[Secure-testing-commits] r3136 - bin

Fri Dec 23 21:09:33 UTC 2005

Author: fw
Date: 2005-12-23 21:09:32 +0000 (Fri, 23 Dec 2005)
New Revision: 3136

Modified:
   bin/tracker_service.py
Log:
bin/tracker_service.py (TrackerService):
  Add page data/latently-vulnerable.
(TrackerService.page_data_latently_vulnerable):
  New method.


Modified: bin/tracker_service.py
===================================================================

--- bin/tracker_service.py	2005-12-23 19:31:59 UTC (rev 3135)
+++ bin/tracker_service.py	2005-12-23 21:09:32 UTC (rev 3136)
@@ -97,6 +97,8 @@
         self.register('status/itp', self.page_status_itp)
         self.register('data/unknown-packages', self.page_data_unknown_packages)
         self.register('data/missing-epochs', self.page_data_missing_epochs)
+        self.register('data/latently-vulnerable',
+                      self.page_data_latently_vulnerable)
         self.register('data/releases', self.page_data_releases)
         self.register('data/funny-versions', self.page_data_funny_versions)
         self.register('data/fake-names', self.page_data_fake_names)
@@ -138,6 +140,8 @@
             ('data/fake-names', 'Tracked issues without a CVE name'),
             ('data/missing-epochs',
              'Package versions which might lack an epoch'),
+            ('data/latently-vulnerable',
+             'Packages which are latently vulnerable in unstable'),
             ('data/funny-versions',
              'Packages with strange version numbers'),
             ('data/releases',
@@ -807,6 +811,36 @@
                 caption=("Bug", "Package", "Version 1", "Version 2"),
                 replacement="No source package version with missing epochs.")])
 
+    def page_data_latently_vulnerable(self, path, params, url):
+        def gen():
+            for pkg, bugs in self.db.cursor().execute(
+                """SELECT package, string_set(bug_name)
+                FROM package_notes AS p1
+                WHERE release <> ''
+                AND (bug_name LIKE 'CVE-%' OR bug_name LIKE 'FAKE-%')
+                AND NOT EXISTS (SELECT 1 FROM package_notes AS p2
+                                WHERE p2.bug_name = p1.bug_name
+                                AND p2.package = p1.package
+                                AND release = '')
+                AND EXISTS (SELECT 1 FROM source_packages
+                           WHERE name = p1.package AND release = 'sid')
+                GROUP BY package
+                ORDER BY package"""):
+                pkg = self.make_source_package_ref(url, pkg)
+                bugs = bugs.split(',')
+                yield pkg, self.make_xref_list(url, bugs)
+
+        return self.create_page(
+            url, "Latently vulnerable packages in unstable",
+            [P(
+"""A package is latently vulnerable in unstable if it is vulnerable in
+any release, and there is no package note for the same vulnerability
+and package in unstable (and the package is still available in
+unstable, of course)."""),
+             make_table(gen(),
+                caption=("Package", "Bugs"),
+                replacement="No latently vulnerable packages were found.")])
+
     def page_data_releases(self, path, params, url):
         def gen():
             for (rel, subrel, archive, sources, archs) \


