Author: fw
Date: 2005-10-20 08:28:24 +0000 (Thu, 20 Oct 2005)
New Revision: 2475
Modified:
lib/python/bugs.py
lib/python/security_db.py
Log:
First round of updates for the CAN -> CVE transition.
lib/python/bugs.py (CANFile):
Remove, merge with CVEFile.
(BugBase.re_cve_name, BugBase.__init__, FileBase.re_*,
FileBase.__iter__):
Remove CAN-specific parts.
(test):
Update.
lib/python/security_db.py (DB.readBugs):
Do not read CAN/list. No longer normalize cross-references
(test):
Update.
Modified: lib/python/bugs.py
==================================================================---
lib/python/bugs.py 2005-10-20 08:21:24 UTC (rev 2474)
+++ lib/python/bugs.py 2005-10-20 08:28:24 UTC (rev 2475)
@@ -222,7 +222,7 @@
class BugBase:
"Base class for entries in the bug list."""
- re_cve_name = re.compile(r''^(?:CAN|CVE)-\d{4}-\d{4}$'')
+ re_cve_name = re.compile(r''^CVE-\d{4}-\d{4}$'')
def __init__(self, fname, lineno, date, name, description, comments):
assert type(fname) == types.StringType
@@ -384,11 +384,7 @@
if r is None:
name_components = name.split(''-'')
name_source = name_components[0]
- if name_source == ''CAN'':
- r = lookup(''-''.join([''CVE'']
+ name_components[1:]))
- elif name_source == ''CVE'':
- r = lookup(''-''.join([''CAN'']
+ name_components[1:]))
- elif name_source == ''DSA'' and 2 <=
len(name_components) <= 3:
+ if name_source == ''DSA'' and 2 <=
len(name_components) <= 3:
r = lookup_dsa(''DSA-'' + name_components[1])
if r is None:
raise ValueError, "unknown bug " + `name`
@@ -485,11 +481,11 @@
re_xref_required = re.compile(r''^\{'')
re_xref = re.compile(r''^\{\s*([^\}]+?)\s*\}$'')
re_whitespace = re.compile(r''\s+'')
- re_xref_entry = re.compile(''^(?:(?:CAN|CVE)-\d{4}-\d{4}''
+ re_xref_entry = re.compile(''^(?:CVE-\d{4}-\d{4}''
+ r''|VU#\d{6}''
+
r''|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$'')
re_xref_entry_own = re.compile(
-
''^(?:(?:CAN|CVE)-\d{4}-\d{4}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$'')
+
''^(?:CVE-\d{4}-\d{4}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$'')
re_xref_fixes_required = re.compile(r''^FIXES'')
re_xref_fixes = re.compile(r''^FIXES:\s+(.*?)\s*$'')
@@ -709,14 +705,14 @@
comments.append((''TODO'', todo))
continue
- self.raiseSyntaxError(''expected CAN/CVE annotation,
got: %s''
+ self.raiseSyntaxError(''expected CVE annotation, got:
%s''
% `r`, lineno)
break
if cve_reserved:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- (''reserved CVE entries must have CAN/CVE
names'',
+ (''reserved CVE entries must have CVE
names'',
first_lineno)
if len(pkg_notes) > 0:
# The bug has extra data even though it is marked
@@ -735,7 +731,7 @@
elif cve_rejected:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- (''rjeected CVE entries must have CAN/CVE
names'',
+ (''rjeected CVE entries must have CVE
names'',
first_lineno)
if len(pkg_notes) > 0:
self.raiseSyntaxError\
@@ -746,7 +742,7 @@
elif not_for_us is not None:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- (''not-for-us bug must have CAN/CVE
name'', first_lineno)
+ (''not-for-us bug must have CVE name'',
first_lineno)
if len(pkg_notes) > 0:
self.raiseSyntaxError\
(''package information not allowed in
not-for-us bugs'',
@@ -778,10 +774,10 @@
parsed, or adds some additional checking."""
return bug
-class CANFile(FileBase):
- """A CAN file, as used by the Debian testing security
team."""
+class CVEFile(FileBase):
+ """A CVE file, as used by the Debian testing security
team."""
- re_cve =
re.compile(r''^(CAN-\d{4}-(?:\d{4}|XXXX))\s+(.*?)\s*$'')
+ re_cve =
re.compile(r''^(CVE-\d{4}-(?:\d{4}|XXXX))\s+(.*?)\s*$'')
def __init__(self, name, fileObj=None):
FileBase.__init__(self, name, fileObj)
@@ -793,39 +789,6 @@
def matchHeader(self, line):
match = self.re_cve.match(line)
if not match:
- self.raiseSyntaxError("expected CAN record, got: %s" %
`line`)
- (record_name, description) = match.groups()
- (cve, desc) = match.groups()
- if desc:
- if desc[0] == ''('':
- if desc[-1] <> '')'':
- self.raiseSyntaxError("missing closing
parenthesis")
- else:
- desc = desc[1:-1]
- elif desc[0] == ''['':
- if desc[-1] <> '']'':
- self.raiseSyntaxError("missing closing bracket")
- else:
- desc = desc[1:-1]
- return (None, cve, desc)
-
- def finishBug(self, bug):
- # Merge identical package notes, for historical reasons.
- bug.mergeNotes()
- return bug
-
-class CVEFile(FileBase):
- """A CVE file, as used by the Debian testing security
team."""
