Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:aliases-only-affected-series into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. aliases-only-affected-series
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merge reported by: David Fernandez Gonzalez
Merged at revision: 1343c082077c4961402967509e982b393e4288fd
Proposed branch: ~litios/ubuntu-cve-tracker:aliases-only-affected-series
Merge into: ubuntu-cve-tracker:master
Diff against target: 116 lines (+53/-35)
1 file modified
scripts/check-syntax (+53/-35)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+437787@code.launchpad.net

Description of the change

For subprojects, we shouldn't add a CVE entry if that series was never in the $UCT CVE (for non-active CVEs)

To post a comment you must log in.
~litios/ubuntu-cve-tracker:aliases-only-affected-series updated
1343c08... by David Fernandez Gonzalez

Don't add CVEs in ignored to subprojects

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-syntax b/scripts/check-syntax
2index 3e3ecd4..d25d376 100755
3--- a/scripts/check-syntax
4+++ b/scripts/check-syntax
5@@ -447,58 +447,76 @@ for cve in args:
6 nearby_rel = list(listed_releases)[0]
7 aliases_releases = set()
8
9+ listed_series = set()
10+ for rel in listed_releases:
11+ if rel not in cve_lib.subprojects and rel != 'upstream':
12+ listed_series.add(rel)
13+
14 # Check aliases
15 for rel in all_required_releases:
16 if rel in cve_lib.external_releases and 'boilerplates' in cvepath:
17 continue
18
19 if rel in source:
20- aliases_or_generics = False
21- pkgs_from_aliases = get_pkgs_from_aliases(source, aliases_cache, pkg, rel)
22- if pkgs_from_aliases:
23- aliases_or_generics = True
24- aliases_releases.add(rel)
25-
26- for pkg_alias in pkgs_from_aliases:
27- if pkg_alias not in data["pkgs"].keys():
28- filename = srcmap["pkgs"][pkg][nearby_rel][0]
29- linenum = srcmap["pkgs"][pkg][nearby_rel][1]
30- print(
31- "%s: %d: %s missing release '%s'"
32- # put the error on a line near where this entry should go
33- % (filename, linenum, pkg_alias, rel),
34- file=sys.stderr,
35- )
36- cve_okay = False
37- else:
38- pkgs_from_generic = get_pkgs_from_generic(source, generics_cache, pkg, rel)
39- if pkgs_from_generic:
40+ skip_aliases_generics = False
41+ if not 'soss' in rel:
42+ _, series = cve_lib.product_series(rel)
43+ # If the series is not listed in the original CVE,
44+ # we won't create the CVE in the subproject.
45+ if not is_active(cve) and series not in listed_series:
46+ skip_aliases_generics = True
47+
48+ # We are not adding CVEs in ignored.
49+ if "ignored/" in cvepath:
50+ skip_aliases_generics = True
51+
52+ if not skip_aliases_generics:
53+ aliases_or_generics = False
54+ pkgs_from_aliases = get_pkgs_from_aliases(source, aliases_cache, pkg, rel)
55+ if pkgs_from_aliases:
56 aliases_or_generics = True
57 aliases_releases.add(rel)
58- for curr_pkg in pkgs_from_generic:
59- if curr_pkg not in data["pkgs"].keys():
60+
61+ for pkg_alias in pkgs_from_aliases:
62+ if pkg_alias not in data["pkgs"].keys():
63 filename = srcmap["pkgs"][pkg][nearby_rel][0]
64 linenum = srcmap["pkgs"][pkg][nearby_rel][1]
65 print(
66 "%s: %d: %s missing release '%s'"
67 # put the error on a line near where this entry should go
68- % (filename, linenum, curr_pkg, rel),
69+ % (filename, linenum, pkg_alias, rel),
70 file=sys.stderr,
71 )
72 cve_okay = False
73+ else:
74+ pkgs_from_generic = get_pkgs_from_generic(source, generics_cache, pkg, rel)
75+ if pkgs_from_generic:
76+ aliases_or_generics = True
77+ aliases_releases.add(rel)
78+ for curr_pkg in pkgs_from_generic:
79+ if curr_pkg not in data["pkgs"].keys():
80+ filename = srcmap["pkgs"][pkg][nearby_rel][0]
81+ linenum = srcmap["pkgs"][pkg][nearby_rel][1]
82+ print(
83+ "%s: %d: %s missing release '%s'"
84+ # put the error on a line near where this entry should go
85+ % (filename, linenum, curr_pkg, rel),
86+ file=sys.stderr,
87+ )
88+ cve_okay = False
89
90- # This package-release uses aliases or generic names,
91- # it shouldn't be listed
92- if aliases_or_generics:
93- if rel in listed_releases and pkg \
94- not in pkgs_from_aliases:
95- filename = srcmap["pkgs"][pkg][nearby_rel][0]
96- linenum = srcmap["pkgs"][pkg][nearby_rel][1]
97- print(
98- "%s: %d: package '%s' not in '%s'"
99- % (filename, linenum, pkg, rel),
100- file=sys.stderr,
101- )
102+ # This package-release uses aliases or generic names,
103+ # it shouldn't be listed
104+ if aliases_or_generics:
105+ if rel in listed_releases and pkg \
106+ not in pkgs_from_aliases:
107+ filename = srcmap["pkgs"][pkg][nearby_rel][0]
108+ linenum = srcmap["pkgs"][pkg][nearby_rel][1]
109+ print(
110+ "%s: %d: package '%s' not in '%s'"
111+ % (filename, linenum, pkg, rel),
112+ file=sys.stderr,
113+ )
114 missing_releases = all_required_releases - listed_releases - aliases_releases
115 nearby_rel = list(listed_releases - missing_releases)[0]
116 for rel in missing_releases:

Subscribers

People subscribed via source and target branches