[Secure-testing-commits] r2001 - lib/python
Florian Weimer
fw at costa.debian.org
Thu Sep 15 15:05:18 UTC 2005
Author: fw
Date: 2005-09-15 15:05:18 +0000 (Thu, 15 Sep 2005)
New Revision: 2001
Modified:
lib/python/bugs.py
lib/python/security_db.py
Log:
lib/python/security_db.py (DB):
Add source_version_id column to binary_packages table.
(DB._updateVersions):
Update source_version_id, too.
(DB.calculateVulnerabilities):
Add code to determine vulnerable binary packages, based on their
source packages.
lib/python/bugs.py (BugFromDB.getBinaryPackages):
New method. Needs more work.
(test):
Fix.
Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py 2005-09-15 15:00:32 UTC (rev 2000)
+++ lib/python/bugs.py 2005-09-15 15:05:18 UTC (rev 2001)
@@ -363,6 +363,37 @@
AND debian_bugs.note = package_notes.id
ORDER BY bug""", (self.name,)))
+ def getBinaryPackages(self, cursor):
+ # FIXME: This should aggregate, possibly using group_by.
+
+ result = []
+
+ def group_by(column, source):
+ result = {}
+ for t in source:
+ key = t[column]
+ value = t[:column] + t[column + 1:]
+ if result.has_key(key):
+ result[key].append(value)
+ else:
+ result[key] = [value]
+ return result
+
+
+ for (package, release, subrelease, version, archs, vulnerable) \
+ in cursor.execute(
+ """SELECT p.name, p.release, p.subrelease, p.version, p.archs,
+ s.vulnerable
+ FROM binary_packages AS p, binary_package_status AS s,
+ package_notes AS n
+ WHERE n.bug_name = ? AND s.note = n.id AND p.rowid = s.package""",
+ (self.name,)):
+ for arch in archs.split(','):
+ result.append((package, release, subrelease, version, arch,
+ vulnerable))
+
+ return result
+
class BugReservedCVE(BugBase):
"""Class for reserved CVE entries."""
def __init__(self, fname, lineno, name, comments=None):
@@ -764,7 +795,7 @@
assert note.fixed_version == debian_support.Version('0.36-1')
assert note.urgency == internUrgency('medium')
- for p in CVEFile('../../data/CAN/list'):
+ for p in CANFile('../../data/CAN/list'):
pass
if __name__ == "__main__":
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2005-09-15 15:00:32 UTC (rev 2000)
+++ lib/python/security_db.py 2005-09-15 15:05:18 UTC (rev 2001)
@@ -96,7 +96,7 @@
'sarge' : 'stable',
'woody': 'oldstable'}
- self.schema_version = 4
+ self.schema_version = 5
c = self.cursor()
for (v,) in c.execute("PRAGMA user_version"):
@@ -177,6 +177,7 @@
source_version TEXT NOT NULL,
archs TEXT NOT NULL,
version_id INTEGER NOT NULL DEFAULT 0,
+ source_version_id INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (name, release, subrelease, archive, version, source,
source_version))""")
cursor.execute(
@@ -667,7 +668,8 @@
FROM (SELECT fixed_version FROM package_notes
WHERE fixed_version IS NOT NULL
UNION ALL SELECT version FROM source_packages
- UNION ALL SELECT version FROM binary_packages)"""):
+ UNION ALL SELECT version FROM binary_packages
+ UNION ALL SELECT source_version FROM binary_packages)"""):
versions.append(debian_support.Version(v))
if self.verbose:
@@ -701,7 +703,9 @@
cursor.execute(
"""UPDATE binary_packages
SET version_id = (SELECT id FROM version_linear_order
- WHERE version = binary_packages.version)""")
+ WHERE version = binary_packages.version),
+ source_version_id = (SELECT id FROM version_linear_order
+ WHERE version = binary_packages.source_version)""")
if self.verbose:
print " finished"
@@ -718,28 +722,55 @@
result = []
self._updateVersions(cursor)
- # self._synthesizeReleases(cursor)
if self.verbose:
print "calculateVulnerabilities:"
print " checking version consistency in package notes"
for (bug_name, pkg_name, rel, unstable_ver, rel_ver) \
in list(cursor.execute(
- """SELECT a.bug_name, a.package, a.release,
+ """SELECT a.bug_name, a.package, b.release,
a.fixed_version, b.fixed_version
FROM package_notes a, package_notes b
WHERE a.bug_name = b.bug_name AND a.package = b.package
AND a.release = '' AND b.release <> ''
+ AND a.fixed_version IS NOT NULL
AND a.fixed_version_id < b.fixed_version_id""")):
b = bugs.BugFromDB(cursor, bug_name)
result.append("%s:%d: inconsistent versions for package %s"
% (b.source_file, b.source_line, pkg_name))
result.append("%s:%d: unstable: %s"
- % (b.source_file, b.source_line, rel_ver))
+ % (b.source_file, b.source_line, unstable_ver))
result.append("%s:%d: release %s: %s"
% (b.source_file, b.source_line, `rel`, rel_ver))
if self.verbose:
+ print " checking source/binary packages"
+ cursor.execute("UPDATE package_notes SET package_kind = 'unknown'")
+ cursor.execute(
+ """UPDATE package_notes SET package_kind = 'source'
+ WHERE EXISTS (SELECT * FROM source_packages AS p
+ WHERE p.name = package_notes.package)""")
+ cursor.execute(
+ """UPDATE package_notes SET package_kind = 'binary'
+ WHERE package_kind = 'unknown'
+ AND EXISTS (SELECT * FROM binary_packages AS p
+ WHERE p.name = package_notes.package)""")
+ for (bug_name, s_package, b_package) in cursor.execute(
+ """SELECT DISTINCT s.bug_name, s.package, b.package
+ FROM package_notes AS s, package_notes AS b, binary_packages AS p
+ WHERE s.bug_name = b.bug_name
+ AND s.package_kind = 'source'
+ AND b.package_kind = 'binary'
+ AND p.name = b.package AND p.source = s.package"""):
+ b = bugs.BugFromDB(cursor, bug_name)
+ result.append("%s:%d: source and binary package annotations"
+ % (b.source_file, b.source_line))
+ result.append("%s:%d: source package: %s"
+ % (b.source_file, b.source_line, s_package))
+ result.append("%s:%d: binary package: %s"
+ % (b.source_file, b.source_line, b_package))
+
+ if self.verbose:
print " create temporary tables"
cursor.execute(
"""CREATE TEMPORARY TABLE tmp_bug_releases
@@ -793,14 +824,28 @@
OR p.release = (SELECT nickname FROM nicknames
WHERE realname = n.release))""")
+ if self.verbose:
+ print " binary packages (from source packages)"
cursor.execute(
- """UPDATE package_notes SET package_kind = 'source'
- WHERE EXISTS (SELECT * FROM source_package_status AS s
- WHERE s.note = package_notes.id)""")
+ """INSERT INTO binary_package_status
+ SELECT n.id, p.rowid,
+ n.fixed_version IS NULL OR p.source_version_id < n.fixed_version_id
+ FROM package_notes AS n, binary_packages AS p
+ WHERE n.release = '' AND p.source = n.package
+ AND NOT EXISTS (SELECT * FROM tmp_bug_releases AS t
+ WHERE t.bug_name = n.bug_name
+ AND t.release = p.release)""")
+ cursor.execute(
+ """INSERT INTO binary_package_status
+ SELECT n.id, p.rowid,
+ n.fixed_version IS NULL OR p.source_version_id < n.fixed_version_id
+ FROM package_notes AS n, binary_packages AS p
+ WHERE p.source = n.package AND p.release = n.release""")
- # Same story for binary packages. We prefer source packages,
+ # Almost the same binary packages. We prefer source packages,
# so we skip all notes which have already source packages
- # attached.
+ # attached. (Of course, we do not have to add status
+ # information for binary package separately.)
if self.verbose:
print " binary packages (unqualified)"
@@ -813,7 +858,7 @@
AND (NOT EXISTS (SELECT * FROM tmp_bug_releases AS t
WHERE t.bug_name = n.bug_name
AND t.release = p.release))
- AND n.package_kind = 'unknown'""")
+ AND n.package_kind = 'binary'""")
if self.verbose:
print " binary packages (qualified)"
@@ -827,9 +872,9 @@
OR p.release = n.release || '-security'
OR p.release = (SELECT nickname FROM nicknames
WHERE realname = n.release))
- AND n.package_kind = 'unknown'""")
+ AND n.package_kind = 'binary'""")
- return
+ return result
if self.verbose:
More information about the Secure-testing-commits
mailing list