-
- re_cve = re.compile(r''^(CVE-\d{4}-\d{4})\s+(.*?)\s*$'')
-
- def __init__(self, name, fileObj=None):
- FileBase.__init__(self, name, fileObj)
- self.no_version_needs_note = False
-
- def matchHeader(self, line):
- match = self.re_cve.match(line)
- if not match:
self.raiseSyntaxError("expected CVE record, got: %s" %
`line`)
(record_name, description) = match.groups()
(cve, desc) = match.groups()
@@ -846,7 +809,7 @@
# Merge identical package notes, for historical reasons.
bug.mergeNotes()
return bug
-
+
class DSAFile(FileBase):
"""A DSA file.
@@ -945,7 +908,7 @@
assert note.fixed_version ==
debian_support.Version(''0.36-1'')
assert note.urgency == internUrgency(''medium'')
- for p in CANFile(''../../data/CAN/list''):
+ for p in CVEFile(''../../data/CVE/list''):
pass
if __name__ == "__main__":
Modified: lib/python/security_db.py
==================================================================---
lib/python/security_db.py 2005-10-20 08:21:24 UTC (rev 2474)
+++ lib/python/security_db.py 2005-10-20 08:28:24 UTC (rev 2475)
@@ -611,8 +611,7 @@
return True
return True
- sources = ((bugs.CANFile, ''/CAN/list''),
- (bugs.CVEFile, ''/CVE/list''),
+ sources = ((bugs.CVEFile, ''/CVE/list''),
(bugs.DSAFile, ''/DSA/list''),
(bugs.DTSAFile, ''/DTSA/list''))
@@ -641,73 +640,21 @@
read_one(cls(path + name))
errors = []
-
- if self.verbose:
- print " checking CAN/CVE collisions"
-
- for b1, b2 in list(cursor.execute\
- ("""SELECT b1.name, b2.name FROM bugs AS b1, bugs AS
b2
- WHERE b1.name LIKE ''CVE-%''
- AND b2.name = ''CAN-'' || substr(b1.name, 5,
9)""")):
- b1 = bugs.BugFromDB(cursor, b1)
- b2 = bugs.BugFromDB(cursor, b2)
- errors.append("%s:%d: duplicate CVE entries %s and %s"
- % (b1.source_file, b1.source_line,
- b1.name, b2.name))
- errors.append("%s:%d: location of %s"
- % (b1.source_file, b1.source_line, b1.name))
- errors.append("%s:%d: location of %s"
- % (b2.source_file, b2.source_line, b2.name))
-
- # Normalize the CAN/CVE references to the entry which is
- # actually in the database. After the CAN -> CVE transition,
- # this can go away (but we should check that the
- # cross-references are valid).
-
if self.verbose:
- print " normalize CAN/CVE references"
+ print " check cross-references"
+ # Keep normalized_target column for now.
cursor.execute("UPDATE bugs_xref SET normalized_target =
target")
- for source, target in list(cursor.execute\
- ("""SELECT source, target FROM bugs_xref
- WHERE target LIKE ''CAN-%'' OR target LIKE
''CVE-%''""")):
- if bugs.BugBase.re_cve_name.match(target):
- can_target = ''CAN-'' + target[4:]
- cve_target = ''CVE-'' + target[4:]
-
- found = False
- for (t,) in list(cursor.execute("""SELECT name
FROM bugs
- WHERE name IN (?, ?)""", (can_target,
cve_target))):
- cursor.execute("""UPDATE bugs_xref
- SET normalized_target = ?
- WHERE source = ? AND target = ?""",
- (t, source, target))
- found = True
- break
- if not found:
- b = bugs.BugFromDB(cursor, source)
- errors.append\
- ("%s: %d: reference to unknwown CVE entry %s"
- % (b.source_file, b.source_line, target))
-
+
+ for (bug,) in cursor.execute(
+ """SELECT DISTINCT target FROM bugs_xref
+ EXCEPT SELECT name FROM bugs"""):
+ if bug[0:3] == "VU#":
+ continue
+ errors.append("reference to unknwown bug " + bug)
+
if self.verbose:
- print " check DSA/DTSA references"
-
- for source, target in list(cursor.execute
- ("""SELECT source, target FROM bugs_xref
- WHERE target LIKE ''DSA%'' OR target LIKE
''DTSA%''""")):
- found = False
- for (b,) in cursor.execute("SELECT name FROM bugs WHERE name =
?",
- (target,)):
- found = True
- if not found:
- b = bugs.BugFromDB(cursor, source)
- errors.append\
- ("%s: %d: reference to unknwown advisory %s"
- % (b.source_file, b.source_line, target))
-
- if self.verbose:
print " apply FIXES"
target_sources = {}
@@ -1533,8 +1480,8 @@
db.readBugs(cursor, ''../../data'')
db.commit(cursor)
- b = bugs.BugFromDB(cursor, ''CAN-2005-2491'')
- assert b.name == ''CAN-2005-2491'', b.name
+ b = bugs.BugFromDB(cursor, ''CVE-2005-2491'')
+ assert b.name == ''CVE-2005-2491'', b.name
assert b.description == ''Integer overflow in pcre_compile.c in
Perl Compatible Regular ...'', b.description
assert len(b.xref) == 2, b.xref
assert not b.not_for_us