Merge ~eslerm/ubuntu-cve-tracker:check-cves-variables into ubuntu-cve-tracker:master
- Git
- lp:~eslerm/ubuntu-cve-tracker
- check-cves-variables
- Merge into master
Status: | Merged |
---|---|
Merged at revision: | fb96f59c1267dc5da2facee5ee39b2e23cd87e65 |
Proposed branch: | ~eslerm/ubuntu-cve-tracker:check-cves-variables |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
523 lines (+110/-112) 1 file modified
scripts/check-cves (+110/-112) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Alex Murray | Approve | ||
Review via email: mp+462731@code.launchpad.net |
Commit message
check-cves: variable clarity updates
Description of the change
This is mostly an update to make variables clearer.
I should have said "constants" not "globals".
I'm not certain all of them should be added. Particularly `BUILT_USING_MAP` which pylint suggested. `UNTRIAGED_JSON` as well, but I don't believe code using this variable is proper (several parameters can override it).
There is more work to clarify human_process_
Mark Esler (eslerm) wrote : | # |
Marc Deslauriers (mdeslaur) wrote : | # |
This script doesn't have a main function, it's just a script. If you really want to run something like pylint over it and want to switch everything it thinks are "global" variables to uppercase, you should probably convert the script to use a main function first.
Mark Esler (eslerm) wrote (last edit ): | # |
The plan is to use a main function. My refactor isn't complete, but had begun to implement this https:/
It's easier to work with the code after it is clearer, which is why I'm suggesting style changes first.
Potentially I _could_ drop all of these variables to lower case if needed.
Preview Diff
1 | diff --git a/scripts/check-cves b/scripts/check-cves |
2 | index be0b713..c1239fd 100755 |
3 | --- a/scripts/check-cves |
4 | +++ b/scripts/check-cves |
5 | @@ -79,20 +79,20 @@ for release in list(source.keys()): |
6 | # remove common words which also happen to be names |
7 | # of source packages since our ignore suggestion is |
8 | # likely to sometimes contain these |
9 | -common_words = ['an', 'and', 'context', 'file', 'modules', 'the', 'when'] |
10 | -allsrcs.difference_update(set(common_words)) |
11 | +COMMON_WORDS = ['an', 'and', 'context', 'file', 'modules', 'the', 'when'] |
12 | +allsrcs.difference_update(set(COMMON_WORDS)) |
13 | allsrcs.update(set(cve_lib.package_db.keys())) |
14 | |
15 | -built_using_map = None |
16 | +BUILT_USING_MAP = None |
17 | |
18 | -destdir = "." |
19 | +DEST_DIR = "." |
20 | |
21 | # Skip stuff older than 2005 |
22 | -cve_limit = 2004 |
23 | +CVE_LIMIT = 2004 |
24 | |
25 | -mistriaged_hint = 'Previously triaged as ignored in Ubuntu\n\n' |
26 | +MISTRIAGED_HINT = 'Previously triaged as ignored in Ubuntu\n\n' |
27 | |
28 | -ignore_strings = [ |
29 | +IGNORE_STRINGS = [ |
30 | "** REJECT **", "Internet Explorer", "Microsoft Edge", "Windows 98", |
31 | "Windows 2000", "Windows XP", "Windows Server 2003", "Windows NT", |
32 | "Mercury Board", "ZeroBoard", "AntiVirus", "Microsoft", "SGI IRIX", |
33 | @@ -136,7 +136,6 @@ def _spawn_editor(path): |
34 | subprocess.call([editor, path]) |
35 | |
36 | def debug(msg): |
37 | - global opt |
38 | if args.debug: |
39 | print(msg, file=sys.stderr) |
40 | |
41 | @@ -227,7 +226,7 @@ def import_debian(handler): |
42 | cves = dict() |
43 | |
44 | today = datetime_date.today() |
45 | - known = set(CVEKnownList + CVEIgnoreList) |
46 | + known = set(cve_known_list + cve_ignore_list) |
