Ubuntu CVE Tracker

Merge ~rodrigo-zaiden/ubuntu-cve-tracker:check-syntax-fixup-devel-dne into ubuntu-cve-tracker:master

  1. Git
  2. lp:~rodrigo-zaiden/ubuntu-cve-tracker
  3. check-syntax-fixup-devel-dne
  4. Merge into master
Proposed by Rodrigo Figueiredo Zaiden
Status: Merged
Merged at revision: 854ff08197898270dc3b4a8cc31d59a0739d66aa
Proposed branch: ~rodrigo-zaiden/ubuntu-cve-tracker:check-syntax-fixup-devel-dne
Merge into: ubuntu-cve-tracker:master
Diff against target: 53 lines (+19/-7)
1 file modified
scripts/check-syntax-fixup (+19/-7)
Reviewer Review Type Date Requested Status
Ian Constantin Needs Fixing
Alex Murray Approve
Review via email: mp+430750@code.launchpad.net

Description of the change

When `./scripts/check-syntax` returns that a package does not exist in devel release, we should mark it as DNE to keep the devel line in the CVE file.

an example of the output with the proposed changes:
 package 'audacity' not in 'kinetic'
 active/CVE-2016-4472: 530: would delete this line
 active/CVE-2016-4472: 530: would insert 'devel_audacity: DNE'

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - thanks for this!

review: Approve
Revision history for this message
Ian Constantin (iconstantin) wrote :

I believe:

     if 'DOES exist' or 'not in' in msg:

should be:

     if 'DOES exist' in msg or 'not in' in msg:

review: Needs Fixing
Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

Yeah, that is correct,
I noticed it later when using the script and already fixed on commit 84f05fb582e10fdc068d2147a9808473816b068c direct on master branch to avoid misuse.

Thanks for pointing it.

Revision history for this message
Ian Constantin (iconstantin) wrote :

Ah ok cool! Sorry did not check in UCT

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/check-syntax-fixup b/scripts/check-syntax-fixup
index a38ad1e..64e3f2e 100755
--- a/scripts/check-syntax-fixup
+++ b/scripts/check-syntax-fixup
@@ -59,6 +59,15 @@ def delete_from_file(filename: str, linenum: int, dryrun=False, verbose=False):
59 else:59 else:
60 print("%s: %d: would delete this line" % (os.path.relpath(filename), linenum))60 print("%s: %d: would delete this line" % (os.path.relpath(filename), linenum))
6161
62def get_pkg_rel_from_msg(msg):
63 parts = msg.split(" ")
64 if 'DOES exist' or 'not in' in msg:
65 pkg = parts[1].replace("'", "")
66 rel = parts[-1].replace("'", "")
67 else:
68 pkg = parts[0]
69 rel = parts[-1].replace("'", "")
70 return pkg, rel
6271
63parser = argparse.ArgumentParser("Automatically fixup issues flagged by check-syntax")72parser = argparse.ArgumentParser("Automatically fixup issues flagged by check-syntax")
64parser.add_argument(73parser.add_argument(
@@ -111,13 +120,7 @@ for line in args.infile:
111 if "missing release" in msg or 'DOES exist' in msg:120 if "missing release" in msg or 'DOES exist' in msg:
112 # e.g. golang missing release 'gke/gke-1.19'121 # e.g. golang missing release 'gke/gke-1.19'
113 # e.g. package 'libextractor' DOES exist in 'trusty/esm'122 # e.g. package 'libextractor' DOES exist in 'trusty/esm'
114 parts = msg.split(" ")123 pkg, rel = get_pkg_rel_from_msg(msg)
115 if 'DOES exist' in msg:
116 pkg = parts[1].replace("'", "")
117 rel = parts[-1].replace("'", "")
118 else:
119 pkg = parts[0]
120 rel = parts[-1].replace("'", "")
121124
122 # get status from the parent release if there is one125 # get status from the parent release if there is one
123 status = "needs-triage"126 status = "needs-triage"
@@ -161,8 +164,17 @@ for line in args.infile:
161 modified.append(cve)164 modified.append(cve)
162165
163 elif "unknown package" in msg or "not in" in msg or "unknown release" in msg:166 elif "unknown package" in msg or "not in" in msg or "unknown release" in msg:
167 pkg, rel = get_pkg_rel_from_msg(msg)
168
164 # delete this line since169 # delete this line since
165 delete_from_file(cve, linenum, args.dry_run, args.verbose)170 delete_from_file(cve, linenum, args.dry_run, args.verbose)
171
172 #if release is devel, we should add DNE instead of removing
173 if rel == cve_lib.devel_release:
174 rel = "devel"
175 fixup = "{rel}_{pkg}: {status}\n".format(rel=rel, pkg=pkg, status="DNE")
176 insert_into_file(cve, linenum, fixup, args.dry_run, args.verbose)
177
166 modified.append(cve)178 modified.append(cve)
167 else:179 else:
168 # print unhandled lines180 # print unhandled lines

Subscribers

People subscribed via source and target branches