Author: gilbert-guest
Date: 2010-01-02 01:37:50 +0000 (Sat, 02 Jan 2010)
New Revision: 13694
Modified:
bin/tracker_service.py
lib/python/bugs.py
lib/python/security_db.py
Log:
adding support for <undetermined> in the tracker service. feedback and
comments are very welcome.
Modified: bin/tracker_service.py
==================================================================---
bin/tracker_service.py 2010-01-01 02:30:46 UTC (rev 13693)
+++ bin/tracker_service.py 2010-01-02 01:37:50 UTC (rev 13694)
@@ -83,6 +83,7 @@
padding-right : 0.25em; }
td { vertical-align: baseline }
span.red { color: red; }
+span.purple { color: purple; }
span.dangerous { color: rgb(191,127,0); }
"""), SCRIPT(''''''var old_query_value =
"";
@@ -327,7 +328,9 @@
if not bug.not_for_us:
for (release, status, reason) in bug.getStatus(cursor):
- if status <> ''fixed'':
+ if status == ''undetermined'':
+ reason = self.make_purple(reason)
+ elif status <> ''fixed'':
reason = self.make_red(reason)
yield B(''Debian/%s'' % release), reason
@@ -347,9 +350,12 @@
package = compose(
self.make_source_package_ref(url, package),
" (", self.make_pts_ref(url, package,
''PTS''), ")")
- if vulnerable:
+ if vulnerable == 1:
vuln = self.make_red(''vulnerable'')
version = self.make_red(version)
+ elif vulnerable == 2:
+ vuln =
self.make_purple(''undetermined'')
+ version = self.make_purple(version)
else:
vuln = ''fixed''
@@ -370,9 +376,12 @@
old_pkg = pkg
packages = self.make_binary_packages_ref(url, packages)
- if vulnerable:
+ if vulnerable == 1:
vuln = self.make_red(''vulnerable'')
version = self.make_red(version)
+ elif vulnerable == 2:
+ vuln =
self.make_purple(''undetermined'')
+ version = self.make_purple(version)
else:
vuln = ''fixed''
yield (packages,
@@ -644,6 +653,8 @@
urgency = ''''
elif urgency == ''high'':
urgency = self.make_red(urgency)
+ elif urgency == ''undetermined'':
+ urgency = self.make_purple(urgency)
else:
if no_dsa:
urgency = urgency + ''*''
@@ -760,6 +771,8 @@
urgency = ''''
elif urgency == ''high'':
urgency = self.make_red(urgency)
+ elif urgency == ''undetermined'':
+ urgency = self.make_purple(urgency)
yield pkg_name, self.make_xref(url, bug_name), urgency, remote
return self.create_page(
@@ -1228,6 +1241,9 @@
def make_red(self, contents):
return SPAN(contents, _class="red")
+
+ def make_purple(self, contents):
+ return SPAN(contents, _class="purple")
def make_dangerous(self, contents):
return SPAN(contents, _class="dangerous")
Modified: lib/python/bugs.py
==================================================================---
lib/python/bugs.py 2010-01-01 02:30:46 UTC (rev 13693)
+++ lib/python/bugs.py 2010-01-02 01:37:50 UTC (rev 13694)
@@ -23,7 +23,7 @@
def listUrgencies():
urgencies = {}
- urgs = ("high", "medium", "low",
"unimportant", "unknown")
+ urgs = ("high", "medium", "low",
"unimportant", "unknown", "undetermined")
for u in range(len(urgs)):
urgencies[urgs[u]] = Urgency(urgs[u], -u)
Urgency.urgencies = urgencies
@@ -610,6 +610,12 @@
pkg_notes.append(PackageNoteParsed
(p, None, d, release=release))
self.removed_packages[p] = True
+ elif v == ''undetermined'':
+ if not d:
+ d = ''undetermined''
+ pkg_notes.append(PackageNoteParsed
+ (p,
''undetermined'', ''undetermined'',
+ release=release))
else:
self.raiseSyntaxError(
"invalid special version %s in package
entry"
Modified: lib/python/security_db.py
==================================================================---
lib/python/security_db.py 2010-01-01 02:30:46 UTC (rev 13693)
+++ lib/python/security_db.py 2010-01-02 01:37:50 UTC (rev 13694)
@@ -276,7 +276,7 @@
(bug_name TEXT NOT NULL,
release TEXT NOT NULL,
status TEXT NOT NULL
- CHECK (status IN (''vulnerable'',
''fixed'', ''unknown'',
+ CHECK (status IN (''vulnerable'',
''fixed'', ''unknown'',
''undetermined'',
''partially-fixed'',
