Ubuntu CVE Tracker

Merge ~emitorino/ubuntu-cve-tracker:indent_text_when_displaying_cve_information into ubuntu-cve-tracker:master

  1. Git
  2. lp:~emitorino/ubuntu-cve-tracker
  3. indent_text_when_displaying_cve_information
  4. Merge into master
Proposed by Emilia Torino
Status: Merged
Merged at revision: fbad42fefcf9e7bd42f30558dd73f4f84967aab4
Proposed branch: ~emitorino/ubuntu-cve-tracker:indent_text_when_displaying_cve_information
Merge into: ubuntu-cve-tracker:master
Diff against target: 32 lines (+5/-2)
1 file modified
scripts/detect_priorities_mismatches.py (+5/-2)
Reviewer Review Type Date Requested Status
Steve Beattie Pending
Ubuntu Security Team Pending
Review via email: mp+463519@code.launchpad.net

Commit message

- scripts/detect_priorities_mismatches.py: indent text to avoid being interpreted as a cmd

Description of the change

This change aims to fix the issue described in https://code.launchpad.net/~emitorino/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/459935/comments/1243925, where a CVE description including a character like * is interpreted as a command and failed.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/detect_priorities_mismatches.py b/scripts/detect_priorities_mismatches.py
2index 0d249da..f38ee5b 100755
3--- a/scripts/detect_priorities_mismatches.py
4+++ b/scripts/detect_priorities_mismatches.py
5@@ -52,7 +52,6 @@ def process_command_file(cves_output_content):
6 invalid_lines = dict()
7 for line in cves_output_content.readlines():
8 line_number += 1
9- line = line.strip()
10
11 # We only want to action on lines starting with *
12 if not line or not line.startswith('*'):
13@@ -186,6 +185,10 @@ def spawn_editor(path):
14 subprocess.call([editor, path])
15
16
17+def indent_content(text):
18+ return text.replace("\n", "\n ")
19+
20+
21 if __name__ == "__main__":
22 parser = argparse.ArgumentParser()
23 parser.add_argument(
24@@ -268,7 +271,7 @@ if __name__ == "__main__":
25 for index, cve in enumerate(cves_with_mismatches):
26 # Provide basic CVE metadata
27 output.write(f"\n\n=========== {index + 1}/{total_cves_to_process}: {cve} ===========")
28- output.write(f"{cves_with_mismatches[cve]['Description']}")
29+ output.write(f" {indent_content(cves_with_mismatches[cve]['Description'])}")
30 output.write(f"\n- Public Date: {cves_with_mismatches[cve]['PublicDate']}")
31 output.write(f"\n- Ubuntu Priority: {cves_with_mismatches[cve]['Priority'][0]} || CVSS Severity: {get_cvss_base_severity(cves_with_mismatches[cve]['CVSS'])}")
32 output.write(f"\n- Affected packages: {', '.join(cves_with_mismatches[cve]['pkgs'].keys())}")

Subscribers

People subscribed via source and target branches