[Secure-testing-commits] r12001 - bin

Sat May 30 20:43:39 UTC 2009

Author: sf
Date: 2009-05-30 20:43:39 +0000 (Sat, 30 May 2009)
New Revision: 12001

Modified:
   bin/check-new-issues
Log:
Add -u/-U options to also/only select issues that are marked as unfixed but
are missing a bug reference.

This ignores some packages (kernels, some removed packages, php4).

Comments welcome.


Modified: bin/check-new-issues
===================================================================

--- bin/check-new-issues	2009-05-30 19:53:03 UTC (rev 12000)
+++ bin/check-new-issues	2009-05-30 20:43:39 UTC (rev 12001)
@@ -7,7 +7,7 @@
 use Term::ReadLine;
 
 my %opts;
-getopts('ln:fhi:t:Tca:e:', \%opts);
+getopts('ln:fhi:t:Tca:e:uU', \%opts);
 
 if ($opts{h}) {
     print <<'EOF';
@@ -32,9 +32,11 @@
 -l        : just list issues 
 -n <n>    : show max n lines of each description (default 2)
 -f        : show full CVE/list entry as well
--i regexp : use regexp to select issues (default: 'CVE-200[3-9]' )
+-i regexp : use regexp to select todos (default: 'CVE-20(?:0[3-9]|1[0-9])' )
 -t regexp : use regexp to select todos (default: '^\s+TODO: check$' )
 -T	  : same as -t '^\s+TODO: check' (note the missing $)
+-u	  : also show unfixed issues without bug reference
+-U	  : only show unfixed issues without bug reference instead of TODO items
 -c        : only do syntax check of embedded-code-copies
 -e <file> : use <file> for embedded-code-copies, "-" for STDIN
 -a <n>    : If automatic apt-cache/apt-file search gives more than n results,
@@ -77,7 +79,7 @@
 my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz|";
 my $allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz";
 
-my $issue_regexp= $opts{i} || 'CVE-200[3-9]';
+my $issue_regexp= $opts{i} || 'CVE-20(?:0[3-9]|1[0-9])';
 my $todo_regexp= $opts{t} || ( $opts{T} ? '^\s+TODO: check' : '^\s+TODO: check$' );
 my $auto_display_limit = 10;
 $auto_display_limit = $opts{a} if defined $opts{a};
@@ -94,12 +96,23 @@
 my $data;
 my @todos;
 my %afcache;
+my $num_todo;
+my $num_missing_bug;
 
 foreach my $cve (@{$CVEs}) {
 	$cve =~ /^Name:\s*(CVE\S+)/m or next;
 	$data->{$1}->{CVE}=\$cve;
 }
 
+# packages that should be ignored by -u/-U
+my @ignore_missing_bug_list = qw/linux-2.6 linux-2.6.24
+	kfreebsd-source kfreebsd-5 kfreebsd-6 kfreebsd-7
+	mozilla mozilla-firefox mozilla-thunderbird firefox
+	php4
+	gnutls11
+	/;
+my %ignore_missing_bug;
+$ignore_missing_bug{$_} = 1 for @ignore_missing_bug_list;
 
 foreach my $entry (@{$entries}) {
 	my $name;
@@ -113,15 +126,28 @@
 		die "invlid entry:\n$entry";
 	}
 	$data->{$name}->{entry}=\$entry;
-	if (    $entry =~ /$todo_regexp/m
-	    and $name =~ /$issue_regexp/ ) {
-		push @todos, $name;
+	if ($name =~ /$issue_regexp/) {
+		if (!$opts{U} && $entry =~ /$todo_regexp/m ) {
+			push @todos, $name;
+			$num_todo++;
+		}
+		elsif ( ($opts{u} || $opts{U})
+		    && $entry =~ /^\s+-\s+(\S+)\s+<unfixed>(.*)$/m
+		    && ! exists $ignore_missing_bug{$1}
+		    && $2 !~ /unimportant/
+		    && $entry !~ /-\s+$1\s.*?bug/m
+		    ) {
+			push @todos, $name;
+			$num_missing_bug++;
+		}
 	}
 }
 
 print scalar(@{$CVEs}), " CVEs, ",
-      scalar(@{$entries}) - scalar(@{$CVEs}),  " temp issues, ",
-      scalar(@todos),  " todos matching /$todo_regexp/\n";
+      scalar(@{$entries}) - scalar(@{$CVEs}),  " temp issues";
+print ", $num_todo todos matching /$todo_regexp/" if $num_todo;
+print ", $num_missing_bug entries with missing bug reference" if $num_missing_bug;
+print "\n";
 
 if ($opts{l}) {
 	#list only


