[Secure-testing-commits] r7645 - bin
fw at alioth.debian.org
fw at alioth.debian.org
Mon Dec 17 21:28:59 UTC 2007
Author: fw
Date: 2007-12-17 21:28:59 +0000 (Mon, 17 Dec 2007)
New Revision: 7645
Removed:
bin/tracker.cgi
Log:
* tracker.cgi
Remove obsolete CGI script
Deleted: bin/tracker.cgi
===================================================================
--- bin/tracker.cgi 2007-12-17 21:14:14 UTC (rev 7644)
+++ bin/tracker.cgi 2007-12-17 21:28:59 UTC (rev 7645)
@@ -1,1055 +0,0 @@
-#!/usr/bin/python
-
-import cgi
-import cgitb
-cgitb.enable() # FIXME for production use
-
-import sys
-sys.path.insert(0,'../lib/python')
-
-import os
-import re
-import string
-import types
-import urllib
-
-import security_db
-import bugs
-
-def print_header(status):
- print "Content-Type: text/html"
- print "Status:", status
- print ""
-
-def print_title(title, status=200, selectSearch=False):
- print_header(status)
- title = cgi.escape(title)
- print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
- print '''<html><head>
-<style type="text/css">
-h1 { font-size : 144%; }
-h2 { font-size : 120%; }
-h3 { font-size : 100%; }
-
-table { padding-left : 1.5em }
-td, th { text-align : left;
- padding-left : 0.25em;
- padding-right : 0.25em; }
-td { vertical-align: baseline }
-span.red { color: red; }
-span.dangerous { color: rgb(191,127,0); }
-</style>
-
-<script type="text/javascript" language="JavaScript">
-var old_query_value = "";
-
-function onLoad() {
-'''
- if selectSearch:
- print ' document.searchForm.query.focus();'
-
- print '''}
-
-function onSearch(query) {
- if (old_query_value == "") {
- if (query.length > 5) {
- old_query_value = query;
- document.searchForm.submit();
- } else {
- old_query_value = query;
- }
- }
-}
-</script>
-'''
- print '<title>%s</title></head><body onload="onLoad()"><h1>%s</h1>' \
- % (title, title)
-
-def print_footer(withSearch=True):
- print "<hr/>"
- if withSearch:
- print_paragraph(make_search())
-
- print_paragraph(make_a(url_from_rel(""), "Home"),
- " - ", make_a("http://secure-testing.debian.net",
- "Testing Security Team"),
- " - ", make_a("http://www.debian.org/security/",
- "Debian Security"),
- " - ", make_a("http://www.enyo.de/fw/impressum.html",
- "Imprint"))
- print "</body></html>"
-
-class NoEscape:
- """Prevent escaping of HTML text."""
- def __init__(self, data):
- self.data = data
- def __repr__(self):
- return "NoEscape(%s)" % `self.data`
-
-def escape(data):
- if type(data) == types.StringType:
- return cgi.escape(data)
- assert type(data) == types.InstanceType, type(data)
- assert data.__class__ == NoEscape, data.__class__
- return data.data
-
-def print_error(msg):
- msg = escape(msg)
- print "<p><b>ERROR:</b> %s</p>" % msg
- print '<p>Please contact <a href="mailto:fw at deneb.enyo.de">Florian Weimer</a> and report this problem.</p>'
-
-try:
- path_info = os.environ['PATH_INFO']
-except KeyError:
- path_info = ''
-
-try:
- server_name = os.environ['SERVER_NAME']
-except KeyError:
- server_name = 'localhost'
-
-try:
- script_name = cgi.escape(os.environ['SCRIPT_NAME'])
-except KeyError:
- script_name = ''
-while script_name[0:2] == '//':
- script_name = script_name[1:]
-
-def print_no_results(query):
- print_title("No results", status=404)
- print_error(NoEscape('Your query "<code>%s</code>" matched no results.'
- % cgi.escape(query)))
- print_footer()
-
-def print_invalid_query():
- print_title("Invalid query", status=404)
- print_error("The URL you specified is incorrect for this application.")