47 | |
48 | def ever_existed(pkg): |
49 | for rel in source: |
50 | @@ -236,8 +235,8 @@ def import_debian(handler): |
51 | return False |
52 | |
53 | def mistriaged(cve): |
54 | - if cve in CVEIgnoreNotForUsSet and \ |
55 | - cve not in CVEIgnoreMistriagedSet and \ |
56 | + if cve in CVE_IGNORE_NFU_SET and \ |
57 | + cve not in CVE_IGNORE_MISTRIAGED_LIST and \ |
58 | handler.debian[cve]['state'] == 'FOUND': |
59 | # check that at least one of the assigned packages exist |
60 | # in Ubuntu |
61 | @@ -259,7 +258,7 @@ def import_debian(handler): |
62 | continue |
63 | |
64 | year = int(re.split('-', cve)[1]) |
65 | - if year < cve_limit: |
66 | + if year < CVE_LIMIT: |
67 | continue |
68 | |
69 | # If we already know about the CVE, skip it unless is |
70 | @@ -267,7 +266,7 @@ def import_debian(handler): |
71 | if cve in known: |
72 | if mistriaged(cve): |
73 | # add a note about how this was originally classified |
74 | - dsas[dsa]['desc'] = mistriaged_hint + dsas[dsa]['desc'] |
75 | + dsas[dsa]['desc'] = MISTRIAGED_HINT + dsas[dsa]['desc'] |
76 | else: |
77 | continue |
78 | |
79 | @@ -294,16 +293,16 @@ def import_debian(handler): |
80 | continue |
81 | |
82 | year = int(re.split('-', cve)[1]) |
83 | - if year < cve_limit: |
84 | + if year < CVE_LIMIT: |
85 | if args.verbose: |
86 | - print(f"Skipping {cve}, year {year} predates {cve_limit}", file=sys.stderr) |
87 | + print(f"Skipping {cve}, year {year} predates {CVE_LIMIT}", file=sys.stderr) |
88 | continue |
89 | |
90 | # If we already know about the CVE, skip it unless is mistriaged |
91 | if cve in known: |
92 | if mistriaged(cve): |
93 | # add a note about how this was originally classified |
94 | - handler.debian[cve]['desc'] = mistriaged_hint + handler.debian[cve]['desc'] |
95 | + handler.debian[cve]['desc'] = MISTRIAGED_HINT + handler.debian[cve]['desc'] |
96 | else: |
97 | if args.verbose: |
98 | print(f"Skipping {cve}, already known", file=sys.stderr) |
99 | @@ -539,14 +538,14 @@ def dpkg_compare_versions(v1, op, v2): |
100 | |
101 | |
102 | def get_built_using(pkgs=[]): |
103 | - global built_using_map |
104 | - if built_using_map is None: |
105 | - built_using_map = source_map.load_built_using_collection( |
106 | + global BUILT_USING_MAP |
107 | + if BUILT_USING_MAP is None: |
108 | + BUILT_USING_MAP = source_map.load_built_using_collection( |
109 | source_map.load(data_type='packages')) |
110 | |
111 | out = "" |
112 | for pkg in pkgs: |
113 | - out += source_map.get_built_using(built_using_map, pkg) |
114 | + out += source_map.get_built_using(BUILT_USING_MAP, pkg) |
115 | |
116 | return out |
117 | |
118 | @@ -602,7 +601,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
119 | timestamp = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime()) |
120 | |
121 | # Append to timestamp file list |
122 | - with open(f'{destdir}/check-cves.log', 'a') as f: |
123 | + with open(f'{DEST_DIR}/check-cves.log', 'a') as f: |
124 | f.write( |
125 | f"{timestamp} UTC - " |
126 | f"{self.num_added} added, " |
127 | @@ -780,10 +779,10 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
128 | if not self.curr_cve or not self.curr_desc: |
129 | return |
130 | # Skip CVEs we know about already unless this is a mistriaged CVE |
131 | - if self.curr_cve in self.cve_ignore and mistriaged_hint not in self.curr_desc: |
132 | + if self.curr_cve in self.cve_ignore and MISTRIAGED_HINT not in self.curr_desc: |
133 | return |
134 | |
135 | - limit = cve_limit |
136 | + limit = CVE_LIMIT |
