Ubuntu CVE Tracker

Merge ubuntu-cve-tracker:fixup-fixup into ubuntu-cve-tracker:master

Proposed by Marc Deslauriers on 2024-02-16

Status:	Merged
Merge reported by:	Marc Deslauriers
Merged at revision:	5141fa1dbe24201c81069ba3b2d5fa20f5b493e5
Proposed branch:	ubuntu-cve-tracker:fixup-fixup
Merge into:	ubuntu-cve-tracker:master
Diff against target:	2340 lines (+1781/-275) 25 files modified dev/null (+0/-233) scripts/check-syntax (+133/-18) scripts/cve_lib.py (+79/-9) scripts/test_cve_lib.py (+86/-15) scripts/testfiles/cve_lib_test.example (+71/-0) scripts/testfiles/cve_lib_test_1.in (+70/-0) scripts/testfiles/cve_lib_test_1.result (+71/-0) scripts/testfiles/cve_lib_test_10.in (+71/-0) scripts/testfiles/cve_lib_test_10.result (+70/-0) scripts/testfiles/cve_lib_test_2.in (+70/-0) scripts/testfiles/cve_lib_test_2.result (+71/-0) scripts/testfiles/cve_lib_test_3.in (+70/-0) scripts/testfiles/cve_lib_test_3.result (+71/-0) scripts/testfiles/cve_lib_test_4.in (+70/-0) scripts/testfiles/cve_lib_test_4.result (+71/-0) scripts/testfiles/cve_lib_test_5.in (+70/-0) scripts/testfiles/cve_lib_test_5.result (+71/-0) scripts/testfiles/cve_lib_test_6.in (+70/-0) scripts/testfiles/cve_lib_test_6.result (+71/-0) scripts/testfiles/cve_lib_test_7.in (+71/-0) scripts/testfiles/cve_lib_test_7.result (+71/-0) scripts/testfiles/cve_lib_test_8.in (+71/-0) scripts/testfiles/cve_lib_test_8.result (+71/-0) scripts/testfiles/cve_lib_test_9.in (+70/-0) scripts/testfiles/cve_lib_test_9.result (+71/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Rodrigo Figueiredo Zaiden		2024-02-16	Approve on 2024-02-21
Review via email: mp+460700@code.launchpad.net

Commit message

This series of commits removes the hackish check-syntax-fixup script and adds proper --autofix and --dry-run options to the check-syntax script itself.

Revision history for this message

Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote on 2024-02-21:

LGTM, thanks for this.
it is of great help that the fix script can now fix all complains at once, and much faster.

review: Approve

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2024-02-21:

thanks for the review! :)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Aravind

