[Git][security-tracker-team/security-tracker][master] 5 commits: process-cve-records: update descriptions
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Fri Apr 28 13:37:26 BST 2023
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
48a11b1e by Emilio Pozuelo Monfort at 2023-04-28T13:39:53+02:00
process-cve-records: update descriptions
Don't only add them when we don't have one, but always update them
in case the description has changed.
- - - - -
d5e7585e by Emilio Pozuelo Monfort at 2023-04-28T13:41:40+02:00
process-cve-records: fix detection of empty CVEs
If a CVE has a PackageAnnotation, it shouldn't get a TODO: check
note.
- - - - -
8c5f053f by Emilio Pozuelo Monfort at 2023-04-28T13:45:16+02:00
process-cve-records: clear descriptions for reserved or rejected CVEs
- - - - -
68c7d91c by Emilio Pozuelo Monfort at 2023-04-28T13:45:41+02:00
process-cve-records: process all CVEs, not just new ones
- - - - -
0dad6284 by Emilio Pozuelo Monfort at 2023-04-28T14:34:35+02:00
process-cve-records: improve description parsing
- - - - -
1 changed file:
- bin/process-cve-records
Changes:
=====================================
bin/process-cve-records
=====================================
@@ -59,21 +59,32 @@ def parse_record(record, cve):
ann = parsers.FlagAnnotation(0, 'REJECTED')
cve.annotations.insert(0, ann)
- if len(cve.header.description) == 0 \
- and not is_rejected(record) and not is_reserved(record):
+ if is_reserved(record) or is_rejected(record):
+ cve.header.description = ''
+ else:
desc = [desc['value']
for desc in record['containers']['cna']['descriptions']
if desc['lang'].startswith('en')]
if desc:
desc = desc[0]
- if desc and len(desc) > 70:
- # for some reason descriptions contain new lines
+
+ # for some reason descriptions may contain new lines
desc = desc.replace('\n', ' ')
- desc = desc[:70] + ' ...'
+
+ # and even non-printable characters such as \xa0 ( )
+ desc = "".join([ c for c in desc if c.isprintable() ])
+
+ # and some contain leading spaces
+ desc = desc.strip()
+
+ if len(desc) > 70:
+ desc = desc[:70] + ' ...'
+
cve.header.description = f"({desc})"
if not is_reserved(record) and not is_rejected(record) \
- and not get_annotation(cve.annotations, parsers.StringAnnotation):
+ and not get_annotation(cve.annotations, parsers.StringAnnotation) \
+ and not get_annotation(cve.annotations, parsers.PackageAnnotation):
ann = parsers.StringAnnotation(0, 'TODO', 'check')
cve.annotations.append(ann)
@@ -91,8 +102,8 @@ def process_record_file(f):
header = parsers.Header(0, cve_id, '')
cve = parsers.Bug('', header, list())
cves.insert(0, cve)
- parse_record(record, cve)
+ parse_record(record, cve)
def process_record_filename(record_file):
with open(record_file) as f:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5865cc7a265b7fb110c2e3c2ef121562662846df...0dad6284780e265549d2b69f06c17be794a2d9de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5865cc7a265b7fb110c2e3c2ef121562662846df...0dad6284780e265549d2b69f06c17be794a2d9de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230428/be0bbb63/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list