- print_footer()
-
-def print_table(gen, caption=(), replacement='', introduction='', style=None):
- w = sys.stdout.write
- if style:
- style = ' class="%s"' % escape(style)
- else:
- style = ''
-
- first_row = True
- for row in gen:
- if first_row:
- w(escape(introduction))
- if style:
- w('<table%s>' % style)
- else:
- w('<table>')
- if caption:
- w('<tr%s>' % style)
- for c in caption:
- w('<th%s>' % style)
- w(escape(c))
- w('</th>')
- w('</tr>\n')
- first_row = False
- w("<tr>")
- for col in row:
- w("<td%s>" % style)
- w(escape(col))
- w("</td>")
- w("</tr>\n")
- if first_row:
- if replacement:
- w(escape(replacement))
- else:
- w("</table>\n")
-
-def print_escaped(*args):
- for x in args:
- sys.stdout.write(escape(x))
-def print_paragraph(*args):
- sys.stdout.write('<p>')
- apply(print_escaped, args)
- sys.stdout.write('</p>\n')
-
-def make_bold(s):
- return NoEscape("<b>%s</b>" % escape(s))
-def make_code(s):
- return NoEscape("<code>%s</code>" % escape(s))
-def make_red(s):
- return NoEscape('<span class="red">%s</span>' % escape(s))
-def make_dangerous(s):
- return NoEscape('<span class="dangerous">%s</span>' % escape(s))
-def url_from_rel(x, full=False):
- if full:
- return "http://%s%s/%s" % (server_name, script_name, x)
- else:
- return "%s/%s" % (script_name, x)
-url_known_bug = url_from_rel
-
-def url_source_package(p, full=False):
- return url_from_rel("source-package/" + p, full)
-def url_binary_package(p, full=False):
- return url_from_rel("binary-package/" + p, full)
-
-def make_xref(x):
- url = escape(url_known_bug(x))
- return NoEscape('<a href="%s">%s</a>' % (url, escape(x)))
-def make_cve_xref(cve, name=None):
- cve = escape(cve)
- if name is None:
- name = cve
- else:
- name = escape(name)
- return NoEscape('<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s">%s</a>' % (cve, name))
-
-def make_dsa_xref(cursor, dsa, name,
- re_dsa=re.compile(r'^DSA-(\d+)(?:-\d+)?$')):
- match = re_dsa.match(dsa)
- if name is None:
- name = dsa
- else:
- name = escape(name)
- if match:
- # We must determine the year because there is no generic URL.
- (number,) = match.groups()
- for (date,) in cursor.execute(
- "SELECT release_date FROM bugs WHERE name = ?", (dsa,)):
- (y, m, d) = date.split('-')
- return NoEscape('<a href="http://www.debian.org/security/%d/dsa-%d">%s</a>'
- % (int(y), int(number), name))
-
- return escape(dsa)
-
-
-def url_debian_bug(bug):
- return "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%d" % bug
-def url_debian_bug_pkg(pkg):
- return ("http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg="
- + urllib.quote(pkg))
-
-def make_debian_bug(bug, internal=False):
- if internal:
- assert False
- return NoEscape('<a href="%s">%d</a>' % (url_debian_bug(bug), bug))
-
-def url_pts(src):
- return "http://packages.qa.debian.org/common/index.html?src=" \
- + urllib.quote(src)
-
-def url_testing_status(src):
- return "http://bjorn.haxx.se/debian/testing.pl?package=" \
- + urllib.quote(src)
-
-def make_a(url, text):
- return NoEscape('<a href="%s">%s</a>' % (escape(url), escape(text)))
-def make_pts_ref(pkg, title=None):
- if title is None:
- title = pkg
- return make_a(url_pts(pkg), title)
-
-def make_source_package_ref(pkg, title=None):
- if title is None:
- title = pkg
- return make_a(url_source_package(pkg), title)
-def make_binary_package_ref(pkg, title=None):
- if title is None:
- title = pkg
- return make_a(url_binary_package(pkg), title)
-def make_binary_packages_ref(lst):
- assert type(lst) <> types.StringType
- return make_list(map(make_binary_package_ref, lst))
-
-def make_list(lst, separator=NoEscape(", ")):
- assert type(lst) <> types.StringType
- return NoEscape(escape(separator).join(map(escape, lst)))
-
-def make_search():
- return NoEscape(\
- ('<form name="searchForm" method="get" action="%s">'
- % escape(url_from_rel('search/')))
- + 'Search for package or bug name: '
- + '<input type="text" name="query" onkeyup="onSearch(this.value)"'
- + 'onmousemove="onSearch(this.value)"> '
- + '<input type="submit" value="Go"/></form>')
-
-def print_bug(bug, db):
- print_title(bug.name)
-
- cursor = db.cursor()
-
- def gen_header():
- yield make_bold("Name"), bug.name
-
- source = bug.name.split('-')[0]
- if source in ('CAN', 'CVE'):
- source_xref = make_cve_xref(bug.name, 'CVE')
- elif source == 'DSA':
- source_xref = make_dsa_xref(cursor, bug.name, 'Debian')
- elif source == 'DTSA':
- source_xref = 'Debian Testing Security Team'
- elif source == 'FAKE':
- source_xref = 'Automatically generated temporary name. Not for external reference.'
- else:
- source_xref = None
-
- if source_xref:
- yield make_bold("Source"), source_xref
-
- if bug.description:
- yield make_bold("Description"), bug.description
-
- xref = list(db.getBugXrefs(cursor, bug.name))
- if xref:
- yield make_bold("References"), make_list(map(make_xref, xref))
-
- debian_bugs = bug.getDebianBugs(cursor)
- if debian_bugs:
- yield (make_bold("Debian Bugs"),
- make_list(map(make_debian_bug, debian_bugs)))
-
- if not bug.not_for_us:
- for (release, status, reason) in bug.getStatus(cursor):
- if status <> 'fixed':
- reason = make_red(reason)
- yield make_bold('Status of %s' % release), reason
-
- print_table(gen_header())
-
- if bug.notes:
- print """<h2>Vulnerable and fixed packages</h2>
-<p>The table below lists information on <em>source packages</em>.</p>
-"""
-
- def gen_source():
- yield (make_bold("Source Package"),
- make_bold("Release"),
- make_bold("Version"),
- make_bold("Status"))
-
- old_pkg = ''
- for (package, release, version, vulnerable) \
- in db.getSourcePackages(cursor, bug.name):
- if package == old_pkg:
- package = ''
- else:
- old_pkg = package
- package = NoEscape("%s (%s)"
- % (escape(make_source_package_ref(package)),
- escape(make_pts_ref(package, 'PTS'))))
- if vulnerable:
- vuln = make_red('vulnerable')
- version = make_red(version)
- else:
- vuln = 'fixed'
-
- yield package, ', '.join(release), version, vuln
-
- print_table(gen_source())
-
- print "<p>The next table lists affected <em>binary packages</em>.<p>"
-
- def gen_binary():
- yield (make_bold("Binary Package"),
- make_bold("Release"),
- make_bold("Version"),
- make_bold("Status"),
- make_bold("Arch"))
-
- old_pkg = ''
- for (packages, releases, version, archs, vulnerable) \
- in db.getBinaryPackages(cursor, bug.name):
- pkg = ', '.join(packages)
- if pkg == old_pkg:
- packages = ''
- else:
- old_pkg = pkg
- packages = make_binary_packages_ref(packages)
-
- if vulnerable:
- vuln = make_red('vulnerable')
- version = make_red(version)
- else:
- vuln = 'fixed'
- yield (packages,
- ', '.join(releases),
- version, vuln,
- ', '.join(archs))
-
- print_table(gen_binary())
-
-
- print """<p>The information above is based on the following
-data on fixed versions.</p>"""
-
- def gen_data():
- yield ()
-
- notes_sorted = bug.notes[:]
- notes_sorted.sort(lambda a, b: cmp(a.package, b.package))
- for n in notes_sorted:
- if n.release:
- rel = str(n.release)
- else:
- rel = '(unstable)'
- urgency = str(n.urgency)
- if n.fixed_version:
- ver = str(n.fixed_version)
- if ver == '0':
- ver = '(not affected)'
- urgency = ''
- else:
- ver = make_red('(unfixed)')
-
- pkg = n.package
- pkg_kind = n.package_kind
- if pkg_kind == 'source':
- pkg = make_source_package_ref(pkg)
- elif pkg_kind == 'binary':
- pkg = make_binary_package_ref(pkg)
- elif pkg_kind == 'itp':
- pkg_kind = 'ITP'
- rel = ''
- ver = ''
- urgency = ''
-
- bugs = n.bugs
- bugs.sort()
- bugs = make_list(map(make_debian_bug, bugs))
- if n.bug_origin:
- origin = make_xref(n.bug_origin)
- else:
- origin = ''
- yield (pkg, pkg_kind, rel, ver, urgency, origin, bugs)
-
- print_table(gen_data(),
- caption=("Package", "Type", "Release", "Fixed Version",
- "Urgency", "Origin", "Debian Bugs"))
-
- if bug.comments:
- print "<h2>Notes</h2>"
- print "<pre>"
- for (t, c) in bug.comments:
- print escape(c)
- print "</pre>"
-
- print_footer()
-
-def print_debian_bug(db, bug, buglist):
- print_title("Information related to Debian Bug #%d" % bug)
-
- print_paragraph("The following issues reference to Debian bug ",
- make_debian_bug(bug), ":")
-
- def gen():
- yield make_bold("Name"), make_bold("Urgency"), make_bold("Description")
-
- for (name, urgency, description) in buglist:
- yield make_xref(name), urgency, description
-
- print_table(gen())
- print_footer()
-
-def handle_simple_search(query):
- db = security_db.DB('../data/security.db')
- c = db.cursor()
- if 'A' <= query[0] <= 'Z':
- try:
- bug = bugs.BugFromDB(c, query)
- except ValueError:
- print_no_results(query)
- return
-
- if bug.name <> query:
- # Bug name was normalized, perform redirect so that the
- # browser sees the normalized URL.
- print "Location:", url_from_rel(bug.name, full=True)
- print
- return
-
- print_bug(bug, db)
- return
-
- elif db.isSourcePackage(c, query):
- print "Location:", url_source_package(query, full=True)
- print
- return
-
- elif db.isBinaryPackage(c, query):
- print "Location:", url_binary_package(query, full=True)
- print
- return
-
- elif '0' <= query[0] <= '9':
- # Debian bug number.
- if query[-6:] == '_REDIR':
- query = query[:-6]
- redirect = True
- else:
- redirect = False
-
- bugnumber = 0
- try:
- bugnumber = int(query)
- except ValueError:
- pass
- if bugnumber:
- buglist = list(db.getBugsFromDebianBug(c, bugnumber))
- if buglist:
- if len(buglist) == 1:
- # Single issue, redirect.
- print "Location:", url_known_bug(buglist[0][0], full=True)
- print
- return
- else:
- print_debian_bug(c, bugnumber, buglist)
- return
- elif redirect:
- print "Location:", url_debian_bug(bugnumber)
- print
- return
- print_no_results(query)
-
-def print_source_package(pkg):
- db = security_db.DB('../data/security.db')
- c = db.cursor()
-
- print_title("Information on source package " + pkg)
-
- print_menu([(url_pts(pkg),
- pkg + ' in the Package Tracking System'),
- (url_debian_bug_pkg(pkg),
- pkg + ' in the Bug Tracking System'),
- (url_testing_status(pkg),
- pkg + ' in the testing migration checker')],
- relative=False)
-
- print "<h2>Available versions</h2>"
-
- def gen_versions():
- yield make_bold("Release"), make_bold("Version")
- for (releases, version) in db.getSourcePackageVersions(c, pkg):
- yield ', '.join(releases), version
- print_table(gen_versions())
-
- print "<h2>Available binary packages</h2>"
-
- def gen_binary():
- for (packages, releases, archs, version) \
- in db.getBinaryPackagesForSource(c, pkg):
- yield (make_binary_packages_ref(packages),
- ', '.join(releases), version, ', '.join(archs))
- print_table(gen_binary(),
- caption=('Package', 'Release', 'Version', 'Architectures'),
- replacement=('No binary packages are recorded in this database. '
- + 'This probably means that the package is '
- + 'architecture-specific, and the architecture '
- + 'is currently not tracked.'))
-
- print "<h2>Open issues</h2>"
-
- def gen_bug_list(lst):
- for (bug, description) in lst:
- yield make_xref(bug), description
- print_table(gen_bug_list(db.getBugsForSourcePackage(c, pkg, True)),
- caption=('Bug', 'Description'),
- replacement='No known open issues.')
-
- print "<h2>Resolved issues</h2>"
-
- print_table(gen_bug_list(db.getBugsForSourcePackage(c, pkg, False)),
- caption=('Bug', 'Description'),
- replacement='No known resolved issues.')
-
- print_footer()
-
-def print_binary_package(pkg):
- db = security_db.DB('../data/security.db')
- c = db.cursor()
-
- print_title("Information on binary package " + pkg)
-
- print_menu([(url_debian_bug_pkg(pkg),
- pkg + ' in the Bug Tracking System')],
- relative=False)
- print "<h2>Available versions</h2>"
-
- def gen_versions():
- # FIXME: We should include the source package name in this list.
- yield ()
- for (releases, source, version, archs) \
- in db.getBinaryPackageVersions(c, pkg):
- yield (', '.join(releases), make_source_package_ref(source),
- version, ', '.join(archs))
- print_table(gen_versions(),
- caption=("Release", "Source", "Version", "Architectures"))
-
- print "<h2>Open issues</h2>"
-
- def gen_bug_list(lst):
- for (bug, description) in lst:
- yield make_xref(bug), description
- print_table(gen_bug_list(db.getBugsForBinaryPackage(c, pkg, True)),
- caption=('Bug', 'Description'),
- replacement='No known open issues.')
-
- print "<h2>Resolved issues</h2>"
-
- print_table(gen_bug_list(db.getBugsForBinaryPackage(c, pkg, False)),
- caption=('Bug', 'Description'),
- replacement='No known resolved issues.')
-
- print "<h2>Non-issues</h2>"
-
- print_table(gen_bug_list(db.getNonBugsForBinaryPackage(c, pkg)),
- caption=('Bug', 'Description'),
- replacement=('No known issues which do not affect '
- + 'this package.'))
-
- print_footer()
-
-def print_todo():
- db = security_db.DB('../data/security.db')
- print_title("Bugs with TODO items")
-
- def gen():
- yield make_bold("Bug"), make_bold("Description")
- for (bug, description) in db.getTODOs():
- yield make_xref(bug), description
- print_table(gen())
-
- print_footer()
-
-def print_menu(entries,relative=True):
- w = sys.stdout.write
- w("<ul>")
- for e in entries:
- w("<li>")
- if type(e) == types.TupleType:
- (relurl, label) = e
- if relative:
- relurl = url_from_rel(relurl)
- sys.stdout.write(escape(make_a(relurl, label)))
- else:
- w(escape(e))
- w("</li>\n")
- w("</ul>\n")
-
-def print_overview():
- print_title("Security issue tracker", selectSearch=True)
-
- print """<p>This is the experimental issue tracker for Debian's testing
-security team. Keep in mind that this is merely a prototype.
-Please report any problems to <a href="mailto:fw at deneb.enyo.de">Florian
-Weimer</a>. Note that some of the data presented here is known
-to be wrong (see below), but the data for the testing suite
-should be fine.
-</p>
-
-<h2>Starting points</h2>
-"""
-
- print_menu([('status/release/stable',
- 'Vulnerable packages in the stable suite'),
- ('status/release/testing',
- 'Vulnerable packages in the testing suite'),
- ('status/release/unstable',
- 'Vulnerable packages in the unstable suite'),
- ('status/dtsa-candidates', "Candidates for DTSAs"),
- ('status/todo', 'TODO items'),
- ('status/itp', 'ITPs with potential security issues'),
- ('data/unknown-packages',
- 'Packages names not found in the archive'),
- ('data/missing-epochs',
- 'Package versions which might lack an epoch'),
- ('data/funny-versions',
- 'Packages with strange version numbers'),
- ('data/releases',
- 'Covered Debian releases and architectures (slow)'),
- make_search()])
-
- print """<h2>A few notes on data sources</h2>
-
-<p>Data in this tracker comes solely from the bug database
-which is maintained by Debian's testing security team in their
-Subversion repository. All external data (this includes
-Debian bug reports and official Debian security advisories)
-must be added to this database before it appears here, and there
-can be some delay before this happens.
-</p>
-
-<p>At the moment, the database only contains information which is
-relevant for tracking the security status of the testing suite.
-This means that data for stable or oldstable is likely wrong.
-The unstable suite should be covered pretty well, though,
-because it is relevant to the status of testing.
-</p>
-"""
- print_footer(withSearch = False)
-
-def handle_cmd(cmd, arg):
- if cmd == 'source-package':
- print_source_package(arg)
- sys.exit(0)
- elif cmd == 'binary-package':
- print_binary_package(arg)
- sys.exit(0)
-
-if path_info in ('', '/'):
- print_overview()
- sys.exit(0)
-
-re_query = re.compile(r'^/([a-zA-Z0-9_.-]+)$')
-match = re_query.match(path_info)
-if match is None:
- cmd_list = path_info.split('/')
- if len(cmd_list) == 3:
- handle_cmd(cmd_list[1], cmd_list[2])
- # fall-through if not handled
-
- def print_releases():
- db = security_db.DB('../data/security.db')
-
- print_title("Available releases")
-
- print """<p>The security issue database is checked against
-the Debian releases listed in the table below. Currently, space
-and processing resources are limited, so the list of architectures
-is incomplete.
-</p>"""
-
- def gen():
- yield (make_bold("Release"),
- make_bold("Subrelease"),
- make_bold("Archive"),
- make_bold("Sources"),
- make_bold("Architectures"))
- for (rel, subrel, archive, sources, archs) \
- in db.availableReleases():
- if sources:
- sources = 'yes'
- else:
- sources = 'no'
- yield rel, subrel, archive, sources, make_list(archs)
-
- print_table(gen())
- print_footer()
-
- def print_funny_versions():
- db = security_db.DB('../data/security.db')
- print_title("Version conflicts between source/binary packages")
-
- print """<p>The table below lists source packages
-which have a binary package of the same name, but with a different
-version. This means that extra care is necessary to determine
-the version of a package which has been fixed. (Note that
-the bug tracker prefers source versions to binary versions
-in this case.)
-</p>"""
- def gen():
- yield (make_bold("Package"),
- make_bold("Release"),
- make_bold("Archive"),
- make_bold("Source Version"),
- make_bold("Binary Version"))
-
- for name, release, archive, version, source_version \
- in db.getFunnyPackageVersions():
- yield name, release, archive, source_version, version
-
- print_table(gen())
-
- print """<p>Technically speaking, these version numbering is fine,
-but it makes version-based bug tracking quite difficult for these packages.
-</p>
-
-<p>There are many binary packages which are built from source packages
-with different version numbering schemes. However, as long as none of
-the binary packages carries the same name as the source package, most
-confusion is avoided or can be easily explained.</p>"""
-
- print_footer()
-
- def print_missing_epochs():
- db = security_db.DB('../data/security.db')
- print_title("Missing epochs in package versions")
-
- def gen():
- old_bug = ''
- old_pkg = ''
- for bug, pkg, ver1, ver2 in db.cursor().execute(
- """SELECT DISTINCT bug_name, n.package,
- n.fixed_version, sp.version
- FROM package_notes AS n, source_packages AS sp
- WHERE n.package_kind = 'source'
- AND n.fixed_version NOT LIKE '%:%'
- AND n.fixed_version <> '0'
- AND n.bug_origin = ''
- AND sp.name = n.package
- AND sp.version LIKE '%:%'
- ORDER BY bug_name, package"""):
- if bug == old_bug:
- bug = ''
- else:
- old_bug = bug
- old_pkg = ''
- bug = make_xref(bug)
- if pkg == old_pkg:
- pkg = ''
- else:
- old_pkg = pkg
- pkg = make_source_package_ref(pkg)
- yield bug, pkg, ver1, ver2
-
- print_table(gen(),
- caption=("Bug", "Package", "Version 1", "Version 2"),
- replacement="No source package version with missing epochs.")
-
- print_footer()
-
- def print_unknown_packages():
- db = security_db.DB('../data/security.db')
- print_title("Unknown packages")
-
- print_paragraph("Sometimes, a package referenced in a bug report ",
- "cannot be found in the database. This can be ",
- "the result of a spelling error, or a historic ",
- "entry refers to a package which is no longer in ",
- "the archive.")
-
- def gen():
- for name, bugs in db.getUnknownPackages(db.cursor()):
- yield name, make_list(map(make_xref, bugs))
-
- print_table(gen(), caption=("Package", "Bugs"),
- replacement="No unknown packages are referenced in the database.")
-
- print_footer()
-
- def print_itp():
- db = security_db.DB('../data/security.db')
- print_title("ITPs with potential security issues")
-
- def gen():
- old_pkg = ''
- for pkg, bugs, debian_bugs in db.getITPs(db.cursor()):
- if pkg == old_pkg:
- pkg = ''
- else:
- old_pkg = pkg
- yield (pkg,
- make_list(map(make_xref, bugs)),
- make_list(map(make_debian_bug, debian_bugs)))
-
- print_table(gen(), caption=("Package", "Issue", "Debian Bugs"),
- replacement="No ITPs are currently known.")
-
- print_footer()
-
- def print_stable_status():
- db = security_db.DB('../data/security.db')
-
- print_title("Vulnerable source packages in stable")
-
- def gen():
- old_pkg_name = ''
- for (pkg_name, bug_name, archive, urgency) in db.cursor().execute(
- """SELECT package, bug, section, urgency
- FROM stable_status"""):
- if pkg_name == old_pkg_name:
- pkg_name = ''
- else:
- old_pkg_name = pkg_name
- if archive <> 'main':
- pkg_name = "%s (%s)" % (pkg_name, archive)
-
- if urgency == 'unknown':
- urgency = ''
- elif urgency == 'high':
- urgency = make_red(urgency)
-
- yield pkg_name, make_xref(bug_name), urgency
-
- print_table(gen(), caption=("Package", "Bug", "Urgency"))
-
- print_footer()
-
- def print_testing_status():
- db = security_db.DB('../data/security.db')
-
- print_title("Vulnerable source packages in testing")
-
- print_menu([("status/dtsa-candidates", "Candidates for DTSAs")])
-
- def gen():
- yield (make_bold("Package"),
- make_bold("Bug"))
-
- c = db.cursor()
-
- old_pkg_name = ''
- for (pkg_name, bug_name, archive, urgency,
- sid_vulnerable, ts_fixed) in db.cursor().execute(
- """SELECT package, bug, section, urgency, unstable_vulnerable,
- testing_security_fixed
- FROM testing_status"""):
- if pkg_name == old_pkg_name:
- pkg_name = ''
- else:
- old_pkg_name = pkg_name
- if archive <> 'main':
- pkg_name = "%s (%s)" % (pkg_name, archive)
-
- if ts_fixed:
- status = 'fixed in testing-security'
- else:
- if sid_vulnerable:
- status = make_red('unstable is vulnerable')
- else:
- status = make_dangerous('fixed in unstable')
-
- if urgency == 'unknown':
- urgency = ''
-
- yield pkg_name, make_xref(bug_name), urgency, status
-
- print_table(gen())
-
- print_footer()
-
- def print_dtsa_candidates():
- db = security_db.DB('../data/security.db')
-
- print_title("Candidates for DTSAs")
-
- print_paragraph("The table below lists packages which are fixed ",
- "in unstable, but unfixed in testing. ",
- "Use the testing migration tracker to find out ",
- "why they have not entered testing yet.")
-
- print_menu([("status/release/testing",
- "List of vulnerable packages in testing")])
-
- def gen():
- old_pkg_name = ''
- for (pkg_name, bug_name, archive, urgency, stable_later) \
- in db.cursor().execute(
- """SELECT package, bug, section, urgency,
- (SELECT testing.version_id < stable.version_id
- FROM source_packages AS testing, source_packages AS stable
- WHERE testing.name = testing_status.package
- AND testing.release = 'etch'
- AND testing.subrelease = ''
- AND testing.archive = testing_status.section
- AND stable.name = testing_status.package
- AND stable.release = 'sarge'
- AND stable.subrelease = 'security'
- AND stable.archive = testing_status.section)
- FROM testing_status
- WHERE (NOT unstable_vulnerable)
- AND (NOT testing_security_fixed)"""):
- if pkg_name == old_pkg_name:
- pkg_name = ''
- migration = ''
- else:
- old_pkg_name = pkg_name
- migration = make_a(url_testing_status(pkg_name),
- "check")
- if archive <> 'main':
- pkg_name = "%s (%s)" % (pkg_name, archive)
- else:
- pkg_name = make_source_package_ref(pkg_name)
-
- if urgency == 'unknown':
- urgency = ''
- elif urgency == 'high':
- urgency = make_red(urgency)
-
- if stable_later:
- notes = "(fixed in stable?)"
- else:
- notes = ''
-
- yield pkg_name, migration, make_xref(bug_name), urgency, notes
-
- print_table(gen(),
- caption=("Package", "Migration", "Bug", "Urgency"))
-
- print_footer()
-
- def print_unstable_status():
- db = security_db.DB('../data/security.db')
-
- print_title("Vulnerable source packages in unstable")
-
- print_paragraph(
- "Note that the list below is based on source packages. ",
- "This means that packages are not listed here once a new, ",
- "fixed source version has been uploaded to the archive, even ",
- "if there are still some vulnerably binary packages present ",
- "in the archive.")
-
- def gen():
- c = db.cursor()
-
- old_pkg_name = ''
- for (pkg_name, bug_name, section, urgency) in db.cursor().execute(
- """SELECT DISTINCT sp.name, st.bug_name,
- sp.archive, st.urgency
- FROM source_package_status AS st, source_packages AS sp
- WHERE st.vulnerable AND st.urgency <> 'unimportant'
- AND sp.rowid = st.package AND sp.release = 'sid'
- AND sp.subrelease = ''
- ORDER BY sp.name, st.bug_name"""):
- if pkg_name == old_pkg_name:
- pkg_name = ''
- else:
- old_pkg_name = pkg_name
- if section <> 'main':
- pkg_name = "%s (%s)" % (pkg_name, section)
- else:
- pkg_name = make_xref(pkg_name)
-
- if urgency == 'unknown':
- urgency = ''
- elif urgency == 'high':
- urgency = make_red(urgency)
-
- yield pkg_name, make_xref(bug_name), urgency
-
- print_table(gen(), caption=('Package', 'Bug', 'Urgency'))
-
- print_footer()
-
- def do_search():
- form = cgi.FieldStorage()
- query = form.getfirst("query", None)
- if query is None:
- # redirect to start page
- print "Location:", url_from_rel("", full=True)
- print
- else:
- re_simple_query = re.compile(r'^[A-Za-z0-9_.-]+$')
- if re_simple_query.match(query):
- print "Location:", url_from_rel(query, full=True)
- print
- else:
- print_invalid_query()
-
- commands = {'/data/releases' : print_releases,
- '/data/funny-versions' : print_funny_versions,
- '/data/missing-epochs' : print_missing_epochs,
- '/data/unknown-packages' : print_unknown_packages,
- '/status/release/stable' : print_stable_status,
- '/status/release/testing' : print_testing_status,
- '/status/release/unstable' : print_unstable_status,
- '/status/todo' : print_todo,
- '/status/dtsa-candidates' : print_dtsa_candidates,
- '/status/itp' : print_itp,
- '/search/' : do_search}
- try:
- cmd = commands[path_info]
- except KeyError:
- print_invalid_query()
- cmd = None
- if cmd:
- cmd()
-else:
- handle_simple_search(match.group(1))
More information about the Secure-testing-commits
mailing list