Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:oval-refactor-fixed-only into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. oval-refactor-fixed-only
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merged at revision: 90f0b3c350c327c8dfe1455c4b5d28f8a41aae4d
Proposed branch: ~litios/ubuntu-cve-tracker:oval-refactor-fixed-only
Merge into: ubuntu-cve-tracker:master
Diff against target: 38 lines (+8/-5)
1 file modified
scripts/oval_lib.py (+8/-5)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+447165@code.launchpad.net

Description of the change

This change refactors the logic around how to process the fixed-only flag.

Also, this fixes a bug regarding kernel packages that would list vulnerable CVEs even with the fixed-only flag.

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks for the quick fix

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/oval_lib.py b/scripts/oval_lib.py
2index ea2b14b..20f452e 100644
3--- a/scripts/oval_lib.py
4+++ b/scripts/oval_lib.py
5@@ -455,9 +455,7 @@ class CVE:
6 self.pkg_rel_entries = {}
7 self.pkgs = pkgs
8
9- def add_pkg(self, pkg_object, release, state, note):
10- cve_pkg_entry = CVEPkgRelEntry(pkg_object, release, self, state, note)
11-
12+ def add_pkg(self, pkg_object, cve_pkg_entry):
13 if cve_pkg_entry.status in ['not-vulnerable', 'not-applicable']:
14 return
15
16@@ -1005,7 +1003,7 @@ class OvalGeneratorPkg(OvalGenerator):
17
18 for cve in package.cves:
19 pkg_rel_entry = cve.pkg_rel_entries[package.name]
20- if pkg_rel_entry.status == 'vulnerable' and not self.fixed_only:
21+ if pkg_rel_entry.status == 'vulnerable':
22 cve_added = True
23 if one_time_added_id:
24 self._add_criterion(one_time_added_id, pkg_rel_entry, cve, definition_element)
25@@ -1086,7 +1084,12 @@ class OvalGeneratorPkg(OvalGenerator):
26 packages[package_name] = pkg_obj
27
28 pkg_obj = packages[package_name]
29- cve.add_pkg(pkg_obj, release, cve_data['pkgs'][package_name][release][0],cve_data['pkgs'][package_name][release][1])
30+ cve_pkg_entry = CVEPkgRelEntry(pkg_obj, release, cve, cve_data['pkgs'][package_name][release][0], cve_data['pkgs'][package_name][release][1])
31+
32+ if cve_pkg_entry.status != 'fixed' and self.fixed_only:
33+ return
34+
35+ cve.add_pkg(pkg_obj, cve_pkg_entry)
36
37 def _load_pkgs(self, cve_prefix_dir, packages_filter=None) -> None:
38 cve_lib.load_external_subprojects()

Subscribers

People subscribed via source and target branches