137 | if not args.refresh and not args.score_refresh: |
138 | limit = 2005 |
139 | if int(self.curr_cve.split("-")[1]) < limit: |
140 | @@ -832,7 +831,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
141 | if subproject in source: |
142 | aliases = source_map.get_all_aliases(source, subproject) |
143 | for hint in software_hints_from_cve_description: |
144 | - if hint in common_words: |
145 | + if hint in COMMON_WORDS: |
146 | continue |
147 | |
148 | if hint in source[subproject]: |
149 | @@ -863,7 +862,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
150 | sys.stdout = CVEOutput(file, line_prefix) |
151 | |
152 | # Check if this was once an embargoed issue |
153 | - if cve in EmbargoList: |
154 | + if cve in CVE_EMBARGO_LIST: |
155 | print('**!!** no longer embargoed **!!**') |
156 | print('==========================details from embargo entry==========================') |
157 | with open(os.path.join('embargoed', cve)) as f: |
158 | @@ -927,7 +926,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
159 | print(" - " + affected_subproject + ": " + " - ".join( |
160 | software_hints_per_external_releases[affected_subproject])) |
161 | # once again, announce formerly embargoed status |
162 | - if cve in EmbargoList: |
163 | + if cve in CVE_EMBARGO_LIST: |
164 | print('**!!** no longer embargoed **!!**') |
165 | print('**!!** ensure this is correct before unembargoing **!!**') |
166 | |
167 | @@ -940,12 +939,12 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
168 | reason = "" |
169 | packages = [] |
170 | # Skip CVEs that are obviously not about Ubuntu |
171 | - for s in ignore_strings: |
172 | + for s in IGNORE_STRINGS: |
173 | if re.search('(^| )%s' % re.escape(s), self.cve_data[cve]['desc'], flags=re.MULTILINE) and self.cve_data[cve]['desc'].find("Linux") < 0: |
174 | action = 'ignore' |
175 | reason = s |
176 | # if cve is in embargo list (but now public), default to unembargo action |
177 | - if cve in EmbargoList: |
178 | + if cve in CVE_EMBARGO_LIST: |
179 | action = 'unembargo' |
180 | reason = "" |
181 | else: |
182 | @@ -1011,36 +1010,36 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
183 | return words |
184 | |
185 | def human_process_cve(self, cve, action='skip', reason='', package=''): |
186 | - info = '' |
187 | - while info == "" or info[0] not in ['i', 'a', 's', 'q', 'r']: |
188 | + user_input = '' |
189 | + while user_input == "" or user_input[0] not in ['i', 'a', 's', 'q', 'r']: |
190 | prompt_user(f'\nA]dd (or R]epeat), I]gnore forever, S]kip for now, or Q]uit? [{action}] ') |
191 | - info = sys.stdin.readline().strip().lower() |
192 | - if info == "": |
193 | - info = action |
194 | + user_input = sys.stdin.readline().strip().lower() |
195 | + if user_input == "": |
196 | + user_input = action |
197 | |
198 | - if info.startswith('q'): |
199 | + if user_input.startswith('q'): |
200 | self.printReport() |
201 | self.updateTimestamp() |
202 | sys.exit(0) |
203 | - elif info.startswith('a') or info.startswith('r'): |
204 | + elif user_input.startswith('a') or user_input.startswith('r'): |
205 | do_repeat = False |
206 | - if info.startswith('r'): |
207 | - info = self.saved_package |
208 | + if user_input.startswith('r'): |
209 | + user_input = self.saved_package |
210 | do_repeat = True |
211 | else: |
212 | - info = "" |
213 | - while info == "": |
214 | + user_input = "" |
215 | + while user_input == "": |
216 | prompt_user('Package(s) affected? ') |