Philip Roche

Robert C Jennings

Simon Quigley

Steve Beattie

Ubuntu Security Team

 diff --git a/scripts/check-syntax b/scripts/check-syntax
 index 3d7ee58..d253622 100755
 --- a/scripts/check-syntax
 +++ b/scripts/check-syntax
@@ -242,6 +242,19 @@ parser.add_option(
      default=False,
+ )
  parser.add_option(
++    "-a",
++    "--autofix",
++    help="Attempt to fix problems automatically",
++    action="store_true",
++    default=False,
++)
++parser.add_option(
++    "--dry-run",
++    help="Dry run for autofix parameter",
++    action="store_true",
++    default=False,
++)
++parser.add_option(
      "-j",
      "--jobs",
      type=int,
@@ -383,6 +396,103 @@ if len(cna_cves_set) > 0 and all_files:
  aliases_cache = {}
++def fixup_entry(filename, pkg, rel):
++    # If release is devel or EOL, we should add the proper status instead of removing
++    if rel == cve_lib.devel_release:
++        rel = "devel"
++        if opt.dry_run:
++            print("Dry-Run: updating %s, %s, devel to DNE" % (filename, pkg))
++            return
++        cve_lib.update_state(filename, pkg, "devel", "DNE")
++    elif not cve_lib.is_active_release(rel):
++        if cve_lib.is_active_esm_release(rel):
++            status = cve_lib.EOL_ESM_STATUS.format(state='unknown')
++        else:
++            status = cve_lib.EOL_STATUS.format(state='unknown')
++
++        if opt.dry_run:
++            print("Dry-Run: updating %s, %s, %s to %s" % (filename, pkg, rel, status))
++            return
++        cve_lib.update_state(filename, pkg, rel, status)
++
++    else:
++        if opt.dry_run:
++            print("Dry-Run: dropping %s, %s, %s" % (filename, pkg, rel))
++            return
++        cve_lib.drop_pkg_release(filename, pkg, rel)
++
++def fixup_entry_state(filename, pkg, rel, state):
++    if opt.dry_run:
++        print("Dry-Run: updating %s, %s, %s to %s" % (filename, pkg, rel, state))
++        return
++
++    cve_lib.update_state(filename, pkg, rel, state)
++
++def fixup_entry_get_status(filename, pkg, rel):
++    # get status from the parent release if there is one
++    status = "needs-triage"
++    try:
++        _, _, _, details = cve_lib.get_subproject_details(rel)
++        parent = details["parent"]
++        # this may be either an alias or a full name but cve_lib only
++        # uses aliases
++        parent = cve_lib.release_alias(parent)
++        data = cve_lib.load_cve(filename)
++        status = data["pkgs"][pkg][parent][0]
++        note = data["pkgs"][pkg][parent][1]
++        if len(note) > 0:
++            status = status + " (" + note + ")"
++        # if parent reached EOL then we are likely the new alive
++        # release so ignore their status in that case
++        if "end of life" in status or "end of standard support" in status:
++            status = 'needs-triage'
++    except (KeyError, ValueError, TypeError):
++        pass
++
++    return status
++
++def fixup_entry_missing(filename, pkg, rel):
++    status = fixup_entry_get_status(filename, pkg, rel)
++
++    if rel == cve_lib.devel_release:
++        rel = "devel"
++
++    if opt.dry_run:
++        print("Dry-Run: Adding %s, %s, %s to %s" % (filename, pkg, rel, status))
++        return
++
++    cve_lib.add_state(filename, pkg, rel, status)
++
++def fixup_entry_wrong(filename, pkg, rel):
++    status = fixup_entry_get_status(filename, pkg, rel)
++
++    if rel == cve_lib.devel_release:
++        rel = "devel"
++
++    if opt.dry_run:
++        print("Dry-Run: updating %s, %s, %s to %s" % (filename, pkg, rel, status))
++        return
++
++    cve_lib.update_state(filename, pkg, rel, status, None)
++
++def get_cve_path(cve, rel):
++
++    cve = os.path.basename(cve)
++    if rel in cve_lib.external_releases:
++        # FIXME: Should we also be using get_external_subproject_dir here?
++        cvepath = os.path.join(
++            cve_lib.get_external_subproject_cve_dir(rel), cve
++        )
++    else:
++        # Try and find where this CVE is located
++        for d in cve_lib.cve_dirs:
++            cvepath = os.path.join(d, cve)
++            if os.path.exists(cvepath):
++                return cvepath
++        # Fall back to the active directory if that didn't work?
++        cvepath = os.path.join(cve_lib.active_dir, cve)
++    return cvepath
++
  def check_cve(cve):
      if re.match(r"EMB-", cve):
          cvepath = os.path.join(cve_lib.embargoed_dir, cve)
@@ -447,9 +557,6 @@ def check_cve(cve):
          # Verify have required releases for each package
          listed_releases = set(sorted(data["pkgs"][pkg].keys()))
          all_required_releases = (set(cve_lib.all_releases + ["devel"]) - set([cve_lib.devel_release])) - set(cve_lib.eol_releases)
--        # get the name of a release which is listed in the CVE so we can
--        # place the generated error message on this release's line etc
--        nearby_rel = list(listed_releases)[0]
          aliases_releases = set()
          listed_series = set()
@@ -486,12 +593,10 @@ def check_cve(cve):
                          for pkg_alias in pkgs_from_aliases:
