Launchpad itself

Merge ~jugmac00/launchpad:allow_limiting_uct_imports into launchpad:master

  1. Git
  2. lp:~jugmac00/launchpad
  3. allow_limiting_uct_imports
  4. Merge into master
Proposed by Jürgen Gmach
Status: Merged
Approved by: Jürgen Gmach
Approved revision: 9ba7fdfdea57839dc0b4fdbd4f5e3c2524a11356
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~jugmac00/launchpad:allow_limiting_uct_imports
Merge into: launchpad:master
Diff against target: 346 lines (+256/-53)
5 files modified
lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255 (+61/-0)
lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219 (+43/-0)
lib/lp/bugs/scripts/tests/test_uctimport.py (+88/-0)
lib/lp/bugs/scripts/uctimport.py (+63/-0)
scripts/uct-import.py (+1/-53)
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+436146@code.launchpad.net

Commit message

Enable filtering for UCTImports

To post a comment you must log in.
Revision history for this message
Jürgen Gmach (jugmac00) wrote :

Enable filtering for UCTImports

Revision history for this message
Colin Watson (cjwatson) :
review: Approve
Revision history for this message
Colin Watson (cjwatson) wrote :

Could you fix the commit message of this MP, since that will be used by the merge bot when landing this?

Revision history for this message
Jürgen Gmach (jugmac00) wrote :

Thanks for the review!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255 b/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255
2new file mode 100644
3index 0000000..db2403d
4--- /dev/null
5+++ b/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255
6@@ -0,0 +1,61 @@
7+PublicDate: 2007-01-16 23:28:00 UTC
8+Candidate: CVE-2007-0255
9+References:
10+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255
11+ http://xine.sourceforge.net/security
12+Description:
13+ XINE 0.99.4 allows user-assisted remote attackers to cause a denial of
14+ service (application crash) and possibly execute arbitrary code via a
15+ certain M3U file that contains a long #EXTINF line and contains format
16+ string specifiers in an invalid udp:// URI, possibly a variant of
17+ CVE-2007-0017.
18+Ubuntu-Description:
19+Notes:
20+ sbeattie> issue is unlisted on xine upstream website
21+Priority: medium
22+Bugs:
23+Discovered-by:
24+Assigned-to:
25+CVSS:
26+
27+Patches_xine-ui:
28+upstream_xine-ui: needs-triage
29+dapper_xine-ui: ignored (reached end-of-life)
30+edgy_xine-ui: needed (reached end-of-life)
31+feisty_xine-ui: needed (reached end-of-life)
32+gutsy_xine-ui: needed (reached end-of-life)
33+hardy_xine-ui: ignored (reached end-of-life)
34+intrepid_xine-ui: needed (reached end-of-life)
35+jaunty_xine-ui: ignored (reached end-of-life)
36+karmic_xine-ui: ignored (reached end-of-life)
37+lucid_xine-ui: ignored (reached end-of-life)
38+maverick_xine-ui: ignored (reached end-of-life)
39+natty_xine-ui: ignored (reached end-of-life)
40+oneiric_xine-ui: ignored (reached end-of-life)
41+precise_xine-ui: ignored (reached end-of-life)
42+precise/esm_xine-ui: DNE (precise was needed)
43+quantal_xine-ui: ignored (reached end-of-life)
44+raring_xine-ui: ignored (reached end-of-life)
45+saucy_xine-ui: ignored (reached end-of-life)
46+trusty_xine-ui: ignored (reached end-of-life)
47+trusty/esm_xine-ui: DNE (trusty was needed)
48+utopic_xine-ui: ignored (reached end-of-life)
49+vivid_xine-ui: ignored (reached end-of-life)
50+vivid/stable-phone-overlay_xine-ui: DNE
51+vivid/ubuntu-core_xine-ui: DNE
52+wily_xine-ui: ignored (reached end-of-life)
53+xenial_xine-ui: ignored (end of standard support, was needed)
54+yakkety_xine-ui: ignored (reached end-of-life)
55+zesty_xine-ui: ignored (reached end-of-life)
56+artful_xine-ui: ignored (reached end-of-life)
57+bionic_xine-ui: needed
58+cosmic_xine-ui: ignored (reached end-of-life)
59+disco_xine-ui: ignored (reached end-of-life)
60+eoan_xine-ui: ignored (reached end-of-life)
61+focal_xine-ui: needed
62+groovy_xine-ui: ignored (reached end-of-life)
63+hirsute_xine-ui: ignored (reached end-of-life)
64+impish_xine-ui: ignored (reached end-of-life)
65+jammy_xine-ui: needed
66+kinetic_xine-ui: needed
67+devel_xine-ui: needed
68\ No newline at end of file
69diff --git a/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219 b/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219
70new file mode 100644
71index 0000000..14aaa73
72--- /dev/null
73+++ b/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219
74@@ -0,0 +1,43 @@
75+Candidate: CVE-2022-3219
76+PublicDate: 2022-09-28
77+References:
78+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219
79+ https://access.redhat.com/security/cve/CVE-2022-3219
80+ https://marc.info/?l=oss-security&m=165696590211434&w=4
81+Description:
82+ gnupg: denial of service issue (resource consumption) using compressed
83+ packets
84+Ubuntu-Description:
85+Notes:
86+ mdeslaur> per the upstream gnupg bug, the change will not be applied
87+ mdeslaur> as of 2022-09-28, proposed patch has not been accepted by
88+ mdeslaur> upstream developers
89+Mitigation:
90+Bugs:
91+ https://dev.gnupg.org/T5993
92+Priority: low
93+Discovered-by:
94+Assigned-to:
95+CVSS:
96+
97+Patches_gnupg:
98+upstream_gnupg: needs-triage
99+esm-infra/xenial_gnupg: deferred (2022-09-28)
100+trusty_gnupg: ignored (out of standard support)
101+xenial_gnupg: ignored (out of standard support)
102+bionic_gnupg: DNE
103+focal_gnupg: DNE
104+jammy_gnupg: DNE
105+trusty/esm_gnupg: deferred (2022-09-28)
106+
107+Patches_gnupg2:
108+ other: https://dev.gnupg.org/D556
109+upstream_gnupg2: needs-triage
110+esm-infra/xenial_gnupg2: deferred (2022-09-28)
111+trusty_gnupg2: ignored (out of standard support)
112+xenial_gnupg2: ignored (end of standard support)
113+bionic_gnupg2: deferred (2022-09-28)
114+focal_gnupg2: deferred (2022-09-28)
115+jammy_gnupg2: deferred (2022-09-28)
116+kinetic_gnupg2: deferred (2022-09-28)
117+devel_gnupg2: deferred (2022-09-28)
118\ No newline at end of file
119diff --git a/lib/lp/bugs/scripts/tests/test_uctimport.py b/lib/lp/bugs/scripts/tests/test_uctimport.py
120new file mode 100644
121index 0000000..2e36bb5
122--- /dev/null
123+++ b/lib/lp/bugs/scripts/tests/test_uctimport.py
124@@ -0,0 +1,88 @@
125+from pathlib import Path
126+
127+from lp.testing import TestCase
128+from lp.testing.layers import LaunchpadZopelessLayer
129+from lp.testing.script import run_script
130+
131+
132+class TestUCTImportScript(TestCase):
133+ """Test the TestUCTImportScript class."""
134+
135+ layer = LaunchpadZopelessLayer
136+
137+ def test_no_path_given(self):
138+ """TestUCTImportScript errors when no path given"""
139+ exit_code, out, err = run_script(
140+ script="scripts/uct-import.py",
141+ args=[],
142+ )
143+ self.assertEqual(2, exit_code)
144+ self.assertEqual("", out)
145+ self.assertEqual(
146+ "Usage: uct-import.py [options] PATH\n\nuct-import.py: "
147+ "error: Please specify a path to import\n",
148+ err,
149+ )
150+
151+ def test_load_from_file(self):
152+ load_from = Path(__file__).parent / "sampledata" / "CVE-2022-23222"
153+ exit_code, out, err = run_script(
154+ script="scripts/uct-import.py",
155+ args=[str(load_from)],
156+ )
157+ self.assertEqual(0, exit_code)
158+ self.assertEqual("", out)
159+ self.assertIn("CVE-2022-23222 was imported successfully", err)
160+
161+ def test_load_from_directory(self):
162+ load_from = Path(__file__).parent / "sampledata"
163+ exit_code, out, err = run_script(
164+ script="scripts/uct-import.py",
165+ args=[str(load_from)],
166+ )
167+ self.assertEqual(0, exit_code)
168+ self.assertEqual("", out)
169+ self.assertIn("CVE-2007-0255 was imported successfully", err)
170+ self.assertIn("CVE-2022-3219 was imported successfully", err)
171+ self.assertIn("CVE-2022-23222 was imported successfully", err)
172+
173+ def test_dry_run_does_not_crash(self):
174+ load_from = Path(__file__).parent / "sampledata" / "CVE-2022-23222"
175+ exit_code, out, err = run_script(
176+ script="scripts/uct-import.py",
177+ args=[str(load_from), "--dry-run"],
178+ )
179+ self.assertEqual(0, exit_code)
180+ self.assertEqual("", out)
181+ self.assertRegex(err, r"^INFO Importing.*CVE-2022-23222.*")
182+
183+ def test_filter_cve(self):
184+ load_from = Path(__file__).parent / "sampledata"
185+ exit_code, out, err = run_script(
186+ script="scripts/uct-import.py",
187+ args=[str(load_from), "--filter", "2007*"],
188+ )
189+ self.assertEqual(0, exit_code)
190+ self.assertEqual("", out)
191+ self.assertNotIn("CVE-2022-23222 was imported successfully", err)
192+ self.assertIn("CVE-2007-0255 was imported successfully", err)
193+
194+ exit_code, out, err = run_script(
195+ script="scripts/uct-import.py",
196+ args=[str(load_from), "--filter", "2022*"],
197+ )
198+ self.assertEqual(0, exit_code)
199+ self.assertEqual("", out)
200+ self.assertIn("CVE-2022-23222 was imported successfully", err)
201+ self.assertIn("CVE-2022-3219 was imported successfully", err)
202+ self.assertNotIn("CVE-2007-0255 was imported successfully", err)
203+
204+ exit_code, out, err = run_script(
205+ script="scripts/uct-import.py",
206+ args=[str(load_from), "--filter", "20[02][27]*"],
207+ )
208+ self.assertEqual(0, exit_code)
209+ self.assertEqual("", out)
210+ self.assertIn("CVE-2022-23222 was imported successfully", err)
211+ self.assertIn("CVE-2022-3219 was imported successfully", err)
212+ self.assertIn("CVE-2007-0255 was imported successfully", err)
213diff --git a/lib/lp/bugs/scripts/uctimport.py b/lib/lp/bugs/scripts/uctimport.py
214new file mode 100644
215index 0000000..aed11c3
216--- /dev/null
217+++ b/lib/lp/bugs/scripts/uctimport.py
218@@ -0,0 +1,63 @@
219+import logging
220+from pathlib import Path
221+
222+from lp.app.validators.cve import CVEREF_PATTERN
223+from lp.bugs.scripts.uct import UCTImporter
224+from lp.services.scripts.base import LaunchpadScript
225+
226+logger = logging.getLogger(__name__)
227+
228+
229+class UCTImportScript(LaunchpadScript):
230+ """CLI for UCTImport
231+
232+ Command line options:
233+ The filter option takes a glob-style pattern.
234+ Example: `2007*` filters all CVEs from the year 2007.
235+ """
236+
237+ usage = "usage: %prog [options] PATH"
238+ description = (
239+ "Import bugs into Launchpad from CVE entries in ubuntu-cve-tracker. "
240+ "PATH is either path to a CVE file, or path to a directory "
241+ "containing the CVE files."
242+ )
243+ loglevel = logging.INFO
244+
245+ def add_my_options(self):
246+ self.parser.add_option(
247+ "--dry-run",
248+ action="store_true",
249+ dest="dry_run",
250+ default=False,
251+ help="Don't commit changes to the DB.",
252+ )
253+ self.parser.add_option(
254+ "--filter",
255+ action="store",
256+ dest="filter",
257+ default="*",
258+ help="Apply given glob-style pattern to filter CVEs.",
259+ )
260+
261+ def main(self):
262+ if len(self.args) != 1:
263+ self.parser.error("Please specify a path to import")
264+ path = Path(self.args[0])
265+ if path.is_dir():
266+ logger.info(
267+ "Importing CVE files from directory: %s", path.resolve()
268+ )
269+ cve_paths = sorted(
270+ p
271+ for p in path.rglob("CVE-%s" % self.options.filter)
272+ if p.is_file() and CVEREF_PATTERN.match(p.name)
273+ )
274+ if not cve_paths:
275+ logger.warning("Could not find CVE files in %s", path)
276+ return
277+ else:
278+ cve_paths = [path]
279+ importer = UCTImporter(dry_run=self.options.dry_run)
280+ for cve_path in cve_paths:
281+ importer.import_cve_from_file(cve_path)
282diff --git a/scripts/uct-import.py b/scripts/uct-import.py
283index 489d6ea..9ade412 100755
284--- a/scripts/uct-import.py
285+++ b/scripts/uct-import.py
286@@ -4,59 +4,7 @@
287 # GNU Affero General Public License version 3 (see the file LICENSE).
288 import _pythonpath # noqa: F401
289
290-import logging
291-from pathlib import Path
292-
293-from lp.app.validators.cve import CVEREF_PATTERN
294-from lp.bugs.scripts.uct import UCTImporter
295-from lp.services.scripts.base import LaunchpadScript
296-
297-logger = logging.getLogger(__name__)
298-
299-
300-class UCTImportScript(LaunchpadScript):
301-
302- usage = "usage: %prog [options] PATH"
303- description = (
304- "Import bugs into Launchpad from CVE entries in ubuntu-cve-tracker. "
305- "PATH is either path to a CVE file, or path to a directory "
306- "containing the CVE files"
307- )
308- loglevel = logging.INFO
309-
310- def add_my_options(self):
311- self.parser.add_option(
312- "--dry-run",
313- action="store_true",
314- dest="dry_run",
315- default=False,
316- help="Don't commit changes to the DB.",
317- )
318-
319- def main(self):
320- if len(self.args) != 1:
321- self.parser.error("Please specify a path to import")
322-
323- path = Path(self.args[0])
324- if path.is_dir():
325- logger.info(
326- "Importing CVE files from directory: %s", path.resolve()
327- )
328- cve_paths = sorted(
329- p
330- for p in path.rglob("CVE-*")
331- if p.is_file() and CVEREF_PATTERN.match(p.name)
332- )
333- if not cve_paths:
334- logger.warning("Could not find CVE files in %s", path)
335- return
336- else:
337- cve_paths = [path]
338-
339- importer = UCTImporter(dry_run=self.options.dry_run)
340- for cve_path in cve_paths:
341- importer.import_cve_from_file(cve_path)
342-
343+from lp.bugs.scripts.uctimport import UCTImportScript
344
345 if __name__ == "__main__":
346 script = UCTImportScript("lp.services.scripts.uctimport")

Subscribers

People subscribed via source and target branches

to status/vote changes: