[Secure-testing-commits] r2156 - lib/python
Florian Weimer
fw at costa.debian.org
Sat Sep 24 15:43:05 UTC 2005
Author: fw
Date: 2005-09-24 15:43:04 +0000 (Sat, 24 Sep 2005)
New Revision: 2156
Modified:
lib/python/bugs.py
lib/python/security_db.py
Log:
Implement NOT-FOR-US:, <unfixed>, <not-affected> and <itp>.
lib/python/bugs.py (PackageNote.writeDB):
Store package_kind attribute in the database, so that we can detect
notes for ITPs.
(PackageNoteParsed.__init__):
'unfixed' is no longer a valid tag.
(FileBase):
Update regular expressions.
(FileBase.__iter__):
Parse new "- PACKAGE <TAG>" annotations. Implement NOT-FOR-US:.
Caclulate the Debian bug number for a FAKE name when it is needed.
lib/python/security_db.py (DB.calculateVulnerabilities):
Do not overrite "itp" values in the package_kind column of
package_notes. Check that ITPed packages are not present in the
archive.
(DB.getITPs):
New method.
Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py 2005-09-24 15:35:43 UTC (rev 2155)
+++ lib/python/bugs.py 2005-09-24 15:43:04 UTC (rev 2156)
@@ -144,10 +144,11 @@
else:
r = ''
cursor.execute("""INSERT INTO package_notes
- (bug_name, package, fixed_version, release, urgency, bug_origin)
- VALUES (?, ?, ?, ?, ?, ?)""",
+ (bug_name, package, fixed_version, release, urgency, bug_origin,
+ package_kind)
+ VALUES (?, ?, ?, ?, ?, ?, ?)""",
(bug_name, self.package, v, r,
- str(self.urgency), bug_origin))
+ str(self.urgency), bug_origin, self.package_kind))
for (rowid,) in cursor.execute('SELECT last_insert_rowid()'):
self.id = rowid
for b in self.bugs:
@@ -214,10 +215,6 @@
bugs.append(int(bug))
continue
- if n == 'unfixed':
- self.unfixed = True
- continue
-
raise SyntaxError , 'unknown package note %s\n' % `n`
PackageNote.__init__(self, package, version, release, urgency)
self.bugs = bugs
@@ -501,10 +498,14 @@
# temporary hack, until we know what "!" actually means.
re_package_required = re.compile(r'^(?:\[.*\]\s*)?[-!]')
- re_package = re.compile(r'^(?:\[([a-z]+)\] )?[-!] ([A-Za-z0-9:.+-]+)'
- + r'(?:\s+([A-Za-z0-9:.+-]+))?\s*(?:\((.*)\))?$')
- re_not_for_us_required = re.compile(r'^NOTE:\s+not?e?-f[ou]?r-[us]')
- re_not_for_us = re.compile(r'^NOTE:\s+not-for-us(?:\s+\((.*)\))?\s*$')
+ re_package_version = re.compile(
+ r'^(?:\[([a-z]+)\] )?[-!] ([A-Za-z0-9:.+-]+)\s*'
+ + r'(?:\s([A-Za-z0-9:.+-]+)\s*)?(?:\s\((.*)\))?$')
+ re_package_no_version = re.compile(
+ r'^(?:\[([a-z]+)\] )?[-!] ([A-Za-z0-9:.+-]+)'
+ + r'\s+<([a-z-]+)>\s*(?:\s\((.*)\))?$')
+ re_not_for_us_required = re.compile(r'^NOT-FOR-US:')
+ re_not_for_us = re.compile(r'^NOT-FOR-US:\s+(.*?)\s*$')
re_reserved = re.compile(r'^NOTE:\s+reserved\s*$')
re_rejected = re.compile(r'^NOTE:\s+rejected\s*$')
re_note = re.compile(r'^NOTE:\s+(.*)$')
@@ -601,7 +602,6 @@
comments = []
cve_reserved = False
cve_rejected = False
- first_bug = 0
for (lineno, r) in record:
def handle_xref(re_required, re_real, re_entry, target):
@@ -637,32 +637,45 @@
continue
if self.re_package_required.match(r):
- match = self.re_package.match(r)
+ match = self.re_package_version.match(r)
if match:
(release, p, v, d) = match.groups()
- if v is None and d is None and \
- self.no_version_needs_note:
- raise SyntaxError, \
- 'version-less package entry requires note'
+ pkg_notes.append(
+ PackageNoteParsed(p, v, d, release=release))
+ continue
+ match = self.re_package_no_version.match(r)
+ if match:
+ (release, p, v, d) = match.groups()
if v == 'not-affected':
- # '0' is the minimum version number possible.
pkg_notes.append(PackageNoteParsed
(p, '0', 'unimportant',
release=release))
- # 'd' is a free-form field in this case,
- # if it is present.
if d:
- comments.append(('NOTE', d))
+ # Not exactly idea, but we have to record the
+ # free-form text in some way.
+ if r[-1] == '\n':
+ r = r[:-1]
+ comments.append(('NOTE', r))
+ elif v == 'itp':
+ x = PackageNoteParsed(p, None, d, release=release)
+ x.package_kind = 'itp'
+ if not x.bugs:
+ self.raiseSyntaxError(
+ "ITP note needs Debian bug reference",
+ lineno)
+ pkg_notes.append(x)
+ elif v == 'unfixed':
+ pkg_notes.append(PackageNoteParsed
+ (p, None, d, release=release))
else:
- x = PackageNoteParsed(p, v, d, release=release)
- pkg_notes.append(x)
- if first_bug == 0 and len(x.bugs) > 0:
- first_bug = x.bugs[0]
- else:
- self.raiseSyntaxError("expected package entry, got: "
- + `r`, lineno)
- continue
+ self.raiseSyntaxError(
+ "invalid special version %s in package entry"
+ % `r`, lineno)
+ continue
+
+ self.raiseSyntaxError(
+ "expected package entry, got: " + `r`, lineno)
if self.re_not_for_us_required.match(r):
match = self.re_not_for_us.match(r)
@@ -672,7 +685,7 @@
not_for_us = ''
continue
else:
- self.raiseSyntaxError("expected not-for-us entry, "
+ self.raiseSyntaxError("expected NOT-FOR-US entry, "
+ "got: " + `r`, lineno)
match = self.re_reserved.match(r)
@@ -747,6 +760,13 @@
not_for_us=True))
else:
if not self.isUniqueName(record_name):
+ first_bug = 0
+ for n in pkg_notes:
+ for b in n.bugs:
+ first_bug = b
+ break
+ if first_bug:
+ break
record_name = 'FAKE-%07d-%06d' % (first_bug, first_lineno)
yield self.finishBug(Bug(self.file.name, first_lineno, date,
record_name, description,
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2005-09-24 15:35:43 UTC (rev 2155)
+++ lib/python/security_db.py 2005-09-24 15:43:04 UTC (rev 2156)
@@ -910,11 +910,14 @@
if self.verbose:
print " checking source/binary packages"
- cursor.execute("UPDATE package_notes SET package_kind = 'unknown'")
cursor.execute(
+ """UPDATE package_notes SET package_kind = 'unknown'
+ WHERE package_kind IN ('source', 'binary')""")
+ cursor.execute(
"""UPDATE package_notes SET package_kind = 'source'
- WHERE EXISTS (SELECT * FROM source_packages AS p
- WHERE p.name = package_notes.package)""")
+ WHERE package_kind = 'unknown'
+ AND EXISTS (SELECT * FROM source_packages AS p
+ WHERE p.name = package_notes.package)""")
cursor.execute(
"""UPDATE package_notes SET package_kind = 'binary'
WHERE package_kind = 'unknown'
@@ -949,6 +952,18 @@
result.append("%s:%d: candidates are %s and %s"
% (b.source_file, b.source_line, s1, s2))
+ for (bug_name, package) in list(cursor.execute(
+ """SELECT n.bug_name, n.package
+ FROM package_notes AS n
+ WHERE n.package_kind = 'itp'
+ AND ((EXISTS (SELECT * FROM source_packages
+ WHERE name = n.package))
+ OR (EXISTS (SELECT * FROM binary_packages
+ WHERE name = n.package)))""")):
+ b = bugs.BugFromDB(cursor, bug_name)
+ result.append("%s:%d: ITPed package %s is in the archive"
+ % (b.source_file, b.source_line, package))
+
if False:
# The following check looks useful, but there are
# situations where we want to be very explicit about
@@ -1432,6 +1447,22 @@
if old_package:
yield (old_package, bugs)
+ def getITPs(self, cursor):
+ """Returns a generator for a list of unknown packages.
+ Each entry has the form (PACKAGE, BUG-LIST, DEBIAN-BUG-LIST)."""
+
+ # The "|| ''" is required to convert the string_set argument
+ # to a string.
+ for (package, bugs, debian_bugs) in cursor.execute(
+ """SELECT DISTINCT n.package, string_set(n.bug_name),
+ string_set(db.bug || '')
+ FROM package_notes AS n, debian_bugs AS db
+ WHERE package_kind = 'itp'
+ AND db.note = n.id
+ GROUP BY n.package
+ ORDER BY n.package"""):
+ yield (package, bugs.split(','), map(int, debian_bugs.split(',')))
+
def check(self, cursor=None):
"""Runs a simple consistency check and prints the results."""
More information about the Secure-testing-commits
mailing list