Ubuntu CVE Tracker

Merge ~emitorino/ubuntu-cve-tracker:updating_report_scripts into ubuntu-cve-tracker:master

  1. Git
  2. lp:~emitorino/ubuntu-cve-tracker
  3. updating_report_scripts
  4. Merge into master
Proposed by Emilia Torino
Status: Merged
Approved by: Steve Beattie
Approved revision: 354d0564810778b9bb57dc359d8bc14bb7236448
Merge reported by: Emilia Torino
Merged at revision: 6cb9aebd7ea22b56236809f7424cd0c3a8ca1673
Proposed branch: ~emitorino/ubuntu-cve-tracker:updating_report_scripts
Merge into: ubuntu-cve-tracker:master
Diff against target: 87 lines (+14/-16)
2 files modified
scripts/report_universe_cves.py (+9/-12)
scripts/report_usns_and_cves_including_universe (+5/-4)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+375118@code.launchpad.net

Commit message

Existing scripts to report USNs & CVEs including main + universe did not have a --before option. So I am adding --before to the main bash file as well as to the supporting report_universe_cves python script

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

It might be useful to support passing a friendlier time format, but that's a bit out of scope for this feature. One comment below; otherwise, LGTM.

Thanks.

review: Approve
Revision history for this message
Steve Beattie (sbeattie) wrote :

Okay, I managed to not save my inline comment, and now lp won't let me add one.

All I pointed out was that, because you already set a default in the add_argument() call, you don't need to do the if else logic around args.before (becuase args.before will always be set); you can just assign before_date the value (or choose to use args.before directly).

Thanks.

~emitorino/ubuntu-cve-tracker:updating_report_scripts updated
798f47b... by Emilia Torino

adding code review suggestions

93c0a17... by Emilia Torino

merge

6cb9aeb... by Emilia Torino

removing --before arg validation as we have the default value

Revision history for this message
Emilia Torino (emitorino) wrote :

> It might be useful to support passing a friendlier time format, but that's a
> bit out of scope for this feature. One comment below; otherwise, LGTM.

Yeah, I agree. I did it this way as other scripts work that way as well. An option would be to ask for releases names and then lookup in the release_stamps dict from cve_lib.py.

I will add a card to our trello

Thanks!

> Thanks.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/report_universe_cves.py b/scripts/report_universe_cves.py
2index 98876bc..c5fd172 100755
3--- a/scripts/report_universe_cves.py
4+++ b/scripts/report_universe_cves.py
5@@ -20,12 +20,13 @@ import os
6 import glob
7 import sys
8 import subprocess
9+import time
10
11 arg_parser = argparse.ArgumentParser(description='Counts CVEs for trusty/esm')
12-group = arg_parser.add_mutually_exclusive_group(required=True)
13-group.add_argument('-a', '--all-time', action='store_true', help="get all CVEs since ESM inception")
14-group.add_argument('-s', '--since', action='store', help="Report only CVEs fixed after this date (in seconds "
15+arg_parser.add_argument('-s', '--since', action='store', help="Report only CVEs fixed after this date (in seconds "
16 "from UTC)", default=0)
17+arg_parser.add_argument('-b', '--before', action='store', help="Report only CVEs fixed before this date (in seconds "
18+ "from UTC)", default=time.time())
19 args, extra_arg = arg_parser.parse_known_args()
20 release = extra_arg[0]
21
22@@ -44,21 +45,17 @@ if not os.path.isdir(private_esm_dir):
23 os.chdir(private_esm_dir)
24 private_cves = [f for f in glob.glob1(".", "CVE-*")]
25 report_cves=[]
26-if args.since:
27- since_date = args.since
28-else:
29- since_date = 0
30
31 for cve in private_cves:
32 if os.path.isfile('../esm-universe/' + cve):
33 if release in open('../esm-universe/' + cve).read():
34- args = ['git', 'log', '-1', '--format=%at', '../esm-universe/' + cve]
35+ cmd_args = ['git', 'log', '-1', '--format=%at', '../esm-universe/' + cve]
36 else:
37- args = ['git', 'log', '-1', '--format=%at', cve]
38+ cmd_args = ['git', 'log', '-1', '--format=%at', cve]
39 else:
40- args = ['git', 'log', '-1', '--format=%at', cve]
41- cve_creation_timestamp = subprocess.check_output(args)
42- if cve_creation_timestamp >= since_date:
43+ cmd_args = ['git', 'log', '-1', '--format=%at', cve]
44+ cve_creation_timestamp = float(subprocess.check_output(cmd_args))
45+ if float(args.since) <= cve_creation_timestamp <= float(args.before):
46 report_cves.append(cve)
47
48 print "Total CVEs fixed for %s ESM universe: %d" % (release, len(report_cves))
49diff --git a/scripts/report_usns_and_cves_including_universe b/scripts/report_usns_and_cves_including_universe
50index de63315..c155b1c 100644
51--- a/scripts/report_usns_and_cves_including_universe
52+++ b/scripts/report_usns_and_cves_including_universe
53@@ -27,11 +27,13 @@ EOM
54 }
55
56 since=0
57+before=$( date +%s )
58 details="no"
59-while getopts "hdr:s:" opt ; do
60+while getopts "hdr:s:b:" opt ; do
61 case "$opt" in
62 r) release_name="$OPTARG";;
63 s) since="$OPTARG";;
64+ b) before="$OPTARG";;
65 d) details="yes";;
66 h) help ; exit 0;;
67 ?) help ; exit 1;;
68@@ -50,9 +52,8 @@ IFS=':'
69
70 # cd to $UCT directory if not there already
71 cd $UCT
72-
73 #Get main USNs and CVEs stats.
74-MAIN_USNS_AND_CVES=$(./scripts/report-fixes-by-usn.py "${release_name}" --since "${since}" --summary 2>&1)
75+MAIN_USNS_AND_CVES=$(./scripts/report-fixes-by-usn.py "${release_name}" --since "${since}" --before "${before}" --summary 2>&1)
76 while read -r line; do
77 read -ra ADDR <<< "$line"
78 if [ "${ADDR[0]}" == "CVEs" ]; then
79@@ -65,7 +66,7 @@ while read -r line; do
80 done <<< "$MAIN_USNS_AND_CVES"
81
82 #Universe CVEs are not present in USNs so we need to query them separately
83-UNIVERSE_CVES_INFO=$(./scripts/report_universe_cves.py "${release_name}" --since "${since}"2>&1)
84+UNIVERSE_CVES_INFO=$(./scripts/report_universe_cves.py "${release_name}" --since "${since}" --before "${before}"2>&1)
85 while read -r line; do
86 read -ra ADDR <<< "$line"
87 if [ "${ADDR[0]}" == "CVEs" ]; then

Subscribers

People subscribed via source and target branches