Ubuntu CVE Tracker

Merge ~pfsmorigo/ubuntu-cve-tracker:pfsmorigo/pocket_field_for_publish_cves into ubuntu-cve-tracker:master

  1. Git
  2. lp:~pfsmorigo/ubuntu-cve-tracker
  3. pfsmorigo/pocket_field_for_publish_cves
  4. Merge into master
Proposed by Paulo Flabiano Smorigo
Status: Merged
Merged at revision: a4f35692b4ff2a9d65758b18b4e16a53aae4d134
Proposed branch: ~pfsmorigo/ubuntu-cve-tracker:pfsmorigo/pocket_field_for_publish_cves
Merge into: ubuntu-cve-tracker:master
Diff against target: 149 lines (+30/-3)
7 files modified
scripts/publish-cves-to-website-api.py (+11/-2)
test/website_api/use_esm_status_for_eol_releases.json (+2/-0)
test/website_api/use_esm_status_if_esm_release (+2/-0)
test/website_api/use_esm_status_if_esm_release.json (+8/-1)
test/website_api/use_public_status_for_no_eol_releases.json (+2/-0)
test/website_api/use_public_status_if_public_release.json (+3/-0)
test/website_api/use_ros-esm_status.json (+2/-0)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+444872@code.launchpad.net

Description of the change

This commit adds the pocket field to the payload we send to the web api. More info in:
https://warthogs.atlassian.net/browse/SEC-1905

Basically checks if it's a product release and use the pocket for it, otherwise will be "security".

The field is already in place and working. I tested with one of our CVEs as you can see here:
https://ubuntu.com/security/cves/CVE-2023-28370.json

Also, more tests where added in order to test this change.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM but I wonder if the code which extracts the pocket from the release needs to be a bit more stricter.

review: Approve
Revision history for this message
Paulo Flabiano Smorigo (pfsmorigo) wrote :

Hey Alex, I'll soon create another PR to include other possible pockets, like fips, after I have clear view about what we want. I'll try to follow your suggestion.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/publish-cves-to-website-api.py b/scripts/publish-cves-to-website-api.py
index 99c95b9..aa80880 100755
--- a/scripts/publish-cves-to-website-api.py
+++ b/scripts/publish-cves-to-website-api.py
@@ -114,6 +114,7 @@ def post_single_cve(cve_filename):
114114
115 for codename in cve_lib.releases + ["upstream"]:115 for codename in cve_lib.releases + ["upstream"]:
116 status = None116 status = None
117 pocket = "security"
117118
118 # Set the public release first119 # Set the public release first
119 if codename in cve_data["pkgs"][pkg]:120 if codename in cve_data["pkgs"][pkg]:
@@ -121,12 +122,19 @@ def post_single_cve(cve_filename):
121122
122 if status and status[0] != "released" and codename in cve_lib.get_active_releases_with_esm():123 if status and status[0] != "released" and codename in cve_lib.get_active_releases_with_esm():
123 # Check for possible product statuses124 # Check for possible product statuses
124 for release in [codename + "/esm", "esm-infra/" + codename,125 for release in [
125 "esm-apps/" + codename, "ros-esm/" + codename, codename]:126 codename + "/esm",
127 "esm-infra/" + codename,
128 "esm-apps/" + codename,
129 "ros-esm/" + codename,
130 codename]:
126 if release in cve_data["pkgs"][pkg]:131 if release in cve_data["pkgs"][pkg]:
127 esm_status = cve_data["pkgs"][pkg][release]132 esm_status = cve_data["pkgs"][pkg][release]
128 # Use the ESM status if there is an ESM release or release is EOL133 # Use the ESM status if there is an ESM release or release is EOL
129 if esm_status[0] == "released" or codename in cve_lib.eol_releases:134 if esm_status[0] == "released" or codename in cve_lib.eol_releases:
135 if esm_status[0] == "released" and "esm" in release:
136 pocket = "esm-infra" if codename == "trusty" \
137 else release.split("/")[0]
130 status = esm_status138 status = esm_status
131 break139 break
132140
@@ -136,6 +144,7 @@ def post_single_cve(cve_filename):
136 "release_codename": codename,144 "release_codename": codename,
137 "status": status[0],145 "status": status[0],
138 "description": status[1],146 "description": status[1],
147 "pocket": pocket,
139 }148 }
140 )149 )
141 package = {150 package = {
diff --git a/test/website_api/use_esm_status_for_eol_releases.json b/test/website_api/use_esm_status_for_eol_releases.json
index 4dc91aa..095e819 100644
--- a/test/website_api/use_esm_status_for_eol_releases.json
+++ b/test/website_api/use_esm_status_for_eol_releases.json
@@ -8,9 +8,11 @@
8 "name": "package",8 "name": "package",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "source": "https://launchpad.net/ubuntu/+source/package",
10 "statuses": [{"description": "",10 "statuses": [{"description": "",
11 "pocket": "security",
11 "release_codename": "trusty",12 "release_codename": "trusty",
12 "status": "needed"},13 "status": "needed"},
13 {"description": "",14 {"description": "",
15 "pocket": "security",
14 "release_codename": "upstream",16 "release_codename": "upstream",
15 "status": "needs-triage"}],17 "status": "needs-triage"}],
16 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],
diff --git a/test/website_api/use_esm_status_if_esm_release b/test/website_api/use_esm_status_if_esm_release
index 9281cbb..80cf454 100644
--- a/test/website_api/use_esm_status_if_esm_release
+++ b/test/website_api/use_esm_status_if_esm_release
@@ -18,6 +18,8 @@ CVSS:
1818
19Patches_package:19Patches_package:
20upstream_package: needs-triage20upstream_package: needs-triage
21trusty_package: needs-triage
22trusty/esm_package: released (1.0.0~esm1)
21focal_package: needs-triage23focal_package: needs-triage
22esm-apps/focal_package: released (1.2.3~esm1)24esm-apps/focal_package: released (1.2.3~esm1)
23jammy_package: needed25jammy_package: needed
diff --git a/test/website_api/use_esm_status_if_esm_release.json b/test/website_api/use_esm_status_if_esm_release.json
index b198bd5..4ea6d3f 100644
--- a/test/website_api/use_esm_status_if_esm_release.json
+++ b/test/website_api/use_esm_status_if_esm_release.json
@@ -7,13 +7,20 @@
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",
8 "name": "package",8 "name": "package",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "source": "https://launchpad.net/ubuntu/+source/package",
10 "statuses": [{"description": "1.2.3~esm1",10 "statuses": [{"description": "1.0.0~esm1",
11 "pocket": "esm-infra",
12 "release_codename": "trusty",
13 "status": "released"},
14 {"description": "1.2.3~esm1",
15 "pocket": "esm-apps",
11 "release_codename": "focal",16 "release_codename": "focal",
12 "status": "released"},17 "status": "released"},
13 {"description": "1.2.4~esm1",18 {"description": "1.2.4~esm1",
19 "pocket": "esm-apps",
14 "release_codename": "jammy",20 "release_codename": "jammy",
15 "status": "released"},21 "status": "released"},
16 {"description": "",22 {"description": "",
23 "pocket": "security",
17 "release_codename": "upstream",24 "release_codename": "upstream",
18 "status": "needs-triage"}],25 "status": "needs-triage"}],
19 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],26 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],
diff --git a/test/website_api/use_public_status_for_no_eol_releases.json b/test/website_api/use_public_status_for_no_eol_releases.json
index 4eff239..0ea071c 100644
--- a/test/website_api/use_public_status_for_no_eol_releases.json
+++ b/test/website_api/use_public_status_for_no_eol_releases.json
@@ -8,9 +8,11 @@
8 "name": "package",8 "name": "package",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "source": "https://launchpad.net/ubuntu/+source/package",
10 "statuses": [{"description": "",10 "statuses": [{"description": "",
11 "pocket": "security",
11 "release_codename": "jammy",12 "release_codename": "jammy",
12 "status": "needed"},13 "status": "needed"},
13 {"description": "",14 {"description": "",
15 "pocket": "security",
14 "release_codename": "upstream",16 "release_codename": "upstream",
15 "status": "needs-triage"}],17 "status": "needs-triage"}],
16 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],
diff --git a/test/website_api/use_public_status_if_public_release.json b/test/website_api/use_public_status_if_public_release.json
index ffcd35e..e813ffa 100644
--- a/test/website_api/use_public_status_if_public_release.json
+++ b/test/website_api/use_public_status_if_public_release.json
@@ -8,12 +8,15 @@
8 "name": "package",8 "name": "package",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "source": "https://launchpad.net/ubuntu/+source/package",
10 "statuses": [{"description": "1.2.3",10 "statuses": [{"description": "1.2.3",
11 "pocket": "security",
11 "release_codename": "trusty",12 "release_codename": "trusty",
12 "status": "released"},13 "status": "released"},
13 {"description": "4.5.6",14 {"description": "4.5.6",
15 "pocket": "security",
14 "release_codename": "jammy",16 "release_codename": "jammy",
15 "status": "released"},17 "status": "released"},
16 {"description": "",18 {"description": "",
19 "pocket": "security",
17 "release_codename": "upstream",20 "release_codename": "upstream",
18 "status": "needs-triage"}],21 "status": "needs-triage"}],
19 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],22 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],
diff --git a/test/website_api/use_ros-esm_status.json b/test/website_api/use_ros-esm_status.json
index 199d4ce..6588aa7 100644
--- a/test/website_api/use_ros-esm_status.json
+++ b/test/website_api/use_ros-esm_status.json
@@ -8,9 +8,11 @@
8 "name": "package",8 "name": "package",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "source": "https://launchpad.net/ubuntu/+source/package",
10 "statuses": [{"description": "1.2.3",10 "statuses": [{"description": "1.2.3",
11 "pocket": "ros-esm",
11 "release_codename": "bionic",12 "release_codename": "bionic",
12 "status": "released"},13 "status": "released"},
13 {"description": "",14 {"description": "",
15 "pocket": "security",
14 "release_codename": "upstream",16 "release_codename": "upstream",
15 "status": "needs-triage"}],17 "status": "needs-triage"}],
16 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],

Subscribers

People subscribed via source and target branches