''todo'')),
reason TEXT NOT NULL,
PRIMARY KEY (bug_name, release))""")
@@ -792,7 +792,7 @@
EXCEPT SELECT name FROM bugs"""):
if bug[0:3] == "VU#":
continue
- errors.append("reference to unknwown bug " + bug)
+ errors.append("reference to unknown bug " + bug)
if self.verbose:
print " copy notes"
@@ -1038,7 +1038,10 @@
cursor.execute(
"""INSERT INTO source_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL OR p.version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, source_packages AS p
WHERE n.release = '''' AND p.name =
n.package""")
@@ -1051,7 +1054,10 @@
cursor.execute(
"""INSERT OR REPLACE INTO source_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL OR p.version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, source_packages AS p
WHERE p.name = n.package
@@ -1062,8 +1068,10 @@
cursor.execute(
"""INSERT INTO binary_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL
- OR p.source_version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.source_version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, binary_packages AS p
WHERE n.release = '''' AND p.source =
n.package""")
@@ -1071,8 +1079,10 @@
cursor.execute(
"""INSERT OR REPLACE INTO binary_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL
- OR p.source_version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.source_version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, binary_packages AS p
WHERE p.source = n.package AND p.release =
n.release""")
@@ -1088,7 +1098,10 @@
cursor.execute(
"""INSERT INTO binary_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL OR p.version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, binary_packages AS p
WHERE n.release = '''' AND p.name = n.package
@@ -1099,7 +1112,10 @@
cursor.execute(
"""INSERT OR REPLACE INTO binary_package_status
SELECT n.bug_name, p.rowid,
- n.fixed_version IS NULL OR p.version_id < n.fixed_version_id,
+ ( ( n.fixed_version IS NULL
+ OR p.version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ),
n.urgency
FROM package_notes AS n, binary_packages AS p
WHERE p.name = n.package AND p.release = n.release
@@ -1110,8 +1126,10 @@
cursor.execute(
"""INSERT INTO source_package_status
SELECT n.bug_name, s.rowid,
- MAX(n.fixed_version IS NULL
- OR b.version_id < n.fixed_version_id),
+ MAX( ( ( n.fixed_version IS NULL
+ OR b.version_id < n.fixed_version_id )
+ AND NOT ( n.fixed_version IS ''undetermined'' ) )
+ + 2*( n.fixed_version IS ''undetermined'' ) ),
MAX(n.urgency)
FROM package_notes AS n, binary_packages AS b,
source_packages AS s
@@ -1146,6 +1164,7 @@
"""Update bug_status with bug_name for
unstable."""
vulnerable_packages = []
+ undetermined_packages = []
have_something = False
for (package, vulnerable) in cursor.execute(
"""SELECT DISTINCT sp.name, st.vulnerable
@@ -1158,19 +1177,30 @@
ORDER BY sp.name""",
(bug_name,)):
have_something = True
- if vulnerable:
+ if vulnerable == 1:
vulnerable_packages.append(package)
+ elif vulnerable == 2:
+ undetermined_packages.append(package)
- if vulnerable_packages:
- if len(vulnerable_packages) == 1:
- pkgs = "package %s is vulnerable" %
vulnerable_packages[0]
- else:
- pkgs = ("packages %s are vulnerable"
- % '', ''.join(vulnerable_packages))
+ if vulnerable_packages or undetermined_packages:
+ pkgs = ""
+ status = ''undetermined''
+ if vulnerable_packages:
+ status = ''vulnerable''
+ if len(vulnerable_packages) == 1:
+ pkgs += "package %s is vulnerable. " %
vulnerable_packages[0]
+ else:
+ pkgs += ("packages %s are vulnerable. "
+ % '', ''.join(vulnerable_packages))
+ if undetermined_packages:
+ if len(undetermined_packages) == 1:
+ pkgs += "package %s may be vulnerable but needs to be
checked." % undetermined_packages[0]
+ else:
+ pkgs += ("packages %s may be vulnerable but need to be
checked."
