_exceptions" is not a known member of module "xml.sax" (reportAttributeAccessIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1622:39 - error: Argument of type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to parameter "file" of type "TextIO" in function "display_cve"
        Type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to type "TextIO"
          "_TemporaryFileWrapper[str]" is incompatible with "TextIO" (reportArgumentType)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1631:39 - error: Argument of type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to parameter "file" of type "TextIO" in function "display_cve"
        Type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to type "TextIO"
          "_TemporaryFileWrapper[str]" is incompatible with "TextIO" (reportArgumentType)
    13 errors, 0 warnings, 0 informations

After:

    ± pyright scripts/check-cves
    /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:253:37 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/DSA/list']"
        Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/DSA/list']"
        Operator "+" not supported for types "list[Unknown]" and "Literal['/data/DSA/list']" (reportOperatorIssue)
      /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:598:52 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/CVE/list']"
        Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/CVE/list']"
        Operator "+" not supported for types "list[Unknown]" and "Literal['/data/CVE/list']" (reportOperatorIssue)
    2 errors, 0 warnings, 0 informations

Signed-off-by: Alex Murray <email address hidden>

Revision history for this message

Steve Beattie (sbeattie) wrote on 2024-03-18:

#

Download full text (5.7 KiB)

review approve

On Mon, Mar 18, 2024 at 01:26:18AM -0000, Alex Murray wrote:
> scripts/check-cves: fix a bunch of pyright warnings
>
> Before:
>
> ± pyright scripts/check-cves
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:211:32 - error: Object of type "str" is not callable (reportCallIssue)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:252:37 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/DSA/list']"
> Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/DSA/list']"
> Operator "+" not supported for types "list[Unknown]" and "Literal['/data/DSA/list']" (reportOperatorIssue)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:326:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
> "function" is incompatible with "str" (reportArgumentType)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:414:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
> "function" is incompatible with "str" (reportArgumentType)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:497:32 - error: Argument of type "(c: Unknown) -> str" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
> "function" is incompatible with "str" (reportArgumentType)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:597:52 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/CVE/list']"
> Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/CVE/list']"
> Operator "+" not supported for types "list[Unknown]" and "Literal['/data/CVE/list']" (reportOperatorIssue)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:780:49 - error: Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "str | None"
> Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "None" (reportOperatorIssue)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:786:30 - error: "split" is not a known member of "None" (reportOptionalMemberAccess)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:27 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:59 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1474:20 - error: "_exceptions" is not a known member of module "xml.sax" (reportAttributeAccessIssue)
> /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1622:39 - error: Argument of type "_Temporar...

