Ubuntu CVE Tracker

Merge ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:publish-cves-notes-test-json into ubuntu-cve-tracker:master

  1. Git
  2. lp:~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker
  3. publish-cves-notes-test-json
  4. Merge into master
Proposed by Steve Beattie
Status: Merged
Merged at revision: c0ddff552cd8fd498129542068e16aa450628965
Proposed branch: ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:publish-cves-notes-test-json
Merge into: ubuntu-cve-tracker:master
Diff against target: 534 lines (+333/-139)
8 files modified
scripts/publish-cves-to-website-api.py (+3/-2)
test/website_api/use_esm_status_for_eol_releases.json (+45/-25)
test/website_api/use_esm_status_if_esm_release.json (+57/-33)
test/website_api/use_notes (+27/-0)
test/website_api/use_notes.json (+60/-0)
test/website_api/use_public_status_for_no_eol_releases.json (+45/-25)
test/website_api/use_public_status_if_public_release.json (+51/-29)
test/website_api/use_ros-esm_status.json (+45/-25)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+448958@code.launchpad.net

Commit message

publish-cves-to-website-api: fix json output, add notes test

As part of developing testcases for the merge request
https://code.launchpad.net/~pfsmorigo/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/448821
I added a testcase that added notes field, and discovered that the pprint() output is not guaranteed to be valid json.

This pull request adds a basic notes field test along with the invalid json example output generated by the publish-cves-to-website-api.py script and used by the test_publish-cves-to-website-api.py for validation. It then converts the publish-cves-to-website-api.py verbose output to (mostly) valid exported json along with regenerating the expected output results in the testcases.

(The output is not actually valid json, because a summary statement is prepended to the output, invaldiating it, but the tests end up discarding that.)

Steve Beattie (2):
      * [0f33dc25a92] publish-cves-to-website-api.py: add notes test
      * [91180197a70] publish-cves-to-website-api.py: convert verbose output to valid json

Description of the change

This is how the scripts/test_publish-cves-to-website-api.py fails with just the first commit in this series applied:

====================================== test session starts =======================================
collected 6 items

scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_public_status_if
_public_release] PASSED [ 16%]
scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_esm_status_if_es
m_release] PASSED [ 33%]
scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_public_status_fo
r_no_eol_releases] PASSED [ 50%]
scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_ros-esm_status]
PASSED [ 66%]
scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_esm_status_for_e
ol_releases] PASSED [ 83%]
scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_notes] FAILED [1
00%]

============================================ FAILURES ============================================
___________________________ TestWebSiteAPI.test_simple_okay[use_notes] ___________________________

self = <test_publish-cves-to-website-api.TestWebSiteAPI object at 0x7f6b70b26990>
cve_test_file = 'use_notes'

    @pytest.mark.parametrize("cve_test_file", PARSE_OKAY_TESTS)
    def test_simple_okay(self, cve_test_file):
> self.__check_simple_okay(cve_test_file)

scripts/test_publish-cves-to-website-api.py:28:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
scripts/test_publish-cves-to-website-api.py:22: in __check_simple_okay
    payload_json = json.load(f)
/usr/lib/python3.11/json/__init__.py:293: in load
    return loads(fp.read(),
/usr/lib/python3.11/json/__init__.py:346: in loads
    return _default_decoder.decode(s)
/usr/lib/python3.11/json/decoder.py:337: in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <json.decoder.JSONDecoder object at 0x7f6bf5e3c150>
s = '[{"bugs": [""],\n "cvss3": null,\n "description": "\\nPublish CVEs to Website API tests",\n
  "id": "CVE-2020-1234",...re.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],\n "status": "active",
\n "tags": {},\n "ubuntu_description": ""}]\n'
idx = 0

    def raw_decode(self, s, idx=0):
        """Decode a JSON document from ``s`` (a ``str`` beginning with
        a JSON document) and return a 2-tuple of the Python
        representation and the index in ``s`` where the document ended.

        This can be used to decode a JSON document from a string that may
        have extraneous data at the end.

        """
        try:
> obj, end = self.scan_once(s, idx)
E json.decoder.JSONDecodeError: Expecting ',' delimiter: line 9 column 22 (char 334)

/usr/lib/python3.11/json/decoder.py:353: JSONDecodeError
-------------------------------------- Captured stdout call --------------------------------------
1 total CVEs
==================================== short test summary info =====================================
FAILED scripts/test_publish-cves-to-website-api.py::TestWebSiteAPI::test_simple_okay[use_notes] -
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 9 column 22 (char 334)
================================== 1 failed, 5 passed in 0.52s ===================================

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM! - thanks Steve.

review: Approve
Revision history for this message
Paulo Flabiano Smorigo (pfsmorigo) wrote :

LGTM

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/scripts/publish-cves-to-website-api.py b/scripts/publish-cves-to-website-api.py
index d6af0e7..34a532b 100755
--- a/scripts/publish-cves-to-website-api.py
+++ b/scripts/publish-cves-to-website-api.py
@@ -6,6 +6,7 @@ import sys
6import cve_lib6import cve_lib
7import re7import re
8import argparse8import argparse
9import json
9from http.cookiejar import MozillaCookieJar10from http.cookiejar import MozillaCookieJar
1011
11# Local12# Local
@@ -336,7 +337,7 @@ def main(argv=None):
336337
337def push_chunks(args, url, chunk):338def push_chunks(args, url, chunk):
338 if args.verbose:339 if args.verbose:
339 pprint.pprint(chunk)340 print(json.dumps(chunk, indent=2))
340 if args.dry_run:341 if args.dry_run:
341 return342 return
342 resp = authentication("PUT", f"{url}{security_website_endpoint}", chunk)343 resp = authentication("PUT", f"{url}{security_website_endpoint}", chunk)
@@ -349,7 +350,7 @@ def push_chunks(args, url, chunk):
349def push_individual_cves(args, url, chunk):350def push_individual_cves(args, url, chunk):
350 for cve in chunk:351 for cve in chunk:
351 if args.verbose:352 if args.verbose:
352 pprint.pprint(cve)353 print(json.dumps(cve, indent=2))
353 if args.dry_run:354 if args.dry_run:
354 continue355 continue
355 resp = authentication("PUT", f"{url}{security_website_endpoint}", [cve])356 resp = authentication("PUT", f"{url}{security_website_endpoint}", [cve])
diff --git a/test/website_api/use_esm_status_for_eol_releases.json b/test/website_api/use_esm_status_for_eol_releases.json
index 095e819..0671231 100644
--- a/test/website_api/use_esm_status_for_eol_releases.json
+++ b/test/website_api/use_esm_status_for_eol_releases.json
@@ -1,25 +1,45 @@
1[{"bugs": [""],1[
2 "cvss3": null,2 {
3 "description": "\nPublish CVEs to Website API tests",3 "id": "CVE-2020-1234",
4 "id": "CVE-2020-1234",4 "description": "\nPublish CVEs to Website API tests",
5 "mitigation": "",5 "ubuntu_description": "",
6 "notes": [],6 "mitigation": "",
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "notes": [],
8 "name": "package",8 "priority": "medium",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "cvss3": null,
10 "statuses": [{"description": "",10 "references": [
11 "pocket": "security",11 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
12 "release_codename": "trusty",12 ],
13 "status": "needed"},13 "bugs": [
14 {"description": "",14 ""
15 "pocket": "security",15 ],
16 "release_codename": "upstream",16 "packages": [
17 "status": "needs-triage"}],17 {
18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "name": "package",
19 "patches": {"package": []},19 "source": "https://launchpad.net/ubuntu/+source/package",
20 "priority": "medium",20 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
21 "published": "2020-08-04 17:00:00 UTC",21 "debian": "https://tracker.debian.org/pkg/package",
22 "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],22 "statuses": [
23 "status": "active",23 {
24 "tags": {},24 "release_codename": "trusty",
25 "ubuntu_description": ""}]25 "status": "needed",
26 "description": "",
27 "pocket": "security"
28 },
29 {
30 "release_codename": "upstream",
31 "status": "needs-triage",
32 "description": "",
33 "pocket": "security"
34 }
35 ]
36 }
37 ],
38 "status": "active",
39 "tags": {},
40 "patches": {
41 "package": []
42 },
43 "published": "2020-08-04 17:00:00 UTC"
44 }
45]
diff --git a/test/website_api/use_esm_status_if_esm_release.json b/test/website_api/use_esm_status_if_esm_release.json
index 4ea6d3f..e59f044 100644
--- a/test/website_api/use_esm_status_if_esm_release.json
+++ b/test/website_api/use_esm_status_if_esm_release.json
@@ -1,33 +1,57 @@
1[{"bugs": [""],1[
2 "cvss3": null,2 {
3 "description": "\nPublish CVEs to Website API tests",3 "id": "CVE-2020-1234",
4 "id": "CVE-2020-1234",4 "description": "\nPublish CVEs to Website API tests",
5 "mitigation": "",5 "ubuntu_description": "",
6 "notes": [],6 "mitigation": "",
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "notes": [],
8 "name": "package",8 "priority": "medium",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "cvss3": null,
10 "statuses": [{"description": "1.0.0~esm1",10 "references": [
11 "pocket": "esm-infra",11 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
12 "release_codename": "trusty",12 ],
13 "status": "released"},13 "bugs": [
14 {"description": "1.2.3~esm1",14 ""
15 "pocket": "esm-apps",15 ],
16 "release_codename": "focal",16 "packages": [
17 "status": "released"},17 {
18 {"description": "1.2.4~esm1",18 "name": "package",
19 "pocket": "esm-apps",19 "source": "https://launchpad.net/ubuntu/+source/package",
20 "release_codename": "jammy",20 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
21 "status": "released"},21 "debian": "https://tracker.debian.org/pkg/package",
22 {"description": "",22 "statuses": [
23 "pocket": "security",23 {
24 "release_codename": "upstream",24 "release_codename": "trusty",
25 "status": "needs-triage"}],25 "status": "released",
26 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],26 "description": "1.0.0~esm1",
27 "patches": {"package": []},27 "pocket": "esm-infra"
28 "priority": "medium",28 },
29 "published": "2020-08-04 17:00:00 UTC",29 {
30 "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],30 "release_codename": "focal",
31 "status": "active",31 "status": "released",
32 "tags": {},32 "description": "1.2.3~esm1",
33 "ubuntu_description": ""}]33 "pocket": "esm-apps"
34 },
35 {
36 "release_codename": "jammy",
37 "status": "released",
38 "description": "1.2.4~esm1",
39 "pocket": "esm-apps"
40 },
41 {
42 "release_codename": "upstream",
43 "status": "needs-triage",
44 "description": "",
45 "pocket": "security"
46 }
47 ]
48 }
49 ],
50 "status": "active",
51 "tags": {},
52 "patches": {
53 "package": []
54 },
55 "published": "2020-08-04 17:00:00 UTC"
56 }
57]
diff --git a/test/website_api/use_notes b/test/website_api/use_notes
34new file mode 10064458new file mode 100644
index 0000000..454d026
--- /dev/null
+++ b/test/website_api/use_notes
@@ -0,0 +1,27 @@
1PublicDateAtUSN: 2020-08-04 17:00:00 UTC
2Candidate: CVE-2020-1234
3CRD: 2020-08-04 17:00:00 UTC
4PublicDate: 2020-08-04 17:00:00 UTC
5References:
6 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234
7Description:
8 Publish CVEs to Website API tests
9Ubuntu-Description:
10Notes:
11 pfsmorigo> this is a note
12 sbeattie> this is another note. It contains far too many words for a
13 note. Why are there so many words in this note?
14Mitigation:
15Bugs:
16Priority: medium
17Discovered-by:
18Assigned-to:
19CVSS:
20
21
22Patches_package:
23upstream_package: needs-triage
24trusty_package: released (1.2.3)
25trusty/esm_package: not-affected (1.2.3)
26jammy_package: released (4.5.6)
27esm-apps/jammy_package: not-affected (4.5.6)
diff --git a/test/website_api/use_notes.json b/test/website_api/use_notes.json
0new file mode 10064428new file mode 100644
index 0000000..09679e3
--- /dev/null
+++ b/test/website_api/use_notes.json
@@ -0,0 +1,60 @@
1[
2 {
3 "id": "CVE-2020-1234",
4 "description": "\nPublish CVEs to Website API tests",
5 "ubuntu_description": "",
6 "mitigation": "",
7 "notes": [
8 {
9 "author": "pfsmorigo",
10 "note": "this is a note"
11 },
12 {
13 "author": "sbeattie",
14 "note": "this is another note. It contains far too many words for a\nnote. Why are there so many words in this note?"
15 }
16 ],
17 "priority": "medium",
18 "cvss3": null,
19 "references": [
20 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
21 ],
22 "bugs": [
23 ""
24 ],
25 "packages": [
26 {
27 "name": "package",
28 "source": "https://launchpad.net/ubuntu/+source/package",
29 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
30 "debian": "https://tracker.debian.org/pkg/package",
31 "statuses": [
32 {
33 "release_codename": "trusty",
34 "status": "released",
35 "description": "1.2.3",
36 "pocket": "security"
37 },
38 {
39 "release_codename": "jammy",
40 "status": "released",
41 "description": "4.5.6",
42 "pocket": "security"
43 },
44 {
45 "release_codename": "upstream",
46 "status": "needs-triage",
47 "description": "",
48 "pocket": "security"
49 }
50 ]
51 }
52 ],
53 "status": "active",
54 "tags": {},
55 "patches": {
56 "package": []
57 },
58 "published": "2020-08-04 17:00:00 UTC"
59 }
60]
diff --git a/test/website_api/use_public_status_for_no_eol_releases.json b/test/website_api/use_public_status_for_no_eol_releases.json
index 0ea071c..ef0bc1a 100644
--- a/test/website_api/use_public_status_for_no_eol_releases.json
+++ b/test/website_api/use_public_status_for_no_eol_releases.json
@@ -1,25 +1,45 @@
1[{"bugs": [""],1[
2 "cvss3": null,2 {
3 "description": "\nPublish CVEs to Website API tests",3 "id": "CVE-2020-1234",
4 "id": "CVE-2020-1234",4 "description": "\nPublish CVEs to Website API tests",
5 "mitigation": "",5 "ubuntu_description": "",
6 "notes": [],6 "mitigation": "",
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "notes": [],
8 "name": "package",8 "priority": "medium",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "cvss3": null,
10 "statuses": [{"description": "",10 "references": [
11 "pocket": "security",11 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
12 "release_codename": "jammy",12 ],
13 "status": "needed"},13 "bugs": [
14 {"description": "",14 ""
15 "pocket": "security",15 ],
16 "release_codename": "upstream",16 "packages": [
17 "status": "needs-triage"}],17 {
18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "name": "package",
19 "patches": {"package": []},19 "source": "https://launchpad.net/ubuntu/+source/package",
20 "priority": "medium",20 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
21 "published": "2020-08-04 17:00:00 UTC",21 "debian": "https://tracker.debian.org/pkg/package",
22 "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],22 "statuses": [
23 "status": "active",23 {
24 "tags": {},24 "release_codename": "jammy",
25 "ubuntu_description": ""}]25 "status": "needed",
26 "description": "",
27 "pocket": "security"
28 },
29 {
30 "release_codename": "upstream",
31 "status": "needs-triage",
32 "description": "",
33 "pocket": "security"
34 }
35 ]
36 }
37 ],
38 "status": "active",
39 "tags": {},
40 "patches": {
41 "package": []
42 },
43 "published": "2020-08-04 17:00:00 UTC"
44 }
45]
diff --git a/test/website_api/use_public_status_if_public_release.json b/test/website_api/use_public_status_if_public_release.json
index e813ffa..82d8541 100644
--- a/test/website_api/use_public_status_if_public_release.json
+++ b/test/website_api/use_public_status_if_public_release.json
@@ -1,29 +1,51 @@
1[{"bugs": [""],1[
2 "cvss3": null,2 {
3 "description": "\nPublish CVEs to Website API tests",3 "id": "CVE-2020-1234",
4 "id": "CVE-2020-1234",4 "description": "\nPublish CVEs to Website API tests",
5 "mitigation": "",5 "ubuntu_description": "",
6 "notes": [],6 "mitigation": "",
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "notes": [],
8 "name": "package",8 "priority": "medium",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "cvss3": null,
10 "statuses": [{"description": "1.2.3",10 "references": [
11 "pocket": "security",11 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
12 "release_codename": "trusty",12 ],
13 "status": "released"},13 "bugs": [
14 {"description": "4.5.6",14 ""
15 "pocket": "security",15 ],
16 "release_codename": "jammy",16 "packages": [
17 "status": "released"},17 {
18 {"description": "",18 "name": "package",
19 "pocket": "security",19 "source": "https://launchpad.net/ubuntu/+source/package",
20 "release_codename": "upstream",20 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
21 "status": "needs-triage"}],21 "debian": "https://tracker.debian.org/pkg/package",
22 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],22 "statuses": [
23 "patches": {"package": []},23 {
24 "priority": "medium",24 "release_codename": "trusty",
25 "published": "2020-08-04 17:00:00 UTC",25 "status": "released",
26 "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],26 "description": "1.2.3",
27 "status": "active",27 "pocket": "security"
28 "tags": {},28 },
29 "ubuntu_description": ""}]29 {
30 "release_codename": "jammy",
31 "status": "released",
32 "description": "4.5.6",
33 "pocket": "security"
34 },
35 {
36 "release_codename": "upstream",
37 "status": "needs-triage",
38 "description": "",
39 "pocket": "security"
40 }
41 ]
42 }
43 ],
44 "status": "active",
45 "tags": {},
46 "patches": {
47 "package": []
48 },
49 "published": "2020-08-04 17:00:00 UTC"
50 }
51]
diff --git a/test/website_api/use_ros-esm_status.json b/test/website_api/use_ros-esm_status.json
index 6588aa7..e2ec94f 100644
--- a/test/website_api/use_ros-esm_status.json
+++ b/test/website_api/use_ros-esm_status.json
@@ -1,25 +1,45 @@
1[{"bugs": [""],1[
2 "cvss3": null,2 {
3 "description": "\nPublish CVEs to Website API tests",3 "id": "CVE-2020-1234",
4 "id": "CVE-2020-1234",4 "description": "\nPublish CVEs to Website API tests",
5 "mitigation": "",5 "ubuntu_description": "",
6 "notes": [],6 "mitigation": "",
7 "packages": [{"debian": "https://tracker.debian.org/pkg/package",7 "notes": [],
8 "name": "package",8 "priority": "medium",
9 "source": "https://launchpad.net/ubuntu/+source/package",9 "cvss3": null,
10 "statuses": [{"description": "1.2.3",10 "references": [
11 "pocket": "ros-esm",11 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"
12 "release_codename": "bionic",12 ],
13 "status": "released"},13 "bugs": [
14 {"description": "",14 ""
15 "pocket": "security",15 ],
16 "release_codename": "upstream",16 "packages": [
17 "status": "needs-triage"}],17 {
18 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package"}],18 "name": "package",
19 "patches": {"package": []},19 "source": "https://launchpad.net/ubuntu/+source/package",
20 "priority": "medium",20 "ubuntu": "https://packages.ubuntu.com/search?suite=all&section=all&arch=any&searchon=sourcenames&keywords=package",
21 "published": "2020-08-04 17:00:00 UTC",21 "debian": "https://tracker.debian.org/pkg/package",
22 "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1234"],22 "statuses": [
23 "status": "active",23 {
24 "tags": {},24 "release_codename": "bionic",
25 "ubuntu_description": ""}]25 "status": "released",
26 "description": "1.2.3",
27 "pocket": "ros-esm"
28 },
29 {
30 "release_codename": "upstream",
31 "status": "needs-triage",
32 "description": "",
33 "pocket": "security"
34 }
35 ]
36 }
37 ],
38 "status": "active",
39 "tags": {},
40 "patches": {
41 "package": []
42 },
43 "published": "2020-08-04 17:00:00 UTC"
44 }
45]

Subscribers

People subscribed via source and target branches