+ % '',
''.join(undetermined_packages))
cursor.execute("""INSERT INTO bug_status
(bug_name, release, status, reason)
- VALUES (?, ''unstable'',
''vulnerable'', ?)""",
- (bug_name, pkgs))
+ VALUES (?, ''unstable'', ?,
?)""", (bug_name, status, pkgs))
else:
if have_something:
status = "not vulnerable"
@@ -1205,16 +1235,21 @@
# Check if any packages in plain testing are vulnerable, and
# if all of those have been fixed in the security archive.
fixed_in_security = True
- pkgs = {}
+ unfixed_pkgs = {}
+ undet_pkgs = {}
for ((package, note), vulnerable) in
status[''''].items():
- if vulnerable:
- pkgs[package] = True
+ if vulnerable == 1:
+ unfixed_pkgs[package] = True
if status[''security''].get((package, note),
True):
fixed_in_security = False
+ elif vulnerable == 2:
+ undet_pkgs[package] = True
- pkgs = pkgs.keys()
- pkgs.sort()
- if len(pkgs) == 0:
+ unfixed_pkgs = unfixed_pkgs.keys()
+ unfixed_pkgs.sort()
+ undet_pkgs = undet_pkgs.keys()
+ undet_pkgs.sort()
+ if len(unfixed_pkgs) == 0 and len(undet_pkgs) == 0:
if len(status[''''].keys()) == 0:
msg = "not known to be vulnerable"
else:
@@ -1225,19 +1260,27 @@
(bug_name, suite, msg))
return
- if len(pkgs) == 1:
- pkgs = "package " + pkgs[0] + " is "
- else:
- pkgs = "packages " + ", ".join(pkgs) + "
are "
- if fixed_in_security:
- pkgs = "%sfixed in %s-security" % (pkgs, suite)
- if suite == ''stable'':
- status = ''fixed''
+ pkgs = ""
+ if len(unfixed_pkgs) > 0:
+ if len(unfixed_pkgs) == 1:
+ pkgs += "package " + unfixed_pkgs[0] + " is
"
else:
- status = "partially-fixed"
+ pkgs += "packages " + ",
".join(unfixed_pkgs) + " are "
+ if fixed_in_security:
+ pkgs = "%sfixed in %s-security. " % (pkgs, suite)
+ if suite == "stable":
+ status = "fixed"
+ else:
+ status = "partially-fixed"
+ else:
+ pkgs += "vulnerable. "
+ status = "vulnerable"
else:
- pkgs += "vulnerable"
- status = "vulnerable"
+ status = "undetermined"
+ if len(undet_pkgs) == 1:
+ pkgs += "package " + undet_pkgs[0] + " may be
vulnerable but needs to be checked."
+ else:
+ pkgs += "package " + ", ".join(undet_pkgs) +
" may be vulnerable but need to be checked."
cursor.execute("""INSERT INTO bug_status
(bug_name, release, status, reason)
@@ -1272,7 +1315,7 @@
c.execute("""DELETE FROM vulnlist WHERE name LIKE
''TEMP-0000000-%''""")
urgency_to_flag = {''low'' : ''L'',
''medium'' : ''M'', ''high'' :
''H'',
- ''unknown'' : '' ''}
+ ''unknown'' : '' ''
, ''undetermined'' : '' ''}
result = ["VERSION 0\n"]
for (name, package, fixed_version, kind, urgency, remote, description,
@@ -1406,7 +1449,7 @@
fill_bug_to_index()
urgency_to_flag = {''low'' : ''L'',
''medium'' : ''M'', ''high'' :
''H'',
- ''unknown'' : '' ''}
+ ''unknown'' : '' '',
''undetermined'' : '' ''}
vuln_list = []
source_packages = {}
Nico Golde
2010-Jan-03 21:46 UTC
[Secure-testing-team] [Secure-testing-commits] r13694 - bin lib/python
Hi, * Michael Gilbert <gilbert-guest at alioth.debian.org> [2010-01-02 09:41]: [...]> adding support for <undetermined> in the tracker service. feedback and comments are very welcome.Where was the discussion about that new tag and its use? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100103/252ede6b/attachment.pgp>