[Git][security-tracker-team/security-tracker][master] 21 commits: sectracker.analyzers: check the right struct fields
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Mon Mar 27 09:27:46 BST 2023
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d306c41 by Emilio Pozuelo Monfort at 2023-03-27T10:25:23+02:00
sectracker.analyzers: check the right struct fields
- - - - -
a2c71a4e by Emilio Pozuelo Monfort at 2023-03-27T10:25:23+02:00
test_parsers: fix PackageAnnotations
This was changed in 727ff2f44 but the test was not updated.
- - - - -
1d926a70 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
test_parsers: update errors for 'bug filed' annotation
That is no longer supported, see commit 8f844bff.
- - - - -
c46bafd1 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
test_parsers: update duplicated urgency error message
- - - - -
d618fc23 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: fix itp bug check
- - - - -
e16095fc by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: fix reporting of invalid annotations
- - - - -
9d36be99 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
parsers: make classes mutable
The parser is not read-only but has write support, so it makes more
sense to have mutable classes so that API users can modify them
as appopriate rather than going through hoops to clone objects
in order to modify something.
- - - - -
b46022d8 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: simplify extra string notes
The notes dict is only going to contain notes for the current
CVE, so we can simply keep and pass the list.
- - - - -
33c20cbe by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: don't create a new Bug object
Replace the bug's annotations instead now that we can modify
the object.
- - - - -
7b5282a4 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: replace the annotations directly
Without creating a new object. Also since we're not creating
new objects, there's no need to recreate the data list.
- - - - -
50ddeb9a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
remove-cve-dist-tags: don't call _replace
- - - - -
ccd6a86f by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
grab-cve-in-fix: add a bug variable
- - - - -
84507f82 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
grab-cve-in-fix: don't call _replace
We can just modify the bug instance and add it to the modified
list. The data list is modified too, bug we don't do anything
else with it.
- - - - -
44872491 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: _add_annotation_to_cve: use a bug variable
- - - - -
bff5b300 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: _add_annotation_to_cve: don't create a new Bug
We can just modify the existing object now.
- - - - -
204d1de1 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: mark_not_affected: add a bug variable
- - - - -
69712f5a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
update-vuln: don't use _replace
- - - - -
c60cc24e by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
sectracker.parsers: make cvelist et al return a list of Bugs
- - - - -
d2c8ae0a by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: don't return the modified list
We no longer get a tuple, so there's no need to convert it to
a list and return it. The method just merges the annotation into
the received annotations.
- - - - -
ae600b80 by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: simplify merge_notes
It's just appending the new string annotations to the current
annotations, with special care not to add them if they are
already there (probably needed by grab-cve-in-fix or update-vuln).
- - - - -
9e5d24db by Emilio Pozuelo Monfort at 2023-03-27T10:25:24+02:00
merge-cve-files: further simplify merge_notes
- - - - -
7 changed files:
- bin/grab-cve-in-fix
- bin/merge-cve-files
- bin/remove-cve-dist-tags
- bin/update-vuln
- lib/python/sectracker/analyzers.py
- lib/python/sectracker/parsers.py
- lib/python/sectracker_test/test_parsers.py
Changes:
=====================================
bin/grab-cve-in-fix
=====================================
@@ -12,6 +12,7 @@ grab-cve-in-fix - #1001451
#
# Copyright 2021-2022 Neil Williams <codehelp at debian.org>
+# Copyright © 2023 Emilio Pozuelo Monfort <pochu at debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -84,7 +85,7 @@ class ParseChanges:
def _read_cvelist(self):
os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
- data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ data = cvelist("data/CVE/list")
for cve in self.cves:
for bug in data:
if bug.header.name == cve:
@@ -167,7 +168,10 @@ class ParseChanges:
self.source_package,
)
continue
- for line in self.bugs[cve].annotations:
+
+ bug = self.bugs[cve]
+
+ for line in bug.annotations:
if not isinstance(line, PackageAnnotation):
continue # skip notes etc.
if line.release: # only update unstable
@@ -185,12 +189,8 @@ class ParseChanges:
)
if vcompare < 0:
self.logger.info("Updating %s to %s", line.version, self.unstable_version)
- mod_line = line._replace(version=self.unstable_version)
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
- modified.append(mod_bug)
+ line.version = self.unstable_version
+ modified.append(bug)
elif vcompare > 0:
self.logger.error(
"%s is listed as fixed in %s which is newer than %s",
@@ -206,12 +206,8 @@ class ParseChanges:
line.version,
)
else:
- mod_line = line._replace(version=self.unstable_version)
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
- modified.append(mod_bug)
+ line.version = self.unstable_version
+ modified.append(bug)
if not modified:
return 0
if os.path.exists(cve_file):
=====================================
bin/merge-cve-files
=====================================
@@ -3,7 +3,7 @@
# Merge a separate CVE file (such as data/next-point-update.txt) back into
# the main one.
#
-# Copyright © 2020 Emilio Pozuelo Monfort <pochu at debian.org>
+# Copyright © 2020-2023 Emilio Pozuelo Monfort <pochu at debian.org>
# Copyright (c) 2021-2022 Neil Williams <codehelp at debian.org>
import os
@@ -21,43 +21,31 @@ from sectracker.parsers import (
XrefAnnotation
)
-def merge_notes(bug, notes):
+def merge_notes(annotations, new_annotation):
"""
Special support for StringAnnotations.
- notes is a dict containing a list of string annotations for
- each CVE in the file being merged. Pick out the string annotations
- for this bug, ignore if already exist, append if new.
+ Merges a note into the bug's annotations, taking care not to
+ add duplicate notes.
+
+ new_annotation is a new string annotation for this CVE (bug),
"""
- new_notes = []
- cve = bug.header.name
- merge_list = notes.get(cve) # list of notes to merge
- if not merge_list:
- # nothing to merge
- return bug
- tagged_notes = [note.description for note in merge_list]
- bug_notes = [ann.description for ann in bug.annotations if isinstance(ann, StringAnnotation)]
- # get the list items in tagged_notes which are not in bug_notes
- new_strings = list(set(tagged_notes) - set(bug_notes))
- if not new_strings:
- return bug
- for new_ann in merge_list:
- if new_ann.description in new_strings:
- new_notes.append(new_ann)
- bug_list = list(bug.annotations)
- bug_list.extend(new_notes)
- mod_bug = Bug(
- bug.file, bug.header, tuple(bug_list)
- )
- return mod_bug
+ old_descriptions = [ann.description
+ for ann in annotations
+ if isinstance(ann, StringAnnotation)]
+
+ # prevent adding duplicate notes
+ if not new_annotation.description in old_descriptions:
+ annotations.append(new_annotation)
def merge_annotations(annotations, new_annotation):
+ """
+ Adds new_annotation to the annotations list
+ """
if not isinstance(new_annotation, PackageAnnotation):
raise NotImplementedError(f"unsupported annotation of type {new_annotation.type} (line {new_annotation.line})")
- annotations = list(annotations)
-
annotations_for_pkg = [ann for ann in annotations \
if isinstance(ann, PackageAnnotation) \
and ann.package == new_annotation.package]
@@ -72,7 +60,7 @@ def merge_annotations(annotations, new_annotation):
continue
annotations.insert(idx, new_annotation)
- return annotations
+ return
# append/substitute the new one at the right place
@@ -106,15 +94,6 @@ def merge_annotations(annotations, new_annotation):
annotations.insert(idx + 1, new_annotation)
break
- return annotations
-
-def parse_list(path):
- data, messages = cvelist(path)
-
- for m in messages:
- sys.stderr.write(str(m) + "\n")
-
- return data
if len(sys.argv) not in (2, 3):
print(f"Usage: {os.path.basename(sys.argv[0])} (CVE/list) extra-cve-list")
@@ -127,27 +106,20 @@ else:
extra_list = sys.argv[-1]
-data = parse_list(main_list)
-extra_data = parse_list(extra_list)
+data = cvelist(main_list)
+extra_data = cvelist(extra_list)
for extra_bug in extra_data:
bug = next(bug for bug in data if bug.header.name == extra_bug.header.name)
- notes = {}
- new_annotations = bug.annotations
for extra_annotation in extra_bug.annotations:
if isinstance(extra_annotation, FlagAnnotation):
continue
if isinstance(extra_annotation, StringAnnotation):
- cve = f"{extra_bug.header.name}"
- note_tag = notes.setdefault(cve, [])
- note_tag.append(extra_annotation)
+ merge_notes(bug.annotations, extra_annotation)
continue
- new_annotations = merge_annotations(new_annotations, extra_annotation)
- bug = bug._replace(annotations=new_annotations)
- bug = merge_notes(bug, notes)
- data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data]
+ merge_annotations(bug.annotations, extra_annotation)
with open(main_list, 'w') as f:
writecvelist(data, f)
=====================================
bin/remove-cve-dist-tags
=====================================
@@ -25,11 +25,6 @@ def keep_annotation(cve, annotation):
return True
-def parse_list(path):
- data, messages = cvelist(path)
-
- return data
-
if len(sys.argv) <= 3:
# assume there are no CVEs, so nothing to do
sys.exit(0)
@@ -46,7 +41,7 @@ for release in releases:
if 'maincvefile' in distconfig:
main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
-data = parse_list(main_list)
+data = cvelist(main_list)
new_data = []
for cve in data:
@@ -55,7 +50,7 @@ for cve in data:
for annotation in cve.annotations
if keep_annotation(cve, annotation)
)
- cve = cve._replace(annotations=annotations)
+ cve.annotations=annotations
if not cve.annotations:
# this shouldn't happen on a normal CVE file as we're only removing
# the dist specific tags, but it may happen in an ExtendFile, in
=====================================
bin/update-vuln
=====================================
@@ -81,7 +81,7 @@ class ParseUpdates:
def _read_cvelist(self):
"""Build a list of Bug items for the CVE from data/CVE/list"""
os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
- data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ data = cvelist("data/CVE/list")
for cve in self.cves:
for bug in data:
if bug.header.name == cve:
@@ -96,12 +96,14 @@ class ParseUpdates:
Accounts for PackageAnnotation.release == None for unstable.
"""
+ bug = self.bugs[cve]
+
if isinstance(annotation, PackageAnnotation):
- store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)}
+ store = {ann.release: ann for ann in bug.annotations if isinstance(ann, PackageAnnotation)}
store[annotation.release] = annotation
# this is needed despite python3 >= 3.7 having ordered dicts
# because using the dict.keys() would need a copy of that list anyway.
- existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)]
+ existing = [ann.release for ann in bug.annotations if isinstance(ann, PackageAnnotation)]
if None in existing:
# release == None for unstable
index = existing.index(None)
@@ -118,20 +120,14 @@ class ParseUpdates:
bug_list = []
for item in existing:
bug_list.append(store[item])
+ bug.annotations = bug_list
elif isinstance(annotation, StringAnnotation):
- bug_list = list(self.bugs[cve].annotations)
- bug_list.append(annotation)
+ bug.annotations.append(annotation)
else:
raise ValueError(f"Unsupported annotation type: {type(annotation)}")
- return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
-
- def _replace_annotation_on_line(self, cve, line, mod_line):
- index = self.bugs[cve].annotations.index(line)
- bug_list = list(self.bugs[cve].annotations)
- bug_list[index] = mod_line
- return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ return bug
def write_modified(self, modified, cve_file):
"""
@@ -169,13 +165,14 @@ class ParseUpdates:
modified = []
cve = self.cves[0]
cve_file = f"{cve}.list"
- existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)]
+ bug = self.bugs[cve]
+ existing = [line.release for line in bug.annotations if isinstance(line, PackageAnnotation)]
if suite not in existing:
# line type release package kind version description flags
line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, [])
mod_bug = self._add_annotation_to_cve(cve, line)
modified.append(mod_bug)
- for line in self.bugs[cve].annotations:
+ for line in bug.annotations:
if not isinstance(line, PackageAnnotation):
continue # skip notes etc.
if line.release != suite:
@@ -187,23 +184,18 @@ class ParseUpdates:
if line.kind == "not-affected":
self.logger.info("Nothing to do for %s in %s.", cve, suite)
return
- mod_line = line._replace(kind="not-affected")
+ line.kind = "not-affected"
self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release)
- if mod_line.version:
+ if line.version:
self.logger.info("Removing version %s", line.version)
- ver_line = mod_line
- mod_line = ver_line._replace(version=None)
+ line.version = None
if description:
self.logger.info("Replacing description %s", line.description)
- desc_line = mod_line
- mod_line = desc_line._replace(description=description)
- elif mod_line.description:
+ line.description = description
+ elif line.description:
self.logger.info("Removing description %s", line.description)
- desc_line = mod_line
- mod_line = desc_line._replace(description=None)
- # removing a bug annotation is not covered, yet.
- mod_bug = self._replace_annotation_on_line(cve, line, mod_line)
- modified.append(mod_bug)
+ line.description = None
+ modified.append(bug)
self.write_modified(modified, cve_file)
def add_note(self, note):
=====================================
lib/python/sectracker/analyzers.py
=====================================
@@ -30,14 +30,14 @@ def mergelists(listfiles, diag):
in diag."""
result = {}
for listfile in listfiles:
- for bug in listfile.list:
+ for bug in listfile:
header = bug.header
name = header.name
if name in result:
diag.error("duplicate bug %r" % name,
- file=header.file, line=header.header.line)
+ file=bug.file, line=header.line)
diag.error("location of previous bug",
- file=result[name].file, line=result[name].line)
+ file=result[name].file, line=result[name].header.line)
continue
result[name] = bug
return result
=====================================
lib/python/sectracker/parsers.py
=====================================
@@ -17,7 +17,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+from dataclasses import dataclass
+import typing
+import traceback
import re
+import sys
from sys import intern
import debian_support
@@ -26,7 +30,9 @@ from collections import namedtuple as _namedtuple
import sectracker.xpickle as _xpickle
import sectracker.diagnostics
-FORMAT = "4"
+FORMAT = "5"
+
+_debug_enabled = False
def _sortedtuple(seq):
l = list(seq)
@@ -71,15 +77,41 @@ def sourcepackages(name, f):
data[pkg_name] = SourcePackage(pkg_name, pkg_version, pkg_binary)
return data
-FlagAnnotation = _namedtuple("FlagAnnotation", "line type")
-StringAnnotation = _namedtuple("StringAnnotation",
- "line type description")
-XrefAnnotation = _namedtuple("XrefAnnotation", "line type bugs")
-PackageAnnotation = _namedtuple(
- "PackageAnnotation",
- "line type release package kind version description flags")
-PackageBugAnnotation = _namedtuple("PackageBugAnnotation", "bug")
-PackageUrgencyAnnotation = _namedtuple("PackageUrgencyAnnotation", "severity")
+ at dataclass
+class FlagAnnotation:
+ line: int
+ type: str
+
+ at dataclass
+class StringAnnotation:
+ line: int
+ type: str
+ description: str
+
+ at dataclass
+class XrefAnnotation:
+ line: int
+ type: str
+ bugs: typing.List[str]
+
+ at dataclass
+class PackageAnnotation:
+ line: int
+ type: str
+ release: str
+ package: str
+ kind: str
+ version: str
+ description: str
+ flags: list
+
+ at dataclass
+class PackageBugAnnotation:
+ bug: int
+
+ at dataclass
+class PackageUrgencyAnnotation:
+ severity: str
def _annotationdispatcher():
# Parser for inner annotations, like (bug #1345; low)
@@ -156,7 +188,7 @@ def _annotationdispatcher():
)
elif kind in pseudo_struct:
flags = parseinner(diag, inner)
- if kind == "itp" and not inner[1]:
+ if kind == "itp" and not [flag for flag in flags if isinstance(flag, PackageBugAnnotation)]:
diag.error("<itp> needs Debian bug reference")
return PackageAnnotation(
line=diag.line(),
@@ -169,14 +201,14 @@ def _annotationdispatcher():
flags=flags,
)
else:
- diag.error("invalid pseudo-version: " + repr(version))
+ diag.error("invalid pseudo-version: " + repr(kind))
return None
@_regexpcase.rule(r'\{(.*)\}')
def xref(groups, diag):
- x = tuple(groups[0].strip().split())
+ x = groups[0].strip().split()
if x:
- return XrefAnnotation(diag.line(), "xref", x)
+ return XrefAnnotation(line=diag.line(), type="xref", bugs=list(x))
else:
diag.error("empty cross-reference")
return None
@@ -191,9 +223,17 @@ def _annotationdispatcher():
default=lambda text, diag: diag.error("invalid annotation"))
_annotationdispatcher = _annotationdispatcher()
-List = _namedtuple("List", "list messages")
-Bug = _namedtuple("Bug", "file header annotations")
-Header = _namedtuple("Header", "line name description")
+ at dataclass
+class Header:
+ line: int
+ name: str
+ description: str
+
+ at dataclass
+class Bug:
+ file: str
+ header: Header
+ annotations: list # TODO: use a list of annotations
def _parselist(path, f, parseheader, finish):
lineno = 0
@@ -248,7 +288,13 @@ def _parselist(path, f, parseheader, finish):
if header is not None:
bugs.append(finish(header, headerlineno, anns, diag))
- return List(tuple(bugs), diag.messages())
+
+ if _debug_enabled:
+ for m in diag.messages():
+ sys.stderr.write(str(m) + "\n")
+ print("%s:%d: %s: %s" % (m.file, m.line, m.level, m.message))
+
+ return bugs
@_xpickle.loader("CVE" + FORMAT)
def cvelist(path, f):
@@ -268,7 +314,7 @@ def cvelist(path, f):
return (name, desc)
def finish(header, headerlineno, anns, diag):
name, desc = header
- return Bug(path, Header(headerlineno, name, desc), tuple(anns))
+ return Bug(path, Header(headerlineno, name, desc), list(anns))
return _parselist(path, f, parseheader, finish)
def writecvelist(data, f):
@@ -348,7 +394,7 @@ def dsalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DSA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("DTSA" + FORMAT)
@@ -365,7 +411,7 @@ def dtsalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DTSA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("DLA" + FORMAT)
@@ -381,7 +427,7 @@ def dlalist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "DLA")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
@_xpickle.loader("EXT" + FORMAT)
@@ -397,5 +443,5 @@ def extadvlist(path, f):
def finish(header, headerlineno, anns, diag):
d, m, y, name, desc = header
_checkrelease(anns, diag, "EXT")
- return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return Bug(path, Header(headerlineno, name, None), list(anns))
return _parselist(path, f, parseheader, finish)
=====================================
lib/python/sectracker_test/test_parsers.py
=====================================
@@ -25,85 +25,78 @@ assert "bash" in o
assert o["bash"].name == "bash"
assert "bash" in o["bash"].binary
-safeunlink("../../data/CVE/list" + EXTENSION)
-o = cvelist("../../data/CVE/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+p._debug_enabled = True
safeunlink("../../data/DSA/list" + EXTENSION)
-o = dsalist("../../data/DSA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dsalist("../../data/DSA/list")
safeunlink("../../data/DTSA/list" + EXTENSION)
-o = dtsalist("../../data/DTSA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dtsalist("../../data/DTSA/list")
safeunlink("../../data/DLA/list" + EXTENSION)
-o = dlalist("../../data/DLA/list")
-for err in o.messages:
- print("%s:%d: %s: %s" % (err.file, err.line, err.level, err.message))
+dlalist("../../data/DLA/list")
Message = sectracker.diagnostics.Message
for (line, res, xmsgs) in [
(' - foo <unfixed>',
PackageAnnotation(17, "package", None, "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' - foo',
PackageAnnotation(17, "package", None, "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <unfixed>',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <undetermined> (bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "undetermined",
- None, None, None, (1234,), False), ()),
+ None, None, [PackageBugAnnotation(1234)]), ()),
(' [lenny] - foo <itp> (bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "itp", None,
- None, None, (1234,), False), ()),
+ None, [PackageBugAnnotation(1234)]), ()),
(' [lenny] - foo <itp>',
PackageAnnotation(17, "package", "lenny", "foo", "itp", None,
- None, None, (), False),
+ None, []),
(Message("CVE", 17, "error",
"<itp> needs Debian bug reference"),)),
(' [lenny] - foo 1.0',
PackageAnnotation(17, "package", "lenny", "foo", "fixed", "1.0" ,
- None, None, (), False), ()),
+ None, []), ()),
(' [lenny] - foo <unfixed> (bug filed)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (), True), ()),
+ None, []),
+ (Message("CVE", 17, "error",
+ "invalid inner annotation: 'bug filed'"),)),
(' [lenny] - foo <unfixed> (bug filed; bug #1234)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (1234,), False),
+ None, [PackageBugAnnotation(1234)]),
(Message("CVE", 17, "error",
- "'bug filed' and bug numbers listed"),)),
+ "invalid inner annotation: 'bug filed'"),)),
(' [lenny] - foo <unfixed> (low)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, "low", (), False), ()),
+ None, [PackageUrgencyAnnotation("low")]), ()),
(' [lenny] - foo <unfixed> (low; low)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, "low", (), False),
- (Message("CVE", 17, "error", "duplicate flag: 'low'"),)),
+ None, [PackageUrgencyAnnotation("low")]),
+ (Message("CVE", 17, "error", "duplicate urgency: 'low'"),)),
(' [lenny] - foo <unfixed> (bug #1234; garbled)',
PackageAnnotation(17, "package", "lenny", "foo", "unfixed", None,
- None, None, (1234,), False),
+ None, [PackageBugAnnotation(1234)]),
(Message("CVE", 17, "error",
"invalid inner annotation: 'garbled'"),)),
(' [lenny] - foo <no-dsa> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "no-dsa", None,
- "explanation goes here", None, (), False), ()),
+ "explanation goes here", []), ()),
(' [lenny] - foo <end-of-life> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "end-of-life",
- None, "explanation goes here", None, (), False),
+ None, "explanation goes here", []),
()),
(' [lenny] - foo <not-affected> (explanation goes here)',
PackageAnnotation(17, "package", "lenny", "foo", "not-affected",
None,
- "explanation goes here", None, (), False), ()),
+ "explanation goes here", []), ()),
('\t{CVE-2009-1234 CVE-2009-1235}',
XrefAnnotation(17, "xref",
- tuple("CVE-2009-1234 CVE-2009-1235".split())),
+ ["CVE-2009-1234", "CVE-2009-1235"]),
()),
('\t{}', None,
(Message("CVE", 17, "error", "empty cross-reference"),)),
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb20bb951812091e37f395be3a4a3e9f95a27e03...9e5d24dbc0edb896829e9ca7c4890423d580af84
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb20bb951812091e37f395be3a4a3e9f95a27e03...9e5d24dbc0edb896829e9ca7c4890423d580af84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230327/0ea5190d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list