Secure testing commits - May 2010 - r14652 - in lib/python: sectracker sectracker_test

Author: fw
Date: 2010-05-09 11:39:28 +0000 (Sun, 09 May 2010)
New Revision: 14652

Modified:
   lib/python/sectracker/analyzers.py
   lib/python/sectracker_test/test_analyzers.py
Log:
sectracker.analyzers.copysources(): helper for DSA/DTSA -> CVE propagation


Modified: lib/python/sectracker/analyzers.py
==================================================================---
lib/python/sectracker/analyzers.py	2010-05-09 11:37:48 UTC (rev 14651)
+++ lib/python/sectracker/analyzers.py	2010-05-09 11:39:28 UTC (rev 14652)
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 import apt_pkg as _apt_pkg
+import re as _re
 
 # vercmp is the Debian version comparison algorithm
 _apt_pkg.init()
@@ -67,3 +68,33 @@
                     else:
                         pv[ann.package] = set((ann.version,))
     return rpv
+
+def copysources(bugdb, diag):
+    """Returns a dictionary, mapping bug names to their copy
sources.
+    
+    As a side effect, this checks cross-references.  Errors found
+    there are recorded in diag."""
+
+    re_source = _re.compile("^DT?SA-")
+
+    result = {}
+    for bug in bugdb.values():
+        copy_source = bug.header.name
+        if not re_source.match(copy_source):
+            copy_source = None
+        for ann in bug.annotations:
+            if ann.type <> "xref":
+                continue
+            for target in ann.bugs:
+                if target not in bugdb:
+                    diag.error("reference to unknown bug %r" %
target,
+                               file=bug.file, line=ann.line)
+                    continue
+                if copy_source is not None:
+                    if target in result:
+                        result[target].add(copy_source)
+                    else:
+                        result[target] = set((copy_source,))
+    return result
+
+                

Modified: lib/python/sectracker_test/test_analyzers.py
==================================================================---
lib/python/sectracker_test/test_analyzers.py	2010-05-09 11:37:48 UTC (rev 14651)
+++ lib/python/sectracker_test/test_analyzers.py	2010-05-09 11:39:28 UTC (rev
14652)
@@ -27,6 +27,8 @@
 bugdb = mergelists((p.cvelist("../../data/CVE/list"),
                     p.dsalist("../../data/DSA/list"),
                     p.dtsalist("../../data/DTSA/list")), diag)
+assert "CVE-1999-0001" in bugdb
+assert "DSA-135" in bugdb
 assert "CVE-2006-0225" in bugdb
 assert bugdb["CVE-2006-0225"].annotations[0].package ==
"openssh"
 
@@ -42,7 +44,11 @@
             if len(v) > 1:
                 print r, p, v
 
+# copysources
+copysrc = copysources(bugdb, diag)
+assert "CVE-2008-0225" in copysrc
+assert "DSA-1472-1" in copysrc["CVE-2008-0225"]
+
 for err in diag.messages():
     print "%s:%d: %s: %s" % (err.file, err.line, err.level,
err.message)
 assert not diag.messages()
-