Ubuntu CVE Tracker

Merge ~emitorino/ubuntu-cve-tracker:indent_text_when_displaying_cve_information into ubuntu-cve-tracker:master

  1. Git
  2. lp:~emitorino/ubuntu-cve-tracker
  3. indent_text_when_displaying_cve_information
  4. Merge into master
Proposed by Emilia Torino
Status: Merged
Merged at revision: fbad42fefcf9e7bd42f30558dd73f4f84967aab4
Proposed branch: ~emitorino/ubuntu-cve-tracker:indent_text_when_displaying_cve_information
Merge into: ubuntu-cve-tracker:master
Diff against target: 32 lines (+5/-2)
1 file modified
scripts/detect_priorities_mismatches.py (+5/-2)
Reviewer Review Type Date Requested Status
Steve Beattie Pending
Ubuntu Security Team Pending
Review via email: mp+463519@code.launchpad.net

Commit message

- scripts/detect_priorities_mismatches.py: indent text to avoid being interpreted as a cmd

Description of the change

This change aims to fix the issue described in https://code.launchpad.net/~emitorino/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/459935/comments/1243925, where a CVE description including a character like * is interpreted as a command and failed.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/detect_priorities_mismatches.py b/scripts/detect_priorities_mismatches.py
index 0d249da..f38ee5b 100755
--- a/scripts/detect_priorities_mismatches.py
+++ b/scripts/detect_priorities_mismatches.py
@@ -52,7 +52,6 @@ def process_command_file(cves_output_content):
52 invalid_lines = dict()52 invalid_lines = dict()
53 for line in cves_output_content.readlines():53 for line in cves_output_content.readlines():
54 line_number += 154 line_number += 1
55 line = line.strip()
5655
57 # We only want to action on lines starting with *56 # We only want to action on lines starting with *
58 if not line or not line.startswith('*'):57 if not line or not line.startswith('*'):
@@ -186,6 +185,10 @@ def spawn_editor(path):
186 subprocess.call([editor, path])185 subprocess.call([editor, path])
187186
188187
188def indent_content(text):
189 return text.replace("\n", "\n ")
190
191
189if __name__ == "__main__":192if __name__ == "__main__":
190 parser = argparse.ArgumentParser()193 parser = argparse.ArgumentParser()
191 parser.add_argument(194 parser.add_argument(
@@ -268,7 +271,7 @@ if __name__ == "__main__":
268 for index, cve in enumerate(cves_with_mismatches):271 for index, cve in enumerate(cves_with_mismatches):
269 # Provide basic CVE metadata272 # Provide basic CVE metadata
270 output.write(f"\n\n=========== {index + 1}/{total_cves_to_process}: {cve} ===========")273 output.write(f"\n\n=========== {index + 1}/{total_cves_to_process}: {cve} ===========")
271 output.write(f"{cves_with_mismatches[cve]['Description']}")274 output.write(f" {indent_content(cves_with_mismatches[cve]['Description'])}")
272 output.write(f"\n- Public Date: {cves_with_mismatches[cve]['PublicDate']}")275 output.write(f"\n- Public Date: {cves_with_mismatches[cve]['PublicDate']}")
273 output.write(f"\n- Ubuntu Priority: {cves_with_mismatches[cve]['Priority'][0]} || CVSS Severity: {get_cvss_base_severity(cves_with_mismatches[cve]['CVSS'])}")276 output.write(f"\n- Ubuntu Priority: {cves_with_mismatches[cve]['Priority'][0]} || CVSS Severity: {get_cvss_base_severity(cves_with_mismatches[cve]['CVSS'])}")
274 output.write(f"\n- Affected packages: {', '.join(cves_with_mismatches[cve]['pkgs'].keys())}")277 output.write(f"\n- Affected packages: {', '.join(cves_with_mismatches[cve]['pkgs'].keys())}")

Subscribers

People subscribed via source and target branches