217 | if package == "": |
218 | package = self.saved_package |
219 | if package != "": |
220 | prompt_user(f'[{package}] ') |
221 | - info = sys.stdin.readline().strip() |
222 | - if info == '': |
223 | - info = package |
224 | - self.saved_package = info |
225 | + user_input = sys.stdin.readline().strip() |
226 | + if user_input == '': |
227 | + user_input = package |
228 | + self.saved_package = user_input |
229 | |
230 | - dst = self.add_cve(cve, info.split(), None) |
231 | + dst = self.add_cve(cve, user_input.split(), None) |
232 | |
233 | if do_repeat: |
234 | subprocess.call(['./scripts/active_dup', self.saved_cve, cve]) |
235 | @@ -1048,11 +1047,11 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
236 | self.saved_cve = cve |
237 | |
238 | print('\n===================== Dependant packages ======================') |
239 | - print(f' Detecting packages built using: {info}...', end='') |
240 | + print(f' Detecting packages built using: {user_input}...', end='') |
241 | sys.stdout.flush() |
242 | built_using = "" |
243 | try: |
244 | - built_using = get_built_using(info) |
245 | + built_using = get_built_using(user_input) |
246 | except Exception as e: |
247 | print(f"ERROR: {e}", file=sys.stderr) |
248 | pass # for now just show the error but don't break triage |
249 | @@ -1062,13 +1061,13 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
250 | print(source_map.get_built_using_header()) |
251 | print(built_using) |
252 | print("IMPORTANT: the above packages are candidates for rebuilds when fixes are applied to:") |
253 | - print(" %s" % "\n ".join(info)) |
254 | + print(" %s" % "\n ".join(user_input)) |
255 | else: |
256 | print("none detected") |
257 | |
258 | - elif info.startswith('i'): |
259 | - info = "" |
260 | - while info == "": |
261 | + elif user_input.startswith('i'): |
262 | + ignored_reason = "" |
263 | + while ignored_reason == "": |
264 | print('Reason to be ignored?') |
265 | prompts = [] |
266 | |
267 | @@ -1085,24 +1084,23 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
268 | print(f" {chr(97 + i)}) {prompts[i]}") |
269 | prompt_user(' > ') |
270 | |
271 | - info = sys.stdin.readline().strip() |
272 | - if len(info) == 1 and info.isalpha(): |
273 | + ignored_reason_input = sys.stdin.readline().strip() |
274 | + # NOTE: user is selecting a choice from prompts |
275 | + if len(ignored_reason_input) == 1 and ignored_reason_input.isalpha(): |
276 | try: |
277 | # ord('a') == 97 |
278 | - info = prompts[ord(info) - 97] |
279 | + ignored_reason = prompts[ord(ignored_reason_input) - 97] |
280 | except IndexError: |
281 | print('\nError: invalid reason.\n') |
282 | - info = "" |
283 | - # Enter defaults to only suggestion if only one exists |
284 | - elif len(info) == 0 and len(prompts) == 1: |
285 | - info = prompts[0] |
286 | - elif len(info) < 3: # Fat fingers protection |
287 | + # TODO: reassess if < 2 is a better value |
288 | + # or add a mechanism to catch certain 3 letter words |
289 | + # e.g., IBM is currently invalid |
290 | + elif len(ignored_reason_input) < 3: # Fat fingers protection |
291 | print('\nError: Reason must be at least 3 characters long!\n') |
292 | - info = "" |
293 | - self.saved_ignore_cache.insert(info) |
294 | - self.ignore_cve(cve, info) |
295 | + self.saved_ignore_cache.insert(ignored_reason) |
296 | + self.ignore_cve(cve, ignored_reason) |
297 | |
298 | - elif info.startswith('s'): |
299 | + elif user_input.startswith('s'): |
300 | self.skip_cve() |
301 | print('') |