                              if pkg_alias not in data["pkgs"].keys():
--                                filename = srcmap["pkgs"][pkg][nearby_rel][0]
--                                linenum = srcmap["pkgs"][pkg][nearby_rel][1]
++                                filename = get_cve_path(cve, rel)
                                  print(
--                                    "%s: %d: %s missing release '%s'"
--                                    # put the error on a line near where this entry should go
--                                    % (filename, linenum, pkg_alias, rel),
++                                    "%s: %s missing release '%s'"
++                                    % (filename, pkg_alias, rel),
                                      file=sys.stderr,
+                                 )
                                  cve_okay = False
@@ -501,15 +606,13 @@ def check_cve(cve):
                      if aliases:
                          if rel in listed_releases and pkg \
                              not in pkgs_from_aliases:
--                            filename = srcmap["pkgs"][pkg][nearby_rel][0]
--                            linenum = srcmap["pkgs"][pkg][nearby_rel][1]
++                            filename = get_cve_path(cve, rel)
                              print(
--                                "%s: %d: package '%s' not in '%s'"
--                                % (filename, linenum, pkg, rel),
++                                "%s: package '%s' not in '%s'"
++                                % (filename, pkg, rel),
                                  file=sys.stderr,
+                             )
          missing_releases = all_required_releases - listed_releases
--        nearby_rel = list(listed_releases - missing_releases)[0]
          for rel in missing_releases:
              # only warn on active CVEs
              if is_active(cve) and \
@@ -519,14 +622,14 @@ def check_cve(cve):
                  # we shouldn't add any entries to the CVE
                  if not cve_lib.is_cve_triage_required(rel): continue
--                filename = srcmap["pkgs"][pkg][nearby_rel][0]
--                linenum = srcmap["pkgs"][pkg][nearby_rel][1]
++                filename = get_cve_path(cve, rel)
                  print(
--                    "%s: %d: %s missing release '%s'"
--                    # put the error on a line near where this entry should go
--                    % (filename, linenum, pkg, rel),
++                    "%s: %s missing release '%s'"
++                    % (filename, pkg, rel),
                      file=sys.stderr,
+                 )
++                if opt.autofix:
++                    fixup_entry_missing(filename, pkg, rel)
                  cve_okay = False
          unknown_releases = listed_releases - set(cve_lib.all_releases + ["devel", "upstream"])
          for rel in unknown_releases:
@@ -537,6 +640,8 @@ def check_cve(cve):
                  % (filename, linenum, pkg, rel),
                  file=sys.stderr,
+             )
++            if opt.autofix:
++                fixup_entry(filename, pkg, rel)
              cve_okay = False
          for release in sorted(data["pkgs"][pkg].keys()):
              rel = release
@@ -590,6 +695,8 @@ def check_cve(cve):
                              % (filename, linenum, pkg, state, rel, fixed_state),
                              file=sys.stderr,
+                         )
++                        if opt.autofix:
++                            fixup_entry_state(filename, pkg, rel, fixed_state)
                          cve_okay = False
                      # REMOVED THIS CHECK TEMPORARILY WHILE WE WORK IN ANOTHER SOLUTION
                      # elif state == 'ignored':
@@ -601,6 +708,8 @@ def check_cve(cve):
                      #             % (filename, linenum, pkg, details[1], rel, fixed_state),
                      #             file=sys.stderr,
                      #         )
++                    #     if opt.autofix:
++                    #         fixup_entry_state(filename, pkg, rel, fixed_state)
                      #         cve_okay = False
                  continue
@@ -625,6 +734,8 @@ def check_cve(cve):
                          % (filename, linenum, pkg, rel),
                          file=sys.stderr,
+                     )
++                    if opt.autofix:
++                        fixup_entry_wrong(filename, pkg, rel)
                      cve_okay = False
                  continue
@@ -667,6 +778,8 @@ def check_cve(cve):
                          % (filename, linenum, pkg, rel),
                          file=sys.stderr,
+                     )
++                    if opt.autofix:
++                        fixup_entry(filename, pkg, rel)
                      cve_okay = False
              else:
                  if rel in source:
@@ -703,6 +816,8 @@ def check_cve(cve):
                                      % (filename, linenum, pkg, rel),
                                      file=sys.stderr,
+                                 )
++                                if opt.autofix:
++                                    fixup_entry(filename, pkg, rel)
                                  cve_okay = False
                  elif opt.strict and not opt.newer:
                      # Validate the version is <= version in release
 diff --git a/scripts/check-syntax-fixup b/scripts/check-syntax-fixup
 deleted file mode 100755
 index 0ce195b..0000000
 --- a/scripts/check-syntax-fixup
 +++ /dev/null
@@ -1,233 +0,0 @@
--#!/usr/bin/env python3
--
--# Author: Alex Murray <alex.murray@canonical.com>
--# Copyright (C) 2021 Canonical Ltd.
--#
--# This script is distributed under the terms and conditions of the GNU General
--# Public License, Version 2 or later. See http://www.gnu.org/copyleft/gpl.html
--# for details.
--
--#
--# This script uses the output of check-syntax to determine what needs to
--# be fixed. Typical usage is:
--#
--# ./scripts/check-syntax 2>&1 | ./scripts/check-syntax-fixup
--#
--
--import argparse
--import os
--import sys
--import cve_lib
--
--
--def insert_into_file(filename: str, linenum: int, line: str, dryrun=False, verbose=False):
--    """Insert line into filename at linenum."""
--    if not dryrun:
--        # file may not already exist
--        contents = []
--        try:
--            with open(filename, "r") as f:
--                contents = f.readlines()
--        except FileNotFoundError:
--            pass
--        if verbose:
--            print("%s: %d: inserting '%s'" % (os.path.relpath(filename), linenum, line.strip()))
--        # linenum is 1 based but arrays are 0-based
--        contents.insert(linenum - 1, line)
--        with open(cve, "w") as f:
--            f.write("".join(contents))
--    else:
--        print("%s: %d: would insert '%s'" % (os.path.relpath(filename), linenum, line.strip()))
--
--
--def delete_from_file(filename: str, linenum: int, dryrun=False, verbose=False):
--    """Delete line at linenum from filename."""
--    if not dryrun:
--        # file may not already exist
--        contents = []
--        try:
--            with open(filename, "r") as f:
--                contents = f.readlines()
--        except FileNotFoundError:
--            pass
--        if verbose:
--            print("%s: %d: deleting... " % (os.path.relpath(filename), linenum))
--        # linenum is 1 based but arrays are 0-based
--        del contents[linenum - 1]
--        with open(cve, "w") as f:
--            f.write("".join(contents))
--    else:
--        print("%s: %d: would delete this line" % (os.path.relpath(filename), linenum))
--
--
--def identify_subproject_line_number(filename: str, pkg: str, rel: str):
--    # file may not already exist
--    contents = []
--    try:
--        with open(filename, "r") as f:
--            contents = f.readlines()
--    except FileNotFoundError:
--        pass
--
--    for linenum,line in enumerate(contents):
--        if not line or ':' not in line or '_' not in line:
--            continue
--        line_rel, line_pkg = line.split(":")[0].split('_', maxsplit=1)
--        if pkg == line_pkg and rel == line_rel:
--            return linenum + 1
--
--    return -1
--
--def get_pkg_rel_from_msg(msg):
--    parts = msg.split(" ")
--    if 'DOES exist' in msg or 'not in' in msg:
--        pkg = parts[1].replace("'", "")
--        rel = parts[-1].replace("'", "")
--    elif 'unknown package' in msg:
--        pkg = parts[2].replace("'", "")
--        rel = parts[-1].replace("'", "")
--    elif 'incorrect' in msg:
--        pkg = parts[0].replace("'", "")
--        rel = msg.split(', try')[0].split(' ')[-1].replace("'", "")
--    else:
--        pkg = parts[0]
--        rel = parts[-1].replace("'", "")
--    return pkg, rel
--
--parser = argparse.ArgumentParser("Automatically fixup issues flagged by check-syntax")
--parser.add_argument(
--    "-n",
--    "--dry-run",
--    action="store_true",
--    default=False,
--    help="Don't perform any actual modifications just print what would be done.",
--)
--parser.add_argument(
--    "-v",
--    "--verbose",
--    action="store_true",
--    default=False,
--    help="Print output for each operation performed.",
--)
--parser.add_argument(
--    "infile",
--    nargs="?",
--    help="File to read input from. Defaults to stdin.",
--    type=argparse.FileType("r"),
--    default=sys.stdin,
--)
--args = parser.parse_args()
--if args.dry_run:
--    print("DRY RUN - LIKE THE MATRIX, THIS IS JUST A SIMULATION.")
--
--
--modified = []
--
--for line in args.infile:
--    # skip warnings
--    if line.startswith("WARNING:"):
--        continue
--    # parse out file name, line number, and message
--    parts = line.split(":")
--    if len(parts) != 3:
--        continue
--    # strip whitespace from all parts
--    parts = map(lambda s: s.strip(), parts)
--    cve, linenum, msg = parts
--    linenum = int(linenum)
--
--    # don't modify a file more than once otherwise the line numbers get out of whack
--    if cve in modified:
--        # print unhandled lines
--        print(line, file=sys.stderr)
--        continue
--
--    if "missing release" in msg or 'DOES exist' in msg:
--        # e.g. golang missing release 'gke/gke-1.19'
--        # e.g. package 'libextractor' DOES exist in 'trusty/esm'
--        pkg, rel = get_pkg_rel_from_msg(msg)
--
--        # get status from the parent release if there is one
--        status = "needs-triage"
--        try:
--            _, _, _, details = cve_lib.get_subproject_details(rel)
--            parent = details["parent"]
--            # this may be either an alias or a full name but cve_lib only
--            # uses aliases
--            parent = cve_lib.release_alias(parent)
--            data = cve_lib.load_cve(cve)
--            status = data["pkgs"][pkg][parent][0]
--            note = data["pkgs"][pkg][parent][1]
--            if len(note) > 0:
--                status = status + " (" + note + ")"
--            # if parent reached EOL then we are likely the new alive
--            # release so ignore their status in that case
--            if "end of life" in status or "end of standard support" in status:
--                status = 'needs-triage'
--        except (KeyError, ValueError, TypeError):
--            pass
--
--        if rel == cve_lib.devel_release:
--            rel = "devel"
--
--        fixup = "{rel}_{pkg}: {status}\n".format(rel=rel, pkg=pkg, status=status)
--
--        # remove this hard-coded hack one-day...
--        if rel in cve_lib.external_releases or \
--           (rel == "trusty/esm" and "DOES exist" in msg):
--            cve = os.path.join(
--                cve_lib.get_external_subproject_cve_dir(rel), os.path.basename(cve)
--            )
--            linenum = identify_subproject_line_number(cve, pkg, rel)
--            if linenum == -1:
--                if 'DOES exist' in msg:
--                    continue
--                linenum = 1 # We are inserting
--
--        # Remove the 'DNE' line before adding the new one
--        if 'DOES exist' in msg:
--            delete_from_file(cve, linenum, args.dry_run, args.verbose)
--
--        insert_into_file(cve, linenum, fixup, args.dry_run, args.verbose)
--        modified.append(cve)
--
--    elif "unknown package" in msg or "not in" in msg \
--        or "unknown release" in msg or "incorrect status"\
--        or "incorrect ignored detail" in msg:
--        pkg, rel = get_pkg_rel_from_msg(msg)
--
--        # remove this hard-coded hack one-day...
--        if rel in cve_lib.external_releases or rel == "trusty/esm":
--            cve = os.path.join(
--                cve_lib.get_external_subproject_cve_dir(rel), os.path.basename(cve)
--            )
--            linenum = identify_subproject_line_number(cve, pkg, rel)
--            if linenum == -1:
--                print(line, file=sys.stderr)
--                continue
--
--        # delete this line since
--        delete_from_file(cve, linenum, args.dry_run, args.verbose)
--
--        #if release is devel or EOL, we should add the proper status instead of removing
--        if rel == cve_lib.devel_release:
--            rel = "devel"
--            fixup = "{rel}_{pkg}: {status}\n".format(rel=rel, pkg=pkg, status="DNE")
--            insert_into_file(cve, linenum, fixup, args.dry_run, args.verbose)
--        elif not cve_lib.is_active_release(rel):
--            if 'incorrect' in msg:
--                status = msg.split("try '")[1].replace("'", "")
--            else:
--                state = msg.split(' ')[3].replace("'", "")
--                if cve_lib.is_active_esm_release(rel):
--                    status = cve_lib.EOL_ESM_STATUS.format(state=state)
--                else:
--                    status = cve_lib.EOL_STATUS.format(state=state)
--
--            fixup = "{rel}_{pkg}: {status}\n".format(rel=rel, pkg=pkg, status=status)
--            insert_into_file(cve, linenum, fixup, args.dry_run, args.verbose)
--
--        modified.append(cve)
--    else:
--        # print unhandled lines
--        print(line, file=sys.stderr)
 diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
 index 68431ea..438348a 100755
 --- a/scripts/cve_lib.py
 +++ b/scripts/cve_lib.py
@@ -1687,6 +1687,15 @@ def drop_dup_release(cve, rel):
      output.close()
      os.rename(cve + '.new', cve)
++def drop_pkg_release(cve, pkg, rel):
++    output = codecs.open(cve + ".new", 'w', encoding="utf-8")
++    with codecs.open(cve, encoding="utf-8") as inF:
++        lines = inF.readlines()
++    for line in lines:
++        if not line.startswith('%s_%s:' % (rel, pkg)):
++            output.write(line)
++    output.close()
++    os.rename(cve + '.new', cve)
  def clone_release(cve, pkg, oldrel, newrel):
      output = codecs.open(cve + ".new", 'w', encoding="utf-8")
@@ -1701,7 +1710,7 @@ def clone_release(cve, pkg, oldrel, newrel):
      os.rename(cve + '.new', cve)
--def update_state(cve, pkg, rel, state, details):
++def update_state(cve, pkg, rel, state, details=None):
      output = codecs.open(cve + ".new", 'w', encoding="utf-8")
      with codecs.open(cve, encoding="utf-8") as inF:
          lines = inF.readlines()
@@ -1716,18 +1725,79 @@ def update_state(cve, pkg, rel, state, details):
      os.rename(cve + '.new', cve)
--def add_state(cve, pkg, rel, state, details, after_rel):
++def add_state(cve, pkg, rel, state, details=None, after_rel=None):
++    new_line = '%s_%s: %s' % (rel, pkg, state)
++    if details:
++        new_line += ' (%s)' % (details)
++    new_line += '\n'
++
++    # This is a new file
++    if not os.path.exists(cve):
++        with open(cve, "w") as f:
++            f.write(new_line)
++        return
++
      output = codecs.open(cve + ".new", 'w', encoding="utf-8")
      with codecs.open(cve, encoding="utf-8") as inF:
          lines = inF.readlines()
--    for line in lines:
--        if line.startswith('%s_%s:' % (after_rel, pkg)):
++
++    if after_rel == None:
++        index = None
++        if rel != 'devel':
++            index = all_releases.index(rel)
++        done = False
++        found_pkg = False
++        for line in lines:
++            if done:
++                output.write(line)
++                continue
++            if not ('_%s:' % pkg) in line:
++                # If we're past the package section, and we wanted to add
++                # the devel release, stick it here
++                if rel == 'devel' and found_pkg == True:
++                    output.write(new_line)
++                    done = True
++                output.write(line)
++                continue
++
++            found_pkg = True
++            if rel != 'devel':
++                line_rel = line.split('_')[0]
++                # Whoa, we hit the devel release, stick it here
++                if line_rel == "devel":
++                    output.write(new_line)
++                    output.write(line)
++                    done = True
++                    continue
++
++                # Does this look like a release name?
++                if line_rel not in all_releases:
++                    output.write(line)
++                    continue
++
++                # See if the release is bigger than ours, if so, stick it here
++                if all_releases.index(line_rel) > index:
++                    output.write(new_line)
++                    output.write(line)
++                    done = True
++                    continue
++
++            # Nothing to see here, move along
              output.write(line)
--            line = '%s_%s: %s' % (rel, pkg, state)
--            if details:
--                line += ' (%s)' % (details)
--            line += '\n'
--        output.write(line)
++
++        # If we made it here, we didn't find a place to put it, just
++        # stick it at the end of the file
++        if done == False:
++            output.write(new_line)
++
++    else:
++        for line in lines:
++            if line.startswith('%s_%s:' % (after_rel, pkg)):
++                output.write(line)
++                output.write(new_line)
++            else:
++                output.write(line)
++
      output.close()
      os.rename(cve + '.new', cve)
 diff --git a/scripts/test_cve_lib.py b/scripts/test_cve_lib.py
 index db9b4b2..f44b4d1 100755
 --- a/scripts/test_cve_lib.py
 +++ b/scripts/test_cve_lib.py
@@ -7,6 +7,8 @@ import pytest
  import random
  import sys
  import cve_lib
++import shutil
++import filecmp
  def pytest_generate_tests(metafunc):
      if "cvss" in metafunc.fixturenames:
@@ -28,23 +30,24 @@ def pytest_generate_tests(metafunc):
                  print("Failed to find %s to generate test cases..." % nvdjson, file=sys.stderr)
          metafunc.parametrize("cvss", [item for _, item in cvss.items()])
--def test_cvss_empty():
--    with pytest.raises(ValueError):
--        cve_lib.parse_cvss('')
++class TestCVSS:
++    def test_cvss_empty(self):
++        with pytest.raises(ValueError):
++            cve_lib.parse_cvss('')
--def test_cvss_none():
--    with pytest.raises(ValueError):
--        cve_lib.parse_cvss(None)
++    def test_cvss_none(self):
++        with pytest.raises(ValueError):
++            cve_lib.parse_cvss(None)
--def test_cvss(cvss):
--    # hack around the fact that some cvssV3 entries use the cvssV2
--    # ADJACENT_NETWORK attackVector which is wrong...
--    if cvss["baseMetricV3"]["cvssV3"]["attackVector"] == "ADJACENT_NETWORK":
--       cvss["baseMetricV3"]["cvssV3"]["attackVector"] = "ADJACENT"
--    js = cve_lib.parse_cvss(cvss["baseMetricV3"]["cvssV3"]["vectorString"])
--    # the existing impact may contain a baseMetricV2 or others so only
--    # compare CVSS3
--    assert(js["baseMetricV3"] == cvss["baseMetricV3"])
++    def test_cvss(self, cvss):
++        # hack around the fact that some cvssV3 entries use the cvssV2
++        # ADJACENT_NETWORK attackVector which is wrong...
++        if cvss["baseMetricV3"]["cvssV3"]["attackVector"] == "ADJACENT_NETWORK":
++           cvss["baseMetricV3"]["cvssV3"]["attackVector"] = "ADJACENT"
++        js = cve_lib.parse_cvss(cvss["baseMetricV3"]["cvssV3"]["vectorString"])
++        # the existing impact may contain a baseMetricV2 or others so only
++        # compare CVSS3
++        assert(js["baseMetricV3"] == cvss["baseMetricV3"])
  class TestPackageOverrideTests:
@@ -99,6 +102,74 @@ class TestReleaseSort:
          assert cve_lib.release_sort(
              ["xenial", "dapper"]) == ["dapper", "xenial"]
++class TestFileManipulation:
++
++    def _prepare_files(self, tmp_path, filename):
++        test_file = os.path.join(tmp_path, filename)
++        test_result = 'scripts/testfiles/' + filename + '.result'
++        shutil.copy('scripts/testfiles/' + filename + '.in', test_file)
++        return (test_file, test_result)
++
++    def test_add_state_middle(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_1')
++        # Insert a release in the middle of other releases
++        cve_lib.add_state(test_file, "openssl", "mantic", "needs-triage")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_add_state_devel(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_2')
++        # Insert a missing devel release
++        cve_lib.add_state(test_file, "openssl", "devel", "needs-triage")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_add_state_middle_last(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_3')
++        # Insert a release in the middle of other releases in the last group
++        cve_lib.add_state(test_file, "edk2", "jammy", "needs-triage")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_add_state_devel_end_of_file(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_4')
++        # Insert a missing devel release in the last group
++        cve_lib.add_state(test_file, "edk2", "devel", "needs-triage")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_add_state_with_details(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_5')
++        # Insert a release in the middle of other releases with details
++        cve_lib.add_state(test_file, "openssl", "mantic", "not-affected", "code not present")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_add_state_after_rel(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_6')
++        # Insert a release after a certain other release
++        cve_lib.add_state(test_file, "openssl", "mantic", "needs-triage", after_rel="jammy")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_update_state(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_7')
++        # Update the state of a release
++        cve_lib.update_state(test_file, "openssl", "mantic", "not-affected")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_update_state_with_details(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_8')
++        # Update the state of a release with some details
++        cve_lib.update_state(test_file, "openssl", "mantic", "not-affected", "code not present")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_clone_release(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_9')
++        # Clone a release into another (ordering is weird here, what uses this?)
++        cve_lib.clone_release(test_file, "openssl", "mantic", "jammy")
++        assert filecmp.cmp(test_file, test_result)
++
++    def test_drop_pkg_release(self, tmp_path):
++        test_file, test_result = self._prepare_files(tmp_path, 'cve_lib_test_10')
++        # Drop a release
++        cve_lib.drop_pkg_release(test_file, "openssl", "mantic")
++        assert filecmp.cmp(test_file, test_result)
++
  class TestReleaseDevel:
      def test_release_devel_direct(self):
          # ensure that there is no more than one ubuntu release marked as
 diff --git a/scripts/testfiles/cve_lib_test.example b/scripts/testfiles/cve_lib_test.example
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test.example
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_1.in b/scripts/testfiles/cve_lib_test_1.in
 new file mode 100644
 index 0000000..aa830d9
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_1.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_1.result b/scripts/testfiles/cve_lib_test_1.result
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_1.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_10.in b/scripts/testfiles/cve_lib_test_10.in
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_10.in
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_10.result b/scripts/testfiles/cve_lib_test_10.result
 new file mode 100644
 index 0000000..aa830d9
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_10.result
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_2.in b/scripts/testfiles/cve_lib_test_2.in
 new file mode 100644
 index 0000000..95cda1b
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_2.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_2.result b/scripts/testfiles/cve_lib_test_2.result
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_2.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_3.in b/scripts/testfiles/cve_lib_test_3.in
 new file mode 100644
 index 0000000..d2e0b69
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_3.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_3.result b/scripts/testfiles/cve_lib_test_3.result
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_3.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_4.in b/scripts/testfiles/cve_lib_test_4.in
 new file mode 100644
 index 0000000..b9799d0
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_4.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_4.result b/scripts/testfiles/cve_lib_test_4.result
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_4.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_5.in b/scripts/testfiles/cve_lib_test_5.in
 new file mode 100644
 index 0000000..aa830d9
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_5.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_5.result b/scripts/testfiles/cve_lib_test_5.result
 new file mode 100644
 index 0000000..0464b30
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_5.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: not-affected (code not present)
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_6.in b/scripts/testfiles/cve_lib_test_6.in
 new file mode 100644
 index 0000000..aa830d9
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_6.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_6.result b/scripts/testfiles/cve_lib_test_6.result
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_6.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_7.in b/scripts/testfiles/cve_lib_test_7.in
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_7.in
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_7.result b/scripts/testfiles/cve_lib_test_7.result
 new file mode 100644
 index 0000000..d101117
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_7.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: not-affected
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_8.in b/scripts/testfiles/cve_lib_test_8.in
 new file mode 100644
 index 0000000..2dad463
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_8.in
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: needs-triage
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_8.result b/scripts/testfiles/cve_lib_test_8.result
 new file mode 100644
 index 0000000..0464b30
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_8.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: needs-triage
++mantic_openssl: not-affected (code not present)
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_9.in b/scripts/testfiles/cve_lib_test_9.in
 new file mode 100644
 index 0000000..babe94b
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_9.in
@@ -0,0 +1,70 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++mantic_openssl: released (1.1.2-1ubuntu6)
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage
 diff --git a/scripts/testfiles/cve_lib_test_9.result b/scripts/testfiles/cve_lib_test_9.result
 new file mode 100644
 index 0000000..ee6f455
 --- /dev/null
 +++ b/scripts/testfiles/cve_lib_test_9.result
@@ -0,0 +1,71 @@
++Candidate: CVE-2024-TEST
++PublicDate: 2024-02-16
++References:
++ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-NNN1
++Description:
++ Some flaw description
++Ubuntu-Description:
++Notes:
++Mitigation:
++Bugs:
++Priority: medium
++Discovered-by:
++Assigned-to:
++CVSS:
++
++Patches_openssl:
++upstream_openssl: needs-triage
++trusty_openssl: ignored (end of standard support)
++trusty/esm_openssl: needs-triage
++xenial_openssl: ignored (end of standard support)
++esm-infra/xenial_openssl: needs-triage
++fips-updates/xenial_openssl: needs-triage
++fips/xenial_openssl: needs-triage
++bionic_openssl: ignored (end of standard support)
++esm-infra/bionic_openssl: needs-triage
++fips-updates/bionic_openssl: needs-triage
++fips/bionic_openssl: needs-triage
++focal_openssl: needs-triage
++fips-updates/focal_openssl: needs-triage
++fips/focal_openssl: needs-triage
++jammy_openssl: released (1.1.2-1ubuntu6)
++mantic_openssl: released (1.1.2-1ubuntu6)
++devel_openssl: needs-triage
++
++Patches_openssl1.0:
++upstream_openssl1.0: needs-triage
++trusty_openssl1.0: DNE
++xenial_openssl1.0: DNE
++bionic_openssl1.0: ignored (end of standard support)
++esm-infra/bionic_openssl1.0: needs-triage
++focal_openssl1.0: DNE
++jammy_openssl1.0: DNE
++mantic_openssl1.0: DNE
++devel_openssl1.0: DNE
++
++Patches_nodejs:
++upstream_nodejs: needs-triage
++trusty_nodejs: ignored (end of standard support)
++trusty/esm_nodejs: not-affected (uses system openssl)
++xenial_nodejs: not-affected (uses system openssl)
++esm-apps/xenial_nodejs: needs-triage
++bionic_nodejs: not-affected (uses system openssl1.0)
++esm-apps/bionic_nodejs: needs-triage
++focal_nodejs: not-affected (uses system openssl)
++esm-apps/focal_nodejs: needs-triage
++jammy_nodejs: needed
++esm-apps/jammy_nodejs: needs-triage
++mantic_nodejs: not-affected (uses system openssl)
++devel_nodejs: not-affected (uses system openssl)
++
++Patches_edk2:
++upstream_edk2: needs-triage
++trusty_edk2: ignored (end of standard support)
++xenial_edk2: ignored (end of standard support)
++esm-apps/xenial_edk2: needs-triage
++bionic_edk2: ignored (end of standard support)
++esm-apps/bionic_edk2: needs-triage
++focal_edk2: needs-triage
++jammy_edk2: needs-triage
++mantic_edk2: needs-triage
++devel_edk2: needs-triage

Ubuntu CVE Tracker

Merge ubuntu-cve-tracker:fixup-fixup into ubuntu-cve-tracker:master

Commit message

Description of the change

Preview Diff

Subscribers