[Secure-testing-commits] r2475 - lib/python
Florian Weimer
fw at costa.debian.org
Thu Oct 20 08:28:25 UTC 2005
Author: fw
Date: 2005-10-20 08:28:24 +0000 (Thu, 20 Oct 2005)
New Revision: 2475
Modified:
lib/python/bugs.py
lib/python/security_db.py
Log:
First round of updates for the CAN -> CVE transition.
lib/python/bugs.py (CANFile):
Remove, merge with CVEFile.
(BugBase.re_cve_name, BugBase.__init__, FileBase.re_*,
FileBase.__iter__):
Remove CAN-specific parts.
(test):
Update.
lib/python/security_db.py (DB.readBugs):
Do not read CAN/list. No longer normalize cross-references
(test):
Update.
Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py 2005-10-20 08:21:24 UTC (rev 2474)
+++ lib/python/bugs.py 2005-10-20 08:28:24 UTC (rev 2475)
@@ -222,7 +222,7 @@
class BugBase:
"Base class for entries in the bug list."""
- re_cve_name = re.compile(r'^(?:CAN|CVE)-\d{4}-\d{4}$')
+ re_cve_name = re.compile(r'^CVE-\d{4}-\d{4}$')
def __init__(self, fname, lineno, date, name, description, comments):
assert type(fname) == types.StringType
@@ -384,11 +384,7 @@
if r is None:
name_components = name.split('-')
name_source = name_components[0]
- if name_source == 'CAN':
- r = lookup('-'.join(['CVE'] + name_components[1:]))
- elif name_source == 'CVE':
- r = lookup('-'.join(['CAN'] + name_components[1:]))
- elif name_source == 'DSA' and 2 <= len(name_components) <= 3:
+ if name_source == 'DSA' and 2 <= len(name_components) <= 3:
r = lookup_dsa('DSA-' + name_components[1])
if r is None:
raise ValueError, "unknown bug " + `name`
@@ -485,11 +481,11 @@
re_xref_required = re.compile(r'^\{')
re_xref = re.compile(r'^\{\s*([^\}]+?)\s*\}$')
re_whitespace = re.compile(r'\s+')
- re_xref_entry = re.compile('^(?:(?:CAN|CVE)-\d{4}-\d{4}'
+ re_xref_entry = re.compile('^(?:CVE-\d{4}-\d{4}'
+ r'|VU#\d{6}'
+ r'|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$')
re_xref_entry_own = re.compile(
- '^(?:(?:CAN|CVE)-\d{4}-\d{4}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$')
+ '^(?:CVE-\d{4}-\d{4}|DSA-\d+(?:-\d+)?|DTSA-\d+-\d+)$')
re_xref_fixes_required = re.compile(r'^FIXES')
re_xref_fixes = re.compile(r'^FIXES:\s+(.*?)\s*$')
@@ -709,14 +705,14 @@
comments.append(('TODO', todo))
continue
- self.raiseSyntaxError('expected CAN/CVE annotation, got: %s'
+ self.raiseSyntaxError('expected CVE annotation, got: %s'
% `r`, lineno)
break
if cve_reserved:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- ('reserved CVE entries must have CAN/CVE names',
+ ('reserved CVE entries must have CVE names',
first_lineno)
if len(pkg_notes) > 0:
# The bug has extra data even though it is marked
@@ -735,7 +731,7 @@
elif cve_rejected:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- ('rjeected CVE entries must have CAN/CVE names',
+ ('rjeected CVE entries must have CVE names',
first_lineno)
if len(pkg_notes) > 0:
self.raiseSyntaxError\
@@ -746,7 +742,7 @@
elif not_for_us is not None:
if not self.isUniqueName(record_name):
self.raiseSyntaxError\
- ('not-for-us bug must have CAN/CVE name', first_lineno)
+ ('not-for-us bug must have CVE name', first_lineno)
if len(pkg_notes) > 0:
self.raiseSyntaxError\
('package information not allowed in not-for-us bugs',
@@ -778,10 +774,10 @@
parsed, or adds some additional checking."""
return bug
-class CANFile(FileBase):
- """A CAN file, as used by the Debian testing security team."""
+class CVEFile(FileBase):
+ """A CVE file, as used by the Debian testing security team."""
- re_cve = re.compile(r'^(CAN-\d{4}-(?:\d{4}|XXXX))\s+(.*?)\s*$')
+ re_cve = re.compile(r'^(CVE-\d{4}-(?:\d{4}|XXXX))\s+(.*?)\s*$')
def __init__(self, name, fileObj=None):
FileBase.__init__(self, name, fileObj)
@@ -793,39 +789,6 @@
def matchHeader(self, line):
match = self.re_cve.match(line)
if not match:
- self.raiseSyntaxError("expected CAN record, got: %s" % `line`)
- (record_name, description) = match.groups()
- (cve, desc) = match.groups()
- if desc:
- if desc[0] == '(':
- if desc[-1] <> ')':
- self.raiseSyntaxError("missing closing parenthesis")
- else:
- desc = desc[1:-1]
- elif desc[0] == '[':
- if desc[-1] <> ']':
- self.raiseSyntaxError("missing closing bracket")
- else:
- desc = desc[1:-1]
- return (None, cve, desc)
-
- def finishBug(self, bug):
- # Merge identical package notes, for historical reasons.
- bug.mergeNotes()
- return bug
-
-class CVEFile(FileBase):
- """A CVE file, as used by the Debian testing security team."""
-
- re_cve = re.compile(r'^(CVE-\d{4}-\d{4})\s+(.*?)\s*$')
-
- def __init__(self, name, fileObj=None):
- FileBase.__init__(self, name, fileObj)
- self.no_version_needs_note = False
-
- def matchHeader(self, line):
- match = self.re_cve.match(line)
- if not match:
self.raiseSyntaxError("expected CVE record, got: %s" % `line`)
(record_name, description) = match.groups()
(cve, desc) = match.groups()
@@ -846,7 +809,7 @@
# Merge identical package notes, for historical reasons.
bug.mergeNotes()
return bug
-
+
class DSAFile(FileBase):
"""A DSA file.
@@ -945,7 +908,7 @@
assert note.fixed_version == debian_support.Version('0.36-1')
assert note.urgency == internUrgency('medium')
- for p in CANFile('../../data/CAN/list'):
+ for p in CVEFile('../../data/CVE/list'):
pass
if __name__ == "__main__":
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2005-10-20 08:21:24 UTC (rev 2474)
+++ lib/python/security_db.py 2005-10-20 08:28:24 UTC (rev 2475)
@@ -611,8 +611,7 @@
return True
return True
- sources = ((bugs.CANFile, '/CAN/list'),
- (bugs.CVEFile, '/CVE/list'),
+ sources = ((bugs.CVEFile, '/CVE/list'),
(bugs.DSAFile, '/DSA/list'),
(bugs.DTSAFile, '/DTSA/list'))
@@ -641,73 +640,21 @@
read_one(cls(path + name))
errors = []
-
- if self.verbose:
- print " checking CAN/CVE collisions"
-
- for b1, b2 in list(cursor.execute\
- ("""SELECT b1.name, b2.name FROM bugs AS b1, bugs AS b2
- WHERE b1.name LIKE 'CVE-%'
- AND b2.name = 'CAN-' || substr(b1.name, 5, 9)""")):
- b1 = bugs.BugFromDB(cursor, b1)
- b2 = bugs.BugFromDB(cursor, b2)
- errors.append("%s:%d: duplicate CVE entries %s and %s"
- % (b1.source_file, b1.source_line,
- b1.name, b2.name))
- errors.append("%s:%d: location of %s"
- % (b1.source_file, b1.source_line, b1.name))
- errors.append("%s:%d: location of %s"
- % (b2.source_file, b2.source_line, b2.name))
-
- # Normalize the CAN/CVE references to the entry which is
- # actually in the database. After the CAN -> CVE transition,
- # this can go away (but we should check that the
- # cross-references are valid).
-
if self.verbose:
- print " normalize CAN/CVE references"
+ print " check cross-references"
+ # Keep normalized_target column for now.
cursor.execute("UPDATE bugs_xref SET normalized_target = target")
- for source, target in list(cursor.execute\
- ("""SELECT source, target FROM bugs_xref
- WHERE target LIKE 'CAN-%' OR target LIKE 'CVE-%'""")):
- if bugs.BugBase.re_cve_name.match(target):
- can_target = 'CAN-' + target[4:]
- cve_target = 'CVE-' + target[4:]
-
- found = False
- for (t,) in list(cursor.execute("""SELECT name FROM bugs
- WHERE name IN (?, ?)""", (can_target, cve_target))):
- cursor.execute("""UPDATE bugs_xref
- SET normalized_target = ?
- WHERE source = ? AND target = ?""",
- (t, source, target))
- found = True
- break
- if not found:
- b = bugs.BugFromDB(cursor, source)
- errors.append\
- ("%s: %d: reference to unknwown CVE entry %s"
- % (b.source_file, b.source_line, target))
-
+
+ for (bug,) in cursor.execute(
+ """SELECT DISTINCT target FROM bugs_xref
+ EXCEPT SELECT name FROM bugs"""):
+ if bug[0:3] == "VU#":
+ continue
+ errors.append("reference to unknwown bug " + bug)
+
if self.verbose:
- print " check DSA/DTSA references"
-
- for source, target in list(cursor.execute
- ("""SELECT source, target FROM bugs_xref
- WHERE target LIKE 'DSA%' OR target LIKE 'DTSA%'""")):
- found = False
- for (b,) in cursor.execute("SELECT name FROM bugs WHERE name = ?",
- (target,)):
- found = True
- if not found:
- b = bugs.BugFromDB(cursor, source)
- errors.append\
- ("%s: %d: reference to unknwown advisory %s"
- % (b.source_file, b.source_line, target))
-
- if self.verbose:
print " apply FIXES"
target_sources = {}
@@ -1533,8 +1480,8 @@
db.readBugs(cursor, '../../data')
db.commit(cursor)
- b = bugs.BugFromDB(cursor, 'CAN-2005-2491')
- assert b.name == 'CAN-2005-2491', b.name
+ b = bugs.BugFromDB(cursor, 'CVE-2005-2491')
+ assert b.name == 'CVE-2005-2491', b.name
assert b.description == 'Integer overflow in pcre_compile.c in Perl Compatible Regular ...', b.description
assert len(b.xref) == 2, b.xref
assert not b.not_for_us
More information about the Secure-testing-commits
mailing list