Ubuntu CVE Tracker

Merge ~rodrigo-zaiden/ubuntu-cve-tracker:check-syntax-fixup-devel-dne into ubuntu-cve-tracker:master

  1. Git
  2. lp:~rodrigo-zaiden/ubuntu-cve-tracker
  3. check-syntax-fixup-devel-dne
  4. Merge into master
Proposed by Rodrigo Figueiredo Zaiden
Status: Merged
Merged at revision: 854ff08197898270dc3b4a8cc31d59a0739d66aa
Proposed branch: ~rodrigo-zaiden/ubuntu-cve-tracker:check-syntax-fixup-devel-dne
Merge into: ubuntu-cve-tracker:master
Diff against target: 53 lines (+19/-7)
1 file modified
scripts/check-syntax-fixup (+19/-7)
Reviewer Review Type Date Requested Status
Ian Constantin Needs Fixing
Alex Murray Approve
Review via email: mp+430750@code.launchpad.net

Description of the change

When `./scripts/check-syntax` returns that a package does not exist in devel release, we should mark it as DNE to keep the devel line in the CVE file.

an example of the output with the proposed changes:
 package 'audacity' not in 'kinetic'
 active/CVE-2016-4472: 530: would delete this line
 active/CVE-2016-4472: 530: would insert 'devel_audacity: DNE'

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks for this!

review: Approve
Revision history for this message
Ian Constantin (iconstantin) wrote :

I believe:

     if 'DOES exist' or 'not in' in msg:

should be:

     if 'DOES exist' in msg or 'not in' in msg:

review: Needs Fixing
Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

Yeah, that is correct,
I noticed it later when using the script and already fixed on commit 84f05fb582e10fdc068d2147a9808473816b068c direct on master branch to avoid misuse.

Thanks for pointing it.

Revision history for this message
Ian Constantin (iconstantin) wrote :

Ah ok cool! Sorry did not check in UCT

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/check-syntax-fixup b/scripts/check-syntax-fixup
2index a38ad1e..64e3f2e 100755
3--- a/scripts/check-syntax-fixup
4+++ b/scripts/check-syntax-fixup
5@@ -59,6 +59,15 @@ def delete_from_file(filename: str, linenum: int, dryrun=False, verbose=False):
6 else:
7 print("%s: %d: would delete this line" % (os.path.relpath(filename), linenum))
8
9+def get_pkg_rel_from_msg(msg):
10+ parts = msg.split(" ")
11+ if 'DOES exist' or 'not in' in msg:
12+ pkg = parts[1].replace("'", "")
13+ rel = parts[-1].replace("'", "")
14+ else:
15+ pkg = parts[0]
16+ rel = parts[-1].replace("'", "")
17+ return pkg, rel
18
19 parser = argparse.ArgumentParser("Automatically fixup issues flagged by check-syntax")
20 parser.add_argument(
21@@ -111,13 +120,7 @@ for line in args.infile:
22 if "missing release" in msg or 'DOES exist' in msg:
23 # e.g. golang missing release 'gke/gke-1.19'
24 # e.g. package 'libextractor' DOES exist in 'trusty/esm'
25- parts = msg.split(" ")
26- if 'DOES exist' in msg:
27- pkg = parts[1].replace("'", "")
28- rel = parts[-1].replace("'", "")
29- else:
30- pkg = parts[0]
31- rel = parts[-1].replace("'", "")
32+ pkg, rel = get_pkg_rel_from_msg(msg)
33
34 # get status from the parent release if there is one
35 status = "needs-triage"
36@@ -161,8 +164,17 @@ for line in args.infile:
37 modified.append(cve)
38
39 elif "unknown package" in msg or "not in" in msg or "unknown release" in msg:
40+ pkg, rel = get_pkg_rel_from_msg(msg)
41+
42 # delete this line since
43 delete_from_file(cve, linenum, args.dry_run, args.verbose)
44+
45+ #if release is devel, we should add DNE instead of removing
46+ if rel == cve_lib.devel_release:
47+ rel = "devel"
48+ fixup = "{rel}_{pkg}: {status}\n".format(rel=rel, pkg=pkg, status="DNE")
49+ insert_into_file(cve, linenum, fixup, args.dry_run, args.verbose)
50+
51 modified.append(cve)
52 else:
53 # print unhandled lines

Subscribers

People subscribed via source and target branches