review approve

On Mon, Mar 18, 2024 at 01:26:18AM -0000, Alex Murray wrote:
>     scripts/check-cves: fix a bunch of pyright warnings
> 
>     Before:
> 
>     ± pyright scripts/check-cves
>     /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:211:32 - error: Object of type "str" is not callable (reportCallIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:252:37 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/DSA/list']"
>         Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/DSA/list']"
>         Operator "+" not supported for types "list[Unknown]" and "Literal['/data/DSA/list']" (reportOperatorIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:326:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
>         "function" is incompatible with "str" (reportArgumentType)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:414:32 - error: Argument of type "(cve: Unknown) -> Unknown" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
>         "function" is incompatible with "str" (reportArgumentType)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:497:32 - error: Argument of type "(c: Unknown) -> str" cannot be assigned to parameter "desc" of type "str" in function "convert_to_nvd"
>         "function" is incompatible with "str" (reportArgumentType)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:597:52 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/CVE/list']"
>         Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/CVE/list']"
>         Operator "+" not supported for types "list[Unknown]" and "Literal['/data/CVE/list']" (reportOperatorIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:780:49 - error: Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "str | None"
>         Operator "not in" not supported for types "Literal['Previously triaged as ignored in Ubuntu\n\n']" and "None" (reportOperatorIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:786:30 - error: "split" is not a known member of "None" (reportOptionalMemberAccess)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:27 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:791:59 - error: "find" is not a known member of "None" (reportOptionalMemberAccess)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1474:20 - error: "_exceptions" is not a known member of module "xml.sax" (reportAttributeAccessIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1622:39 - error: Argument of type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to parameter "file" of type "TextIO" in function "display_cve"
>         Type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to type "TextIO"
>           "_TemporaryFileWrapper[str]" is incompatible with "TextIO" (reportArgumentType)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:1631:39 - error: Argument of type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to parameter "file" of type "TextIO" in function "display_cve"
>         Type "_TemporaryFileWrapper[str] | TextIO" cannot be assigned to type "TextIO"
>           "_TemporaryFileWrapper[str]" is incompatible with "TextIO" (reportArgumentType)
>     13 errors, 0 warnings, 0 informations
> 
>     After:
> 
>     ± pyright scripts/check-cves
>     /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:253:37 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/DSA/list']"
>         Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/DSA/list']"
>         Operator "+" not supported for types "list[Unknown]" and "Literal['/data/DSA/list']" (reportOperatorIssue)
>       /home/amurray/ubuntu/git/ubuntu-cve-tracker/scripts/check-cves:598:52 - error: Operator "+" not supported for types "str | Unknown | list[str | Unknown] | list[Unknown]" and "Literal['/data/CVE/list']"
>         Operator "+" not supported for types "list[str | Unknown]" and "Literal['/data/CVE/list']"
>         Operator "+" not supported for types "list[Unknown]" and "Literal['/data/CVE/list']" (reportOperatorIssue)
>     2 errors, 0 warnings, 0 informations
> 
>     Signed-off-by: Alex Murray <alex.murray@canonical.com>

Thanks for including the pyright output to explain what's going on,
though I suspect some of these are pycodestyle fixups. But adding more
typing information would be good.

> diff --git a/scripts/check-cves b/scripts/check-cves
> index e5cf20f..940d2d1 100755
> --- a/scripts/check-cves
> +++ b/scripts/check-cves
> @@ -183,7 +184,7 @@ class PercentageFile(object):
>          return self.f.close()
>  
>  
> -def convert_to_nvd(cves=[], desc=""):
> +def convert_to_nvd(cves=[], desc=lambda _: ""):

While the type hint is appreciated, that the argument named desc
is expected to be a function and not a string is a surprise to me,
and feels like it should be renamed or at the very least have an
explanatory comment. But that's not a blocker for landing this branch.

-- 
Steve Beattie
<sbeattie@ubuntu.com>

review: Approve

1	diff --git a/scripts/check-cves b/scripts/check-cves
2	index e5cf20f..940d2d1 100755
3	--- a/scripts/check-cves
4	+++ b/scripts/check-cves
5	@@ -16,6 +16,7 @@
6
7
8	from datetime import datetime, timezone, date as datetime_date
9	+import typing
10	import json
11	import math
12	import argparse
13	@@ -183,7 +184,7 @@ class PercentageFile(object):
14	return self.f.close()
15
16
17	-def convert_to_nvd(cves=[], desc=""):
18	+def convert_to_nvd(cves=[], desc=lambda _: ""):
19	# convert to nvd format dict (like nvd json)
20	nvd = {"CVE_data_type": "CVE",
21	"CVE_data_format": "MITRE",
22	@@ -335,7 +336,7 @@ def import_debian(handler):
23	class RHEL8OVALHandler(xml.sax.handler.ContentHandler):
24	"""SAX handler for processing rhel8 OVAL XML."""
25
26	- def __init__(self, ignore=[]):
27	+ def __init__(self):
28	# For per-hit processing
29	self._curr_vuln = None
30	self._curr_cve = None
31	@@ -513,7 +514,7 @@ def read_mbox_file(f):
32	sys.exit(1)
33
34	child = subprocess.Popen(['./scripts/locate_cves.py', f], stdout=subprocess.PIPE, universal_newlines=True)
35	- out, err = child.communicate()
36	+ out, _ = child.communicate()
37
38	tmp = tempfile.NamedTemporaryFile(mode='w', prefix='mbox-import_', suffix='.out', delete=False)
39	tmpname = tmp.name
40	@@ -675,7 +676,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
41	try:
42	for ref in cve["references"]["reference_data"]:
43	self.curr_refs += [(ref["refsource"], ref["name"], ref["url"])]
44	- except:
45	+ except Exception:
46	pass
47
48	# find an english description
49	@@ -776,6 +777,8 @@ class CVEHandler(xml.sax.handler.ContentHandler):
50	self.curr_refs += [(self.curr_source, self.curr_chars, self.curr_url)]
51
52	def handle_cve(self):
53	+ if not self.curr_cve or not self.curr_desc:
54	+ return
55	# Skip CVEs we know about already unless this is a mistriaged CVE
56	if self.curr_cve in self.cve_ignore and mistriaged_hint not in self.curr_desc:
57	return
58	@@ -842,7 +845,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
59
60	return external_subprojects
61
62	- def display_cve(self, cve, file=sys.stdout, line_prefix=None, wrap_desc=False):
63	+ def display_cve(self, cve, file: typing.IO=sys.stdout, line_prefix=None, wrap_desc=False):
64	class CVEOutput:
65	def __init__(self, file, line_prefix=None):
66	self.file = file
67	@@ -904,7 +907,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
68	print(f' Ubuntu: {pkg} \| {answer[name][pkg]} \| {name}')
69	# no debian info, display possible commented ignore command when
70	# using command file (i.e. wrap_desc is true)
71	- if (self.debian[cve]['state'] == 'RESERVED' or self.debian[cve]['state'] == None) and wrap_desc:
72	+ if (self.debian[cve]['state'] == 'RESERVED' or self.debian[cve]['state'] is None) and wrap_desc:
73	proposed_ignore = self.ignore_suggestion.get_ignore_suggestion(self.cve_data[cve]['desc'])
74	print(f'{cve} ignore "{proposed_ignore}"')
75	# debian rejected, so offer to reject by ignoring when using command file (i.e. wrap_desc is true)
76	@@ -1009,7 +1012,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
77
78	def human_process_cve(self, cve, action='skip', reason='', package=''):
79	info = ''
80	- while info == "" or not info[0] in ['i', 'a', 's', 'q', 'r']:
81	+ while info == "" or info[0] not in ['i', 'a', 's', 'q', 'r']:
82	prompt_user(f'\nA]dd (or R]epeat), I]gnore forever, S]kip for now, or Q]uit? [{action}] ')
83	info = sys.stdin.readline().strip().lower()
84	if info == "":
85	@@ -1140,7 +1143,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
86	except IndexError:
87	raise ValueError(f'Invalid add command on line {line_num}:\n{orig_line}')
88
89	- if not priority in cve_lib.priorities and not priority == 'untriaged':
90	+ if priority not in cve_lib.priorities and not priority == 'untriaged':
91	raise ValueError(f'Invalid priority on line {line_num}:\n{orig_line}')
92
93	if os.path.exists(f'{destdir}/active/{cve}'):
94	@@ -1471,7 +1474,7 @@ for uri in args.uris:
95	handler.parse_json(readable)
96	else:
97	parser.parse(readable)
98	- except xml.sax._exceptions.SAXParseException as e:
99	+ except xml.sax.SAXParseException as e:
100	print(f"\n\nWARNING: {uri} is malformed:\n{e}")
101	print("Aborting", file=sys.stderr)
102	sys.exit(1)
103	@@ -1496,7 +1499,7 @@ def refresh_cves(cve_refresh_list, full_refresh=True):
104	desc = _wrap_desc(handler.cve_data[cve]['desc'].strip())
105	public = handler.cve_data[cve]['public']
106	cvsss = handler.cve_data[cve]['cvss']
107	- except:
108	+ except Exception:
109	if args.verbose:
110	print(f'{cve} not listed in XML', file=sys.stderr)
111

Ubuntu CVE Tracker

Merge ~alexmurray/ubuntu-cve-tracker:fix-pyright-warnings-in-check-cves into ubuntu-cve-tracker:master

Commit message

Description of the change

Preview Diff

Subscribers