[Git][security-tracker-team/security-tracker][master] Print a warning if the package cannot be found for a given CVE.

Ola Lundqvist (@opal) opal at debian.org
Mon Aug 26 22:50:01 BST 2024 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2285307 by Ola Lundqvist at 2024-08-26T23:49:15+02:00
Print a warning if the package cannot be found for a given CVE.

  This should help against simple mistakes such as typing the wrong CVE
  or the wrong package name.

  For more information see:
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/61

- - - - -


1 changed file:

- bin/remove-cve-dist-tags


Changes:

=====================================
bin/remove-cve-dist-tags
=====================================
@@ -11,7 +11,6 @@ import setup_paths  # noqa
 import config
 from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
 
-
 def keep_annotation(cve, annotation):
     if not isinstance(annotation, PackageAnnotation):
         return True
@@ -45,18 +44,21 @@ data = cvelist(main_list)
 new_data = []
 
 for cve in data:
-    annotations = list(
-        annotation
-        for annotation in cve.annotations
-        if keep_annotation(cve, annotation)
-    )
-    cve.annotations=annotations
-    if not cve.annotations:
-        # this shouldn't happen on a normal CVE file as we're only removing
-        # the dist specific tags, but it may happen in an ExtendFile, in
-        # which case we don't want to keep an empty CVE entry
-        continue
+    if cve.header.name in cves:
+        annotations = list(
+            annotation
+            for annotation in cve.annotations
+            if keep_annotation(cve, annotation)
+        )
+        if len(cve.annotations) == len(annotations):
+            print(f"Warning! Cannot find {package} in {cve.header.name}. Check CVE or package name.")
 
+        cve.annotations=annotations
+        if not cve.annotations:
+            # this shouldn't happen on a normal CVE file as we're only removing
+            # the dist specific tags, but it may happen in an ExtendFile, in
+            # which case we don't want to keep an empty CVE entry
+            continue
     new_data.append(cve)
 
 with open(main_list, 'w') as f:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d22853076631cecc0e3e40204814dab011deb3b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d22853076631cecc0e3e40204814dab011deb3b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240826/693b9341/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list