Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:oval-refactor-fixed-only into ubuntu-cve-tracker:master

  1. Git
  2. lp:~litios/ubuntu-cve-tracker
  3. oval-refactor-fixed-only
  4. Merge into master
Proposed by David Fernandez Gonzalez
Status: Merged
Merged at revision: 90f0b3c350c327c8dfe1455c4b5d28f8a41aae4d
Proposed branch: ~litios/ubuntu-cve-tracker:oval-refactor-fixed-only
Merge into: ubuntu-cve-tracker:master
Diff against target: 38 lines (+8/-5)
1 file modified
scripts/oval_lib.py (+8/-5)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+447165@code.launchpad.net

Description of the change

This change refactors the logic around how to process the fixed-only flag.

Also, this fixes a bug regarding kernel packages that would list vulnerable CVEs even with the fixed-only flag.

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks for the quick fix

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/oval_lib.py b/scripts/oval_lib.py
index ea2b14b..20f452e 100644
--- a/scripts/oval_lib.py
+++ b/scripts/oval_lib.py
@@ -455,9 +455,7 @@ class CVE:
455 self.pkg_rel_entries = {}455 self.pkg_rel_entries = {}
456 self.pkgs = pkgs456 self.pkgs = pkgs
457457
458 def add_pkg(self, pkg_object, release, state, note):458 def add_pkg(self, pkg_object, cve_pkg_entry):
459 cve_pkg_entry = CVEPkgRelEntry(pkg_object, release, self, state, note)
460
461 if cve_pkg_entry.status in ['not-vulnerable', 'not-applicable']:459 if cve_pkg_entry.status in ['not-vulnerable', 'not-applicable']:
462 return460 return
463461
@@ -1005,7 +1003,7 @@ class OvalGeneratorPkg(OvalGenerator):
10051003
1006 for cve in package.cves:1004 for cve in package.cves:
1007 pkg_rel_entry = cve.pkg_rel_entries[package.name]1005 pkg_rel_entry = cve.pkg_rel_entries[package.name]
1008 if pkg_rel_entry.status == 'vulnerable' and not self.fixed_only:1006 if pkg_rel_entry.status == 'vulnerable':
1009 cve_added = True1007 cve_added = True
1010 if one_time_added_id:1008 if one_time_added_id:
1011 self._add_criterion(one_time_added_id, pkg_rel_entry, cve, definition_element)1009 self._add_criterion(one_time_added_id, pkg_rel_entry, cve, definition_element)
@@ -1086,7 +1084,12 @@ class OvalGeneratorPkg(OvalGenerator):
1086 packages[package_name] = pkg_obj1084 packages[package_name] = pkg_obj
10871085
1088 pkg_obj = packages[package_name]1086 pkg_obj = packages[package_name]
1089 cve.add_pkg(pkg_obj, release, cve_data['pkgs'][package_name][release][0],cve_data['pkgs'][package_name][release][1])1087 cve_pkg_entry = CVEPkgRelEntry(pkg_obj, release, cve, cve_data['pkgs'][package_name][release][0], cve_data['pkgs'][package_name][release][1])
1088
1089 if cve_pkg_entry.status != 'fixed' and self.fixed_only:
1090 return
1091
1092 cve.add_pkg(pkg_obj, cve_pkg_entry)
10901093
1091 def _load_pkgs(self, cve_prefix_dir, packages_filter=None) -> None:1094 def _load_pkgs(self, cve_prefix_dir, packages_filter=None) -> None:
1092 cve_lib.load_external_subprojects()1095 cve_lib.load_external_subprojects()

Subscribers

People subscribed via source and target branches