Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:aliases-in-triage into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. aliases-in-triage
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Rejected
Rejected by: David Fernandez Gonzalez
Proposed branch: ~litios/ubuntu-cve-tracker:aliases-in-triage
Merge into: ubuntu-cve-tracker:master
Diff against target: 55 lines (+23/-3)
2 files modified
scripts/active_edit (+8/-3)
scripts/check-cves (+15/-0)
Reviewer Review Type Date Requested Status
Alex Murray Pending
Steve Beattie Pending
Ubuntu Security Team Pending
Review via email: mp+437128@code.launchpad.net

Description of the change

When doing triage, if aliases are found for a subproject, add the right entries when creating the CVE.

Also in triage, include the aliases when trying to find the package in a subproject (in the "possibly affected" section)

To post a comment you must log in.
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Planning to do this the other way around, removing.

Unmerged commits

1f47bb0... by David Fernandez Gonzalez

Enable the use of aliases when triagging + include aliases in active_edit

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/active_edit b/scripts/active_edit
index 9d0df27..244f741 100755
--- a/scripts/active_edit
+++ b/scripts/active_edit
@@ -128,9 +128,14 @@ def _add_pkg(p, fp, fixed, parent, embargoed):
128 print('%s_%s: %s' % (rel, p, state), file=fp)128 print('%s_%s: %s' % (rel, p, state), file=fp)
129 # TODO: figure out how to store subproject details for embargoed CVEs129 # TODO: figure out how to store subproject details for embargoed CVEs
130 elif not embargoed:130 elif not embargoed:
131 # add this to subprojects for rel131 if 'aliases' in source[rel][p]:
132 with open(os.path.join(cve_lib.get_external_subproject_cve_dir(rel), cve), "a") as f:132 for alias in source[rel][p]['aliases']:
133 print('%s_%s: %s' % (rel, p, state), file=f)133 with open(os.path.join(cve_lib.get_external_subproject_cve_dir(rel), cve), "a") as f:
134 print('%s_%s: %s' % (rel, alias, state), file=f)
135 else:
136 # add this to subprojects for rel
137 with open(os.path.join(cve_lib.get_external_subproject_cve_dir(rel), cve), "a") as f:
138 print('%s_%s: %s' % (rel, p, state), file=f)
134139
135def add_pkg(p, fp, fixed, parent, embargoed):140def add_pkg(p, fp, fixed, parent, embargoed):
136 # skip packages which don't actually exist in any release141 # skip packages which don't actually exist in any release
diff --git a/scripts/check-cves b/scripts/check-cves
index 6eb9f58..093f58f 100755
--- a/scripts/check-cves
+++ b/scripts/check-cves
@@ -76,6 +76,17 @@ common_words = ['an', 'and', 'context', 'file', 'modules', 'the', 'when']
76allsrcs.difference_update(set(common_words))76allsrcs.difference_update(set(common_words))
77allsrcs.update(set(cve_lib.package_db.keys()))77allsrcs.update(set(cve_lib.package_db.keys()))
7878
79aliases = {}
80for rel in source:
81 aliases[rel] = {}
82 for pkg in source[rel]:
83 if 'aliases' in source[rel][pkg]:
84 for alias in source[rel][pkg]['aliases']:
85 if alias not in aliases[rel]:
86 aliases[rel][alias] = [pkg]
87 else:
88 aliases[rel][alias].append(pkg)
89
79built_using_map = None90built_using_map = None
8091
81destdir = "."92destdir = "."
@@ -887,6 +898,10 @@ class CVEHandler(xml.sax.handler.ContentHandler):
887 for hint in software_hints_from_cve_description:898 for hint in software_hints_from_cve_description:
888 if hint in source[subproject] and hint not in common_words:899 if hint in source[subproject] and hint not in common_words:
889 external_subprojects.setdefault(subproject, set()).add(hint)900 external_subprojects.setdefault(subproject, set()).add(hint)
901 elif hint in aliases[subproject] and hint not in common_words:
902 for pkg in aliases[subproject][hint]:
903 if pkg in source[subproject]:
904 external_subprojects.setdefault(subproject, set()).add(hint + ' (alias)')
890 return external_subprojects905 return external_subprojects
891906
892 def display_cve(self, cve, file=sys.stdout, line_prefix=None, wrap_desc=False):907 def display_cve(self, cve, file=sys.stdout, line_prefix=None, wrap_desc=False):

Subscribers

People subscribed via source and target branches