Merge ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:publish_cve-add_deletion_option into ubuntu-cve-tracker:master
Status: | Merged |
---|---|
Merged at revision: | 0b134ded66c697e1bd5d53b8280b32401362b7ed |
Proposed branch: | ~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:publish_cve-add_deletion_option |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
78 lines (+41/-2) 1 file modified
scripts/publish-cves-to-website-api.py (+41/-2) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Alex Murray | Approve | ||
Review via email: mp+453725@code.launchpad.net |
Commit message
publish-
Add command line option to allow deleting one or more CVEs. This
changes the behavior of the script subtly: it now does not require
any (CVE) paths to be passed as arguments; if none are given, no CVEs
will be updated.
Some example invocations:
Delete CVE-2023-42572:
$ scripts/
Delete CVE-2023-42572 and CVE-2024-42572, exiting early if the first CVE
is not present on the web endpoint:
$ scripts/
Delete CVE-2023-42572 and update active/
CVE-2023-42572 is not present on the web endpoint; i.e. CVE-2023-42752
will not get updated:
$ scripts/
Note that the backend cronjob that runs this script has not been
modified to take advantage of this option; as of now, deleting a CVE
from the website requires a manual invocation of the script. (And
while the json endpoint will be updated immediately, it's not clear
how long the squid proxy will hold the cached version, alas :/ ).
Refactoring out the CVE_regex also fixes a subtle bug; if there was
a CVE with an suffix ID greater than 7 digits, the script would have
skipped updating it.
Description of the change
Thanks to me propogating a typo in a kernel changelog, I needed to delete a CVE from the website API. Unfortunately, our tools are not smart enough to do that when they see a CVE file go missing from the git repo. This merge request adds the capability to the publish-
LGTM!