302 | |
303 | @@ -1146,7 +1144,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
304 | if priority not in cve_lib.priorities and not priority == 'untriaged': |
305 | raise ValueError(f'Invalid priority on line {line_num}:\n{orig_line}') |
306 | |
307 | - if os.path.exists(f'{destdir}/active/{cve}'): |
308 | + if os.path.exists(f'{DEST_DIR}/active/{cve}'): |
309 | raise ValueError(f'Updating an existing CVE is not supported (line {line_num}):\n{orig_line}') |
310 | |
311 | if preprocess: |
312 | @@ -1160,7 +1158,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
313 | if action == 'edit': |
314 | _spawn_editor(cve_path) |
315 | elif action == 'unembargo': |
316 | - if cve not in EmbargoList: |
317 | + if cve not in CVE_EMBARGO_LIST: |
318 | raise ValueError(f'CVE {cve} is not in the embargo database (line {line_num}):\n{orig_line}') |
319 | |
320 | if os.path.exists(os.path.join('active', cve)): |
321 | @@ -1198,7 +1196,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
322 | desc = '' |
323 | |
324 | # Check if this was once an embargoed issue |
325 | - if cve in EmbargoList: |
326 | + if cve in CVE_EMBARGO_LIST: |
327 | desc += '# **!!** no longer embargoed **!!**\n' |
328 | desc += '# ==========================details from embargo entry==========================\n' |
329 | with open(os.path.join('embargoed', cve)) as f: |
330 | @@ -1238,7 +1236,7 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
331 | action = 'skip' |
332 | data = "" |
333 | # Skip CVEs that are obviously not about Ubuntu |
334 | - for s in ignore_strings: |
335 | + for s in IGNORE_STRINGS: |
336 | if self.cve_data[cve]['desc'].find(s) >= 0 and self.cve_data[cve]['desc'].find("Linux") < 0: |
337 | action = 'ignore' |
338 | data = s |
339 | @@ -1255,11 +1253,11 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
340 | |
341 | def add_cve(self, cve, packages, priority=None): |
342 | # remove from not-for-us.txt if adding and ensure we remove any |
343 | - # mistriaged_hint from the description |
344 | - if cve in CVEIgnoreNotForUsSet: |
345 | + # MISTRIAGED_HINT from the description |
346 | + if cve in CVE_IGNORE_NFU_SET: |
347 | cmd = ['sed', '-i', f'/^{cve} #.*$/d', './ignored/not-for-us.txt'] |
348 | subprocess.call(cmd) |
349 | - self.cve_data[cve]['desc'] = self.cve_data[cve]['desc'].replace(mistriaged_hint, '') |
350 | + self.cve_data[cve]['desc'] = self.cve_data[cve]['desc'].replace(MISTRIAGED_HINT, '') |
351 | |
352 | # Build up list of reference urls |
353 | ref_urls = [] |
354 | @@ -1376,10 +1374,10 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
355 | self.num_added += 1 |
356 | |
357 | def ignore_cve(self, cve, reason): |
358 | - # Append to ignore list unless is already in CVEIgnoreList and then |
359 | + # Append to ignore list unless is already in cve_ignore_list and then |
360 | # append to the ignored/ignore-mistriaged.txt |
361 | - txtfile = 'ignore-mistriaged.txt' if cve in CVEIgnoreNotForUsSet else 'not-for-us.txt' |
362 | - with open(f'{destdir}/ignored/{txtfile}', 'a') as f: |
363 | + txtfile = 'ignore-mistriaged.txt' if cve in CVE_IGNORE_NFU_SET else 'not-for-us.txt' |
364 | + with open(f'{DEST_DIR}/ignored/{txtfile}', 'a') as f: |
365 | f.write(f'{cve} # {reason}\n') |
366 | |
367 | self.num_ignored += 1 |
368 | @@ -1388,74 +1386,74 @@ class CVEHandler(xml.sax.handler.ContentHandler): |
369 | self.num_skipped += 1 |
370 | |
371 | |
372 | -ignored_notforus_path = 'ignored/not-for-us.txt' |
373 | -if destdir != './' and destdir != '.': |
374 | - ignored_notforus_path = os.path.join(destdir, ignored_notforus_path) |
375 | -# CVEIgnoreNotForUsSet is a set of all CVEs that we have previously |
376 | +IGNORED_NFU_PATH = 'ignored/not-for-us.txt' |
377 | +if DEST_DIR != './' and DEST_DIR != '.': |
378 | + IGNORED_NFU_PATH = os.path.join(DEST_DIR, IGNORED_NFU_PATH) |
379 | +# CVE_IGNORE_NFU_SET is a set of all CVEs that we have previously |
380 | # chosen to ignore since they don't apply to software in Ubuntu |
381 | -CVEIgnoreNotForUsSet = set(cve_lib.parse_CVEs_from_uri(ignored_notforus_path)) |
382 | +CVE_IGNORE_NFU_SET = set(cve_lib.parse_CVEs_from_uri(IGNORED_NFU_PATH)) |
383 | |
384 | -ignored_mistriaged_path = 'ignored/ignore-mistriaged.txt' |
385 | -if destdir != './' and destdir != '.': |
386 | - ignored_mistriaged_path = os.path.join(destdir, ignored_mistriaged_path) |
387 | -# CVEIgnoreMistriagedSet is a set of all CVEs that we want to definitely |
388 | +IGNORED_MISTRIAGED_PATH = 'ignored/ignore-mistriaged.txt' |
389 | +if DEST_DIR != './' and DEST_DIR != '.': |
390 | + IGNORED_MISTRIAGED_PATH = os.path.join(DEST_DIR, IGNORED_MISTRIAGED_PATH) |
391 | +# CVE_IGNORE_MISTRIAGED_LIST is a set of all CVEs that we want to definitely |
392 | # ignore when doing mistriaged CVE detection - they should exist in both |
393 | # CVEIgnoreNotForUsList and CVEIgnoreMistriagedList |
394 | -CVEIgnoreMistriagedSet = set(cve_lib.parse_CVEs_from_uri(ignored_mistriaged_path)) |
395 | +CVE_IGNORE_MISTRIAGED_LIST = set(cve_lib.parse_CVEs_from_uri(IGNORED_MISTRIAGED_PATH)) |
396 | |
397 | -# CVEIgnoreList is a list of all CVEs we know about already. These will be |
398 | +# cve_ignore_list is a list of all CVEs we know about already. These will be |
399 | # ignored when checking MITRE for new CVEs |
400 | -CVEIgnoreList = list(CVEIgnoreNotForUsSet) |
401 | +cve_ignore_list = list(CVE_IGNORE_NFU_SET) |
402 | |
403 | -CVEKnownList = [] |
404 | -CVEKnownList += [cve for cve in os.listdir(destdir + "/ignored/") if cve.startswith('CVE-')] |
405 | -CVEKnownList += [cve for cve in os.listdir(destdir + "/retired/") if cve.startswith('CVE-')] |
406 | -(ActiveList, EmbargoList) = cve_lib.get_cve_list() |
407 | -CVEKnownList += [cve for cve in ActiveList if cve not in EmbargoList] |
408 | +cve_known_list = [] |
409 | +cve_known_list += [cve for cve in os.listdir(DEST_DIR + "/ignored/") if cve.startswith('CVE-')] |
410 | +cve_known_list += [cve for cve in os.listdir(DEST_DIR + "/retired/") if cve.startswith('CVE-')] |
411 | +(CVE_ACTIVE_LIST, CVE_EMBARGO_LIST) = cve_lib.get_cve_list() |
412 | +cve_known_list += [cve for cve in CVE_ACTIVE_LIST if cve not in CVE_EMBARGO_LIST] |
413 | |
414 | if not args.refresh and not args.mistriaged and not args.score_refresh: |
415 | - CVEIgnoreList += CVEKnownList |
416 | + cve_ignore_list += cve_known_list |
417 | |
418 | if args.known: |
419 | - cvelist = CVEIgnoreList |
420 | + cvelist = cve_ignore_list |
421 | if args.skip_nfu: |
422 | - cvelist = CVEKnownList |
423 | + cvelist = cve_known_list |
424 | for cve in sorted(cvelist): |
425 | print(cve) |
426 | sys.exit(0) |
427 | |
428 | parser = xml.sax.make_parser() |
429 | -handler = CVEHandler(CVEIgnoreList) |
430 | +handler = CVEHandler(cve_ignore_list) |
431 | parser.setContentHandler(handler) |
432 | |
433 | # if has specified to triage only specific CVEs, check these are not |
434 | # ignored |
435 | -specific_cves = None |
436 | +SPECIFIC_CVES = None |
437 | if args.cve: |
438 | - specific_cves = set() |
439 | + SPECIFIC_CVES = set() |
440 | for cve in args.cve.split(","): |
441 | # ignore empty CVE |
442 | if cve.strip() == "": |
443 | continue |
444 | # error out if is ignored |
445 | - if cve in CVEIgnoreList: |
446 | + if cve in cve_ignore_list: |
447 | print(f"{cve} already exists in UCT - please remove it then retriage.") |
448 | sys.exit(1) |
449 | - specific_cves.add(cve) |
450 | + SPECIFIC_CVES.add(cve) |
451 | |
452 | -untriaged_json = "" |
453 | +UNTRIAGED_JSON = "" |
454 | if args.untriaged: |
455 | - untriaged_json = read_locate_cves_output(args.untriaged) |
456 | - args.uris.append(untriaged_json) |
457 | + UNTRIAGED_JSON = read_locate_cves_output(args.untriaged) |
458 | + args.uris.append(UNTRIAGED_JSON) |
459 | |
460 | if args.mbox: |
461 | - untriaged_json = read_mbox_file(args.mbox) |
462 | - args.uris.append(untriaged_json) |
463 | + UNTRIAGED_JSON = read_mbox_file(args.mbox) |
464 | + args.uris.append(UNTRIAGED_JSON) |
465 | |
466 | rhel8oval_import_json = "" |
467 | if args.rhel8oval: |
468 | - untriaged_json = read_rhel8oval_file(args.rhel8oval) |
469 | - args.uris.append(untriaged_json) |
470 | + UNTRIAGED_JSON = read_rhel8oval_file(args.rhel8oval) |
471 | + args.uris.append(UNTRIAGED_JSON) |
472 | |
473 | debian_import_json = "" |
474 | if (args.import_missing_debian or args.mistriaged) and handler.debian is not None: |
475 | @@ -1483,8 +1481,8 @@ for uri in args.uris: |
476 | print('') |
477 | |
478 | # Leaving our fake json around is icky |
479 | -if os.path.exists(untriaged_json): |
480 | - os.unlink(untriaged_json) |
481 | +if os.path.exists(UNTRIAGED_JSON): |
482 | + os.unlink(UNTRIAGED_JSON) |
483 | if os.path.exists(debian_import_json): |
484 | os.unlink(debian_import_json) |
485 | |
486 | @@ -1508,7 +1506,7 @@ def refresh_cves(cve_refresh_list, full_refresh=True): |
487 | # Find the on-disk CVE file |
488 | cvefile = "" |
489 | for status in ['active', 'retired', 'ignored']: |
490 | - check = f'{destdir}/{status}/{cve}' |
491 | + check = f'{DEST_DIR}/{status}/{cve}' |
492 | if os.path.exists(check): |
493 | cvefile = check |
494 | break |
495 | @@ -1568,10 +1566,10 @@ def refresh_cves(cve_refresh_list, full_refresh=True): |
496 | |
497 | |
498 | if args.refresh or args.score_refresh: |
499 | - if args.cve and specific_cves is not set(): |
500 | - cve_refresh_list = specific_cves |
501 | + if args.cve and SPECIFIC_CVES is not set(): |
502 | + cve_refresh_list = SPECIFIC_CVES |
503 | else: |
504 | - cve_refresh_list = CVEKnownList |
505 | + cve_refresh_list = cve_known_list |
506 | |
507 | # with OptParse args.refresh and args.score_refresh will each |
508 | # either be True or None. We want full_refresh to be False when |
509 | @@ -1590,12 +1588,12 @@ if experimental: |
510 | handler.display_command_file_usage(fout, '# ') |
511 | |
512 | for cve in new_cves: |
513 | - if args.cve and cve not in specific_cves: |
514 | + if args.cve and cve not in SPECIFIC_CVES: |
515 | # ignore this cve |
516 | continue |
517 | # if this got marked as mistriaged, probablistically choose it for |
518 | # processing |
519 | - if mistriaged_hint in handler.cve_data[cve]['desc']: |
520 | + if MISTRIAGED_HINT in handler.cve_data[cve]['desc']: |
521 | if args.mistriaged == 0: |
522 | # ignore this one |
523 | continue |
I used pylint to inform some of these changes: https:/ /pylint. readthedocs. io/en/stable/ user_guide/ messages/ convention/ invalid- name.html