Ubuntu CVE Tracker

Merge ~eslerm/ubuntu-cve-tracker:check-cves-variables into ubuntu-cve-tracker:master

  1. Git
  2. lp:~eslerm/ubuntu-cve-tracker
  3. check-cves-variables
  4. Merge into master
Proposed by Mark Esler
Status: Merged
Merged at revision: fb96f59c1267dc5da2facee5ee39b2e23cd87e65
Proposed branch: ~eslerm/ubuntu-cve-tracker:check-cves-variables
Merge into: ubuntu-cve-tracker:master
Diff against target: 523 lines (+110/-112)
1 file modified
scripts/check-cves (+110/-112)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+462731@code.launchpad.net

Commit message

check-cves: variable clarity updates

Description of the change

This is mostly an update to make variables clearer.

I should have said "constants" not "globals".

I'm not certain all of them should be added. Particularly `BUILT_USING_MAP` which pylint suggested. `UNTRIAGED_JSON` as well, but I don't believe code using this variable is proper (several parameters can override it).

There is more work to clarify human_process_cve(), but this seems like a good point to stop and ask for a review.

To post a comment you must log in.
Revision history for this message
Mark Esler (eslerm) wrote :

I used pylint to inform some of these changes: https://pylint.readthedocs.io/en/stable/user_guide/messages/convention/invalid-name.html

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This script doesn't have a main function, it's just a script. If you really want to run something like pylint over it and want to switch everything it thinks are "global" variables to uppercase, you should probably convert the script to use a main function first.

Revision history for this message
Mark Esler (eslerm) wrote (last edit ):

The plan is to use a main function. My refactor isn't complete, but had begun to implement this https://git.launchpad.net/~eslerm/ubuntu-cve-tracker/tree/scripts/check_cves.py?h=cve-translate

It's easier to work with the code after it is clearer, which is why I'm suggesting style changes first.

Potentially I _could_ drop all of these variables to lower case if needed.

Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-cves b/scripts/check-cves
2index be0b713..c1239fd 100755
3--- a/scripts/check-cves
4+++ b/scripts/check-cves
5@@ -79,20 +79,20 @@ for release in list(source.keys()):
6 # remove common words which also happen to be names
7 # of source packages since our ignore suggestion is
8 # likely to sometimes contain these
9-common_words = ['an', 'and', 'context', 'file', 'modules', 'the', 'when']
10-allsrcs.difference_update(set(common_words))
11+COMMON_WORDS = ['an', 'and', 'context', 'file', 'modules', 'the', 'when']
12+allsrcs.difference_update(set(COMMON_WORDS))
13 allsrcs.update(set(cve_lib.package_db.keys()))
14
15-built_using_map = None
16+BUILT_USING_MAP = None
17
18-destdir = "."
19+DEST_DIR = "."
20
21 # Skip stuff older than 2005
22-cve_limit = 2004
23+CVE_LIMIT = 2004
24
25-mistriaged_hint = 'Previously triaged as ignored in Ubuntu\n\n'
26+MISTRIAGED_HINT = 'Previously triaged as ignored in Ubuntu\n\n'
27
28-ignore_strings = [
29+IGNORE_STRINGS = [
30 "** REJECT **", "Internet Explorer", "Microsoft Edge", "Windows 98",
31 "Windows 2000", "Windows XP", "Windows Server 2003", "Windows NT",
32 "Mercury Board", "ZeroBoard", "AntiVirus", "Microsoft", "SGI IRIX",
33@@ -136,7 +136,6 @@ def _spawn_editor(path):
34 subprocess.call([editor, path])
35
36 def debug(msg):
37- global opt
38 if args.debug:
39 print(msg, file=sys.stderr)
40
41@@ -227,7 +226,7 @@ def import_debian(handler):
42 cves = dict()
43
44 today = datetime_date.today()
45- known = set(CVEKnownList + CVEIgnoreList)
46+ known = set(cve_known_list + cve_ignore_list)
47
48 def ever_existed(pkg):
49 for rel in source:
50@@ -236,8 +235,8 @@ def import_debian(handler):
51 return False
52
53 def mistriaged(cve):
54- if cve in CVEIgnoreNotForUsSet and \
55- cve not in CVEIgnoreMistriagedSet and \
56+ if cve in CVE_IGNORE_NFU_SET and \
57+ cve not in CVE_IGNORE_MISTRIAGED_LIST and \
58 handler.debian[cve]['state'] == 'FOUND':
59 # check that at least one of the assigned packages exist
60 # in Ubuntu
61@@ -259,7 +258,7 @@ def import_debian(handler):
62 continue
63
64 year = int(re.split('-', cve)[1])
65- if year < cve_limit:
66+ if year < CVE_LIMIT:
67 continue
68
69 # If we already know about the CVE, skip it unless is
70@@ -267,7 +266,7 @@ def import_debian(handler):
71 if cve in known:
72 if mistriaged(cve):
73 # add a note about how this was originally classified
74- dsas[dsa]['desc'] = mistriaged_hint + dsas[dsa]['desc']
75+ dsas[dsa]['desc'] = MISTRIAGED_HINT + dsas[dsa]['desc']
76 else:
77 continue
78
79@@ -294,16 +293,16 @@ def import_debian(handler):
80 continue
81
82 year = int(re.split('-', cve)[1])
83- if year < cve_limit:
84+ if year < CVE_LIMIT:
85 if args.verbose:
86- print(f"Skipping {cve}, year {year} predates {cve_limit}", file=sys.stderr)
87+ print(f"Skipping {cve}, year {year} predates {CVE_LIMIT}", file=sys.stderr)
88 continue
89
90 # If we already know about the CVE, skip it unless is mistriaged
91 if cve in known:
92 if mistriaged(cve):
93 # add a note about how this was originally classified
94- handler.debian[cve]['desc'] = mistriaged_hint + handler.debian[cve]['desc']
95+ handler.debian[cve]['desc'] = MISTRIAGED_HINT + handler.debian[cve]['desc']
96 else:
97 if args.verbose:
98 print(f"Skipping {cve}, already known", file=sys.stderr)
99@@ -539,14 +538,14 @@ def dpkg_compare_versions(v1, op, v2):
100
101
102 def get_built_using(pkgs=[]):
103- global built_using_map
104- if built_using_map is None:
105- built_using_map = source_map.load_built_using_collection(
106+ global BUILT_USING_MAP
107+ if BUILT_USING_MAP is None:
108+ BUILT_USING_MAP = source_map.load_built_using_collection(
109 source_map.load(data_type='packages'))
110
111 out = ""
112 for pkg in pkgs:
113- out += source_map.get_built_using(built_using_map, pkg)
114+ out += source_map.get_built_using(BUILT_USING_MAP, pkg)
115
116 return out
117
118@@ -602,7 +601,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
119 timestamp = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime())
120
121 # Append to timestamp file list
122- with open(f'{destdir}/check-cves.log', 'a') as f:
123+ with open(f'{DEST_DIR}/check-cves.log', 'a') as f:
124 f.write(
125 f"{timestamp} UTC - "
126 f"{self.num_added} added, "
127@@ -780,10 +779,10 @@ class CVEHandler(xml.sax.handler.ContentHandler):
128 if not self.curr_cve or not self.curr_desc:
129 return
130 # Skip CVEs we know about already unless this is a mistriaged CVE
131- if self.curr_cve in self.cve_ignore and mistriaged_hint not in self.curr_desc:
132+ if self.curr_cve in self.cve_ignore and MISTRIAGED_HINT not in self.curr_desc:
133 return
134
135- limit = cve_limit
136+ limit = CVE_LIMIT
137 if not args.refresh and not args.score_refresh:
138 limit = 2005
139 if int(self.curr_cve.split("-")[1]) < limit:
140@@ -832,7 +831,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
141 if subproject in source:
142 aliases = source_map.get_all_aliases(source, subproject)
143 for hint in software_hints_from_cve_description:
144- if hint in common_words:
145+ if hint in COMMON_WORDS:
146 continue
147
148 if hint in source[subproject]:
149@@ -863,7 +862,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
150 sys.stdout = CVEOutput(file, line_prefix)
151
152 # Check if this was once an embargoed issue
153- if cve in EmbargoList:
154+ if cve in CVE_EMBARGO_LIST:
155 print('**!!** no longer embargoed **!!**')
156 print('==========================details from embargo entry==========================')
157 with open(os.path.join('embargoed', cve)) as f:
158@@ -927,7 +926,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
159 print(" - " + affected_subproject + ": " + " - ".join(
160 software_hints_per_external_releases[affected_subproject]))
161 # once again, announce formerly embargoed status
162- if cve in EmbargoList:
163+ if cve in CVE_EMBARGO_LIST:
164 print('**!!** no longer embargoed **!!**')
165 print('**!!** ensure this is correct before unembargoing **!!**')
166
167@@ -940,12 +939,12 @@ class CVEHandler(xml.sax.handler.ContentHandler):
168 reason = ""
169 packages = []
170 # Skip CVEs that are obviously not about Ubuntu
171- for s in ignore_strings:
172+ for s in IGNORE_STRINGS:
173 if re.search('(^| )%s' % re.escape(s), self.cve_data[cve]['desc'], flags=re.MULTILINE) and self.cve_data[cve]['desc'].find("Linux") < 0:
174 action = 'ignore'
175 reason = s
176 # if cve is in embargo list (but now public), default to unembargo action
177- if cve in EmbargoList:
178+ if cve in CVE_EMBARGO_LIST:
179 action = 'unembargo'
180 reason = ""
181 else:
182@@ -1011,36 +1010,36 @@ class CVEHandler(xml.sax.handler.ContentHandler):
183 return words
184
185 def human_process_cve(self, cve, action='skip', reason='', package=''):
186- info = ''
187- while info == "" or info[0] not in ['i', 'a', 's', 'q', 'r']:
188+ user_input = ''
189+ while user_input == "" or user_input[0] not in ['i', 'a', 's', 'q', 'r']:
190 prompt_user(f'\nA]dd (or R]epeat), I]gnore forever, S]kip for now, or Q]uit? [{action}] ')
191- info = sys.stdin.readline().strip().lower()
192- if info == "":
193- info = action
194+ user_input = sys.stdin.readline().strip().lower()
195+ if user_input == "":
196+ user_input = action
197
198- if info.startswith('q'):
199+ if user_input.startswith('q'):
200 self.printReport()
201 self.updateTimestamp()
202 sys.exit(0)
203- elif info.startswith('a') or info.startswith('r'):
204+ elif user_input.startswith('a') or user_input.startswith('r'):
205 do_repeat = False
206- if info.startswith('r'):
207- info = self.saved_package
208+ if user_input.startswith('r'):
209+ user_input = self.saved_package
210 do_repeat = True
211 else:
212- info = ""
213- while info == "":
214+ user_input = ""
215+ while user_input == "":
216 prompt_user('Package(s) affected? ')
217 if package == "":
218 package = self.saved_package
219 if package != "":
220 prompt_user(f'[{package}] ')
221- info = sys.stdin.readline().strip()
222- if info == '':
223- info = package
224- self.saved_package = info
225+ user_input = sys.stdin.readline().strip()
226+ if user_input == '':
227+ user_input = package
228+ self.saved_package = user_input
229
230- dst = self.add_cve(cve, info.split(), None)
231+ dst = self.add_cve(cve, user_input.split(), None)
232
233 if do_repeat:
234 subprocess.call(['./scripts/active_dup', self.saved_cve, cve])
235@@ -1048,11 +1047,11 @@ class CVEHandler(xml.sax.handler.ContentHandler):
236 self.saved_cve = cve
237
238 print('\n===================== Dependant packages ======================')
239- print(f' Detecting packages built using: {info}...', end='')
240+ print(f' Detecting packages built using: {user_input}...', end='')
241 sys.stdout.flush()
242 built_using = ""
243 try:
244- built_using = get_built_using(info)
245+ built_using = get_built_using(user_input)
246 except Exception as e:
247 print(f"ERROR: {e}", file=sys.stderr)
248 pass # for now just show the error but don't break triage
249@@ -1062,13 +1061,13 @@ class CVEHandler(xml.sax.handler.ContentHandler):
250 print(source_map.get_built_using_header())
251 print(built_using)
252 print("IMPORTANT: the above packages are candidates for rebuilds when fixes are applied to:")
253- print(" %s" % "\n ".join(info))
254+ print(" %s" % "\n ".join(user_input))
255 else:
256 print("none detected")
257
258- elif info.startswith('i'):
259- info = ""
260- while info == "":
261+ elif user_input.startswith('i'):
262+ ignored_reason = ""
263+ while ignored_reason == "":
264 print('Reason to be ignored?')
265 prompts = []
266
267@@ -1085,24 +1084,23 @@ class CVEHandler(xml.sax.handler.ContentHandler):
268 print(f" {chr(97 + i)}) {prompts[i]}")
269 prompt_user(' > ')
270
271- info = sys.stdin.readline().strip()
272- if len(info) == 1 and info.isalpha():
273+ ignored_reason_input = sys.stdin.readline().strip()
274+ # NOTE: user is selecting a choice from prompts
275+ if len(ignored_reason_input) == 1 and ignored_reason_input.isalpha():
276 try:
277 # ord('a') == 97
278- info = prompts[ord(info) - 97]
279+ ignored_reason = prompts[ord(ignored_reason_input) - 97]
280 except IndexError:
281 print('\nError: invalid reason.\n')
282- info = ""
283- # Enter defaults to only suggestion if only one exists
284- elif len(info) == 0 and len(prompts) == 1:
285- info = prompts[0]
286- elif len(info) < 3: # Fat fingers protection
287+ # TODO: reassess if < 2 is a better value
288+ # or add a mechanism to catch certain 3 letter words
289+ # e.g., IBM is currently invalid
290+ elif len(ignored_reason_input) < 3: # Fat fingers protection
291 print('\nError: Reason must be at least 3 characters long!\n')
292- info = ""
293- self.saved_ignore_cache.insert(info)
294- self.ignore_cve(cve, info)
295+ self.saved_ignore_cache.insert(ignored_reason)
296+ self.ignore_cve(cve, ignored_reason)
297
298- elif info.startswith('s'):
299+ elif user_input.startswith('s'):
300 self.skip_cve()
301 print('')
302
303@@ -1146,7 +1144,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
304 if priority not in cve_lib.priorities and not priority == 'untriaged':
305 raise ValueError(f'Invalid priority on line {line_num}:\n{orig_line}')
306
307- if os.path.exists(f'{destdir}/active/{cve}'):
308+ if os.path.exists(f'{DEST_DIR}/active/{cve}'):
309 raise ValueError(f'Updating an existing CVE is not supported (line {line_num}):\n{orig_line}')
310
311 if preprocess:
312@@ -1160,7 +1158,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
313 if action == 'edit':
314 _spawn_editor(cve_path)
315 elif action == 'unembargo':
316- if cve not in EmbargoList:
317+ if cve not in CVE_EMBARGO_LIST:
318 raise ValueError(f'CVE {cve} is not in the embargo database (line {line_num}):\n{orig_line}')
319
320 if os.path.exists(os.path.join('active', cve)):
321@@ -1198,7 +1196,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
322 desc = ''
323
324 # Check if this was once an embargoed issue
325- if cve in EmbargoList:
326+ if cve in CVE_EMBARGO_LIST:
327 desc += '# **!!** no longer embargoed **!!**\n'
328 desc += '# ==========================details from embargo entry==========================\n'
329 with open(os.path.join('embargoed', cve)) as f:
330@@ -1238,7 +1236,7 @@ class CVEHandler(xml.sax.handler.ContentHandler):
331 action = 'skip'
332 data = ""
333 # Skip CVEs that are obviously not about Ubuntu
334- for s in ignore_strings:
335+ for s in IGNORE_STRINGS:
336 if self.cve_data[cve]['desc'].find(s) >= 0 and self.cve_data[cve]['desc'].find("Linux") < 0:
337 action = 'ignore'
338 data = s
339@@ -1255,11 +1253,11 @@ class CVEHandler(xml.sax.handler.ContentHandler):
340
341 def add_cve(self, cve, packages, priority=None):
342 # remove from not-for-us.txt if adding and ensure we remove any
343- # mistriaged_hint from the description
344- if cve in CVEIgnoreNotForUsSet:
345+ # MISTRIAGED_HINT from the description
346+ if cve in CVE_IGNORE_NFU_SET:
347 cmd = ['sed', '-i', f'/^{cve} #.*$/d', './ignored/not-for-us.txt']
348 subprocess.call(cmd)
349- self.cve_data[cve]['desc'] = self.cve_data[cve]['desc'].replace(mistriaged_hint, '')
350+ self.cve_data[cve]['desc'] = self.cve_data[cve]['desc'].replace(MISTRIAGED_HINT, '')
351
352 # Build up list of reference urls
353 ref_urls = []
354@@ -1376,10 +1374,10 @@ class CVEHandler(xml.sax.handler.ContentHandler):
355 self.num_added += 1
356
357 def ignore_cve(self, cve, reason):
358- # Append to ignore list unless is already in CVEIgnoreList and then
359+ # Append to ignore list unless is already in cve_ignore_list and then
360 # append to the ignored/ignore-mistriaged.txt
361- txtfile = 'ignore-mistriaged.txt' if cve in CVEIgnoreNotForUsSet else 'not-for-us.txt'
362- with open(f'{destdir}/ignored/{txtfile}', 'a') as f:
363+ txtfile = 'ignore-mistriaged.txt' if cve in CVE_IGNORE_NFU_SET else 'not-for-us.txt'
364+ with open(f'{DEST_DIR}/ignored/{txtfile}', 'a') as f:
365 f.write(f'{cve} # {reason}\n')
366
367 self.num_ignored += 1
368@@ -1388,74 +1386,74 @@ class CVEHandler(xml.sax.handler.ContentHandler):
369 self.num_skipped += 1
370
371
372-ignored_notforus_path = 'ignored/not-for-us.txt'
373-if destdir != './' and destdir != '.':
374- ignored_notforus_path = os.path.join(destdir, ignored_notforus_path)
375-# CVEIgnoreNotForUsSet is a set of all CVEs that we have previously
376+IGNORED_NFU_PATH = 'ignored/not-for-us.txt'
377+if DEST_DIR != './' and DEST_DIR != '.':
378+ IGNORED_NFU_PATH = os.path.join(DEST_DIR, IGNORED_NFU_PATH)
379+# CVE_IGNORE_NFU_SET is a set of all CVEs that we have previously
380 # chosen to ignore since they don't apply to software in Ubuntu
381-CVEIgnoreNotForUsSet = set(cve_lib.parse_CVEs_from_uri(ignored_notforus_path))
382+CVE_IGNORE_NFU_SET = set(cve_lib.parse_CVEs_from_uri(IGNORED_NFU_PATH))
383
384-ignored_mistriaged_path = 'ignored/ignore-mistriaged.txt'
385-if destdir != './' and destdir != '.':
386- ignored_mistriaged_path = os.path.join(destdir, ignored_mistriaged_path)
387-# CVEIgnoreMistriagedSet is a set of all CVEs that we want to definitely
388+IGNORED_MISTRIAGED_PATH = 'ignored/ignore-mistriaged.txt'
389+if DEST_DIR != './' and DEST_DIR != '.':
390+ IGNORED_MISTRIAGED_PATH = os.path.join(DEST_DIR, IGNORED_MISTRIAGED_PATH)
391+# CVE_IGNORE_MISTRIAGED_LIST is a set of all CVEs that we want to definitely
392 # ignore when doing mistriaged CVE detection - they should exist in both
393 # CVEIgnoreNotForUsList and CVEIgnoreMistriagedList
394-CVEIgnoreMistriagedSet = set(cve_lib.parse_CVEs_from_uri(ignored_mistriaged_path))
395+CVE_IGNORE_MISTRIAGED_LIST = set(cve_lib.parse_CVEs_from_uri(IGNORED_MISTRIAGED_PATH))
396
397-# CVEIgnoreList is a list of all CVEs we know about already. These will be
398+# cve_ignore_list is a list of all CVEs we know about already. These will be
399 # ignored when checking MITRE for new CVEs
400-CVEIgnoreList = list(CVEIgnoreNotForUsSet)
401+cve_ignore_list = list(CVE_IGNORE_NFU_SET)
402
403-CVEKnownList = []
404-CVEKnownList += [cve for cve in os.listdir(destdir + "/ignored/") if cve.startswith('CVE-')]
405-CVEKnownList += [cve for cve in os.listdir(destdir + "/retired/") if cve.startswith('CVE-')]
406-(ActiveList, EmbargoList) = cve_lib.get_cve_list()
407-CVEKnownList += [cve for cve in ActiveList if cve not in EmbargoList]
408+cve_known_list = []
409+cve_known_list += [cve for cve in os.listdir(DEST_DIR + "/ignored/") if cve.startswith('CVE-')]
410+cve_known_list += [cve for cve in os.listdir(DEST_DIR + "/retired/") if cve.startswith('CVE-')]
411+(CVE_ACTIVE_LIST, CVE_EMBARGO_LIST) = cve_lib.get_cve_list()
412+cve_known_list += [cve for cve in CVE_ACTIVE_LIST if cve not in CVE_EMBARGO_LIST]
413
414 if not args.refresh and not args.mistriaged and not args.score_refresh:
415- CVEIgnoreList += CVEKnownList
416+ cve_ignore_list += cve_known_list
417
418 if args.known:
419- cvelist = CVEIgnoreList
420+ cvelist = cve_ignore_list
421 if args.skip_nfu:
422- cvelist = CVEKnownList
423+ cvelist = cve_known_list
424 for cve in sorted(cvelist):
425 print(cve)
426 sys.exit(0)
427
428 parser = xml.sax.make_parser()
429-handler = CVEHandler(CVEIgnoreList)
430+handler = CVEHandler(cve_ignore_list)
431 parser.setContentHandler(handler)
432
433 # if has specified to triage only specific CVEs, check these are not
434 # ignored
435-specific_cves = None
436+SPECIFIC_CVES = None
437 if args.cve:
438- specific_cves = set()
439+ SPECIFIC_CVES = set()
440 for cve in args.cve.split(","):
441 # ignore empty CVE
442 if cve.strip() == "":
443 continue
444 # error out if is ignored
445- if cve in CVEIgnoreList:
446+ if cve in cve_ignore_list:
447 print(f"{cve} already exists in UCT - please remove it then retriage.")
448 sys.exit(1)
449- specific_cves.add(cve)
450+ SPECIFIC_CVES.add(cve)
451
452-untriaged_json = ""
453+UNTRIAGED_JSON = ""
454 if args.untriaged:
455- untriaged_json = read_locate_cves_output(args.untriaged)
456- args.uris.append(untriaged_json)
457+ UNTRIAGED_JSON = read_locate_cves_output(args.untriaged)
458+ args.uris.append(UNTRIAGED_JSON)
459
460 if args.mbox:
461- untriaged_json = read_mbox_file(args.mbox)
462- args.uris.append(untriaged_json)
463+ UNTRIAGED_JSON = read_mbox_file(args.mbox)
464+ args.uris.append(UNTRIAGED_JSON)
465
466 rhel8oval_import_json = ""
467 if args.rhel8oval:
468- untriaged_json = read_rhel8oval_file(args.rhel8oval)
469- args.uris.append(untriaged_json)
470+ UNTRIAGED_JSON = read_rhel8oval_file(args.rhel8oval)
471+ args.uris.append(UNTRIAGED_JSON)
472
473 debian_import_json = ""
474 if (args.import_missing_debian or args.mistriaged) and handler.debian is not None:
475@@ -1483,8 +1481,8 @@ for uri in args.uris:
476 print('')
477
478 # Leaving our fake json around is icky
479-if os.path.exists(untriaged_json):
480- os.unlink(untriaged_json)
481+if os.path.exists(UNTRIAGED_JSON):
482+ os.unlink(UNTRIAGED_JSON)
483 if os.path.exists(debian_import_json):
484 os.unlink(debian_import_json)
485
486@@ -1508,7 +1506,7 @@ def refresh_cves(cve_refresh_list, full_refresh=True):
487 # Find the on-disk CVE file
488 cvefile = ""
489 for status in ['active', 'retired', 'ignored']:
490- check = f'{destdir}/{status}/{cve}'
491+ check = f'{DEST_DIR}/{status}/{cve}'
492 if os.path.exists(check):
493 cvefile = check
494 break
495@@ -1568,10 +1566,10 @@ def refresh_cves(cve_refresh_list, full_refresh=True):
496
497
498 if args.refresh or args.score_refresh:
499- if args.cve and specific_cves is not set():
500- cve_refresh_list = specific_cves
501+ if args.cve and SPECIFIC_CVES is not set():
502+ cve_refresh_list = SPECIFIC_CVES
503 else:
504- cve_refresh_list = CVEKnownList
505+ cve_refresh_list = cve_known_list
506
507 # with OptParse args.refresh and args.score_refresh will each
508 # either be True or None. We want full_refresh to be False when
509@@ -1590,12 +1588,12 @@ if experimental:
510 handler.display_command_file_usage(fout, '# ')
511
512 for cve in new_cves:
513- if args.cve and cve not in specific_cves:
514+ if args.cve and cve not in SPECIFIC_CVES:
515 # ignore this cve
516 continue
517 # if this got marked as mistriaged, probablistically choose it for
518 # processing
519- if mistriaged_hint in handler.cve_data[cve]['desc']:
520+ if MISTRIAGED_HINT in handler.cve_data[cve]['desc']:
521 if args.mistriaged == 0:
522 # ignore this one
523 continue

Subscribers

People subscribed via source and target branches