[Secure-testing-commits] r54580 - lib/python

Thu Aug 10 21:06:58 UTC 2017

Author: seb
Date: 2017-08-10 21:06:58 +0000 (Thu, 10 Aug 2017)
New Revision: 54580

Modified:
   lib/python/bugs.py
   lib/python/security_db.py
Log:
Introduce new "ignored" & "postponed" sub-states for no-dsa

They will be stored in the "reason" field from package_notes_nodsa
table, that was unused so far.

Modified: lib/python/bugs.py
===================================================================

--- lib/python/bugs.py	2017-08-10 21:04:06 UTC (rev 54579)
+++ lib/python/bugs.py	2017-08-10 21:06:58 UTC (rev 54580)
@@ -588,7 +588,7 @@
                                 if r[-1] == '\n':
                                     r = r[:-1]
                                 comments.append(('NOTE', r))
-                        elif v == 'no-dsa':
+                        elif v in ('no-dsa','ignored','postponed'):
                             if not release:
                                 self.raiseSyntaxError(
                                     "no-dsa note needs release specification",
@@ -597,10 +597,15 @@
                                 self.raiseSyntaxError(
                                     "no-dsa note needs comment",
                                     lineno)
+                            if v in ('ignored','postponed'):
+                                reason = v
+                            else:
+                                reason = None
                             pkg_notes.append(PackageNoteNoDSA(
                                 release=release,
                                 package=p,
-                                comment=d))
+                                comment=d,
+                                reason=reason))
                             if d:
                                 # Not exactly ideal, but we have to
                                 # record the free-form text in some

Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py	2017-08-10 21:04:06 UTC (rev 54579)
+++ lib/python/security_db.py	2017-08-10 21:06:58 UTC (rev 54580)
@@ -118,6 +118,7 @@
 # come from the source_packages table.  vulnerable comes from
 # source_package_status.  state is open/no-dsa/resolved/unimportant
 # and inferred from vulnerable and package_notes_nodsa.
+# The reason field holds no-dsa substates, which can be ignored/postponed
 BugForSourcePackageRelease = namedtuple(
     "BugForSourcePackageRelease",
     "release subrelease version vulnerable state reason")
@@ -149,10 +150,10 @@
                                    key = debian_support.internRelease))
     # dict from (bug_name, release) to the no-dsa reason/comment string.
     no_dsas = {}
-    for bug_name, release, reason in cursor.execute(
-            """SELECT bug_name, release, comment FROM package_notes_nodsa
+    for bug_name, release, reason, comment in cursor.execute(
+            """SELECT bug_name, release, reason, comment FROM package_notes_nodsa
             WHERE package = ?""", (pkg,)):
-        no_dsas[(bug_name, release)] = reason
+        no_dsas[(bug_name, release)] = [reason, comment]
 
     all_bugs = []
     # Group by bug name.
@@ -184,8 +185,8 @@
                     unimportant_seen = True
                 else:
                     open_seen = True
-                    reason = no_dsas.get((bug_name, best_row.release), None)
-                    if reason is not None:
+                    reason, comment = no_dsas.get((bug_name, best_row.release), [None, None])
+                    if comment is not None:
                         state = 'no-dsa'
                     else:
                         state = 'open'


