[Git][security-tracker-team/security-tracker][master] Revert "Print a warning if the package cannot be found for a given CVE."

Roberto C. Sánchez (@roberto) roberto at debian.org
Tue Aug 27 20:04:35 BST 2024 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d2563d6 by Roberto C. Sánchez at 2024-08-27T15:01:20-04:00
Revert "Print a warning if the package cannot be found for a given CVE."

This reverts commit d22853076631cecc0e3e40204814dab011deb3b3.

The referenced commit implements a change that also introduces some
buggy behavior. Reverting now, so that the approach can be further
discussed and refined.

- - - - -


1 changed file:

- bin/remove-cve-dist-tags


Changes:

=====================================
bin/remove-cve-dist-tags
=====================================
@@ -11,6 +11,7 @@ import setup_paths  # noqa
 import config
 from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
 
+
 def keep_annotation(cve, annotation):
     if not isinstance(annotation, PackageAnnotation):
         return True
@@ -44,21 +45,18 @@ data = cvelist(main_list)
 new_data = []
 
 for cve in data:
-    if cve.header.name in cves:
-        annotations = list(
-            annotation
-            for annotation in cve.annotations
-            if keep_annotation(cve, annotation)
-        )
-        if len(cve.annotations) == len(annotations):
-            print(f"Warning! Cannot find {package} in {cve.header.name}. Check CVE or package name.")
+    annotations = list(
+        annotation
+        for annotation in cve.annotations
+        if keep_annotation(cve, annotation)
+    )
+    cve.annotations=annotations
+    if not cve.annotations:
+        # this shouldn't happen on a normal CVE file as we're only removing
+        # the dist specific tags, but it may happen in an ExtendