Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:aliases-only-affected-series into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. aliases-only-affected-series
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merge reported by: David Fernandez Gonzalez
Merged at revision: 1343c082077c4961402967509e982b393e4288fd
Proposed branch: ~litios/ubuntu-cve-tracker:aliases-only-affected-series
Merge into: ubuntu-cve-tracker:master
Diff against target: 116 lines (+53/-35)
1 file modified
scripts/check-syntax (+53/-35)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+437787@code.launchpad.net

Description of the change

For subprojects, we shouldn't add a CVE entry if that series was never in the $UCT CVE (for non-active CVEs)

To post a comment you must log in.
~litios/ubuntu-cve-tracker:aliases-only-affected-series updated
1343c08... by David Fernandez Gonzalez

Don't add CVEs in ignored to subprojects

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/check-syntax b/scripts/check-syntax
index 3e3ecd4..d25d376 100755
--- a/scripts/check-syntax
+++ b/scripts/check-syntax
@@ -447,58 +447,76 @@ for cve in args:
447 nearby_rel = list(listed_releases)[0]447 nearby_rel = list(listed_releases)[0]
448 aliases_releases = set()448 aliases_releases = set()
449449
450 listed_series = set()
451 for rel in listed_releases:
452 if rel not in cve_lib.subprojects and rel != 'upstream':
453 listed_series.add(rel)
454
450 # Check aliases455 # Check aliases
451 for rel in all_required_releases:456 for rel in all_required_releases:
452 if rel in cve_lib.external_releases and 'boilerplates' in cvepath:457 if rel in cve_lib.external_releases and 'boilerplates' in cvepath:
453 continue458 continue
454459
455 if rel in source:460 if rel in source:
456 aliases_or_generics = False461 skip_aliases_generics = False
457 pkgs_from_aliases = get_pkgs_from_aliases(source, aliases_cache, pkg, rel)462 if not 'soss' in rel:
458 if pkgs_from_aliases:463 _, series = cve_lib.product_series(rel)
459 aliases_or_generics = True464 # If the series is not listed in the original CVE,
460 aliases_releases.add(rel)465 # we won't create the CVE in the subproject.
461466 if not is_active(cve) and series not in listed_series:
462 for pkg_alias in pkgs_from_aliases:467 skip_aliases_generics = True
463 if pkg_alias not in data["pkgs"].keys():468
464 filename = srcmap["pkgs"][pkg][nearby_rel][0]469 # We are not adding CVEs in ignored.
465 linenum = srcmap["pkgs"][pkg][nearby_rel][1]470 if "ignored/" in cvepath:
466 print(471 skip_aliases_generics = True
467 "%s: %d: %s missing release '%s'"472
468 # put the error on a line near where this entry should go473 if not skip_aliases_generics:
469 % (filename, linenum, pkg_alias, rel),474 aliases_or_generics = False
470 file=sys.stderr,475 pkgs_from_aliases = get_pkgs_from_aliases(source, aliases_cache, pkg, rel)
471 )476 if pkgs_from_aliases:
472 cve_okay = False
473 else:
474 pkgs_from_generic = get_pkgs_from_generic(source, generics_cache, pkg, rel)
475 if pkgs_from_generic:
476 aliases_or_generics = True477 aliases_or_generics = True
477 aliases_releases.add(rel)478 aliases_releases.add(rel)
478 for curr_pkg in pkgs_from_generic:479
479 if curr_pkg not in data["pkgs"].keys():480 for pkg_alias in pkgs_from_aliases:
481 if pkg_alias not in data["pkgs"].keys():
480 filename = srcmap["pkgs"][pkg][nearby_rel][0]482 filename = srcmap["pkgs"][pkg][nearby_rel][0]
481 linenum = srcmap["pkgs"][pkg][nearby_rel][1]483 linenum = srcmap["pkgs"][pkg][nearby_rel][1]
482 print(484 print(
483 "%s: %d: %s missing release '%s'"485 "%s: %d: %s missing release '%s'"
484 # put the error on a line near where this entry should go486 # put the error on a line near where this entry should go
485 % (filename, linenum, curr_pkg, rel),487 % (filename, linenum, pkg_alias, rel),
486 file=sys.stderr,488 file=sys.stderr,
487 )489 )
488 cve_okay = False490 cve_okay = False
491 else:
492 pkgs_from_generic = get_pkgs_from_generic(source, generics_cache, pkg, rel)
493 if pkgs_from_generic:
494 aliases_or_generics = True
495 aliases_releases.add(rel)
496 for curr_pkg in pkgs_from_generic:
497 if curr_pkg not in data["pkgs"].keys():
498 filename = srcmap["pkgs"][pkg][nearby_rel][0]
499 linenum = srcmap["pkgs"][pkg][nearby_rel][1]
500 print(
501 "%s: %d: %s missing release '%s'"
502 # put the error on a line near where this entry should go
503 % (filename, linenum, curr_pkg, rel),
504 file=sys.stderr,
505 )
506 cve_okay = False
489507
490 # This package-release uses aliases or generic names,508 # This package-release uses aliases or generic names,
491 # it shouldn't be listed509 # it shouldn't be listed
492 if aliases_or_generics:510 if aliases_or_generics:
493 if rel in listed_releases and pkg \511 if rel in listed_releases and pkg \
494 not in pkgs_from_aliases:512 not in pkgs_from_aliases:
495 filename = srcmap["pkgs"][pkg][nearby_rel][0]513 filename = srcmap["pkgs"][pkg][nearby_rel][0]
496 linenum = srcmap["pkgs"][pkg][nearby_rel][1]514 linenum = srcmap["pkgs"][pkg][nearby_rel][1]
497 print(515 print(
498 "%s: %d: package '%s' not in '%s'"516 "%s: %d: package '%s' not in '%s'"
499 % (filename, linenum, pkg, rel),517 % (filename, linenum, pkg, rel),
500 file=sys.stderr,518 file=sys.stderr,
501 )519 )
502 missing_releases = all_required_releases - listed_releases - aliases_releases520 missing_releases = all_required_releases - listed_releases - aliases_releases
503 nearby_rel = list(listed_releases - missing_releases)[0]521 nearby_rel = list(listed_releases - missing_releases)[0]
504 for rel in missing_releases:522 for rel in missing_releases:

Subscribers

People subscribed via source and target branches