[Git][security-tracker-team/security-tracker][master] merge-cve-files: support replacing main (sid) annotations

Emilio Pozuelo Monfort pochu at debian.org
Wed Feb 3 11:55:18 GMT 2021 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69f6bda0 by Emilio Pozuelo Monfort at 2021-02-03T12:53:35+01:00
merge-cve-files: support replacing main (sid) annotations

- - - - -


1 changed file:

- bin/merge-cve-files


Changes:

=====================================
bin/merge-cve-files
=====================================
@@ -12,30 +12,37 @@ import setup_paths  # noqa
 from debian_support import internRelease
 from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
 
-def merge_annotations(old_annotations, new_annotation):
+def merge_annotations(annotations, new_annotation):
     if not isinstance(new_annotation, PackageAnnotation):
         raise NotImplementedError(f"unsupported annotation of type {type(annotation)}")
 
-    # filter out the current annotation, if any
-    annotations = [ann for ann in old_annotations
-                   if not isinstance(ann, PackageAnnotation)
-                   or ann.package != new_annotation.package
-                   or ann.release != new_annotation.release]
+    annotations = list(annotations)
 
-    # append the new one at the right place
+    # append/substitute the new one at the right place
     for idx, annotation in enumerate(annotations):
         if not isinstance(annotation, PackageAnnotation) \
           or annotation.package != new_annotation.package:
             continue
 
+        # if the annotation is for the same package/release, replace it
+        if annotation.package == new_annotation.package \
+          and annotation.release == new_annotation.release:
+            annotations[idx] = new_annotation
+            break
+
+        # if the next annotation's release is the same, we continue to replace
+        # it in the next iteration. otherwise if we found the right place, we
+        # insert the new annotation
         next_annotation = annotations[idx + 1] if len(annotations) > (idx + 1) else None
         if next_annotation and isinstance(next_annotation, PackageAnnotation) \
           and next_annotation.package == new_annotation.package \
-          and internRelease(new_annotation.release) < internRelease(next_annotation.release):
+          and internRelease(new_annotation.release) <= internRelease(next_annotation.release):
             continue
 
         annotations.insert(idx + 1, new_annotation)
-        return annotations
+        break
+
+    return annotations
 
 def parse_list(path):
     data, messages = cvelist(path)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f6bda075f7617c349c2dcb504fd53d187e454d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f6bda075f7617c349c2dcb504fd53d187e454d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210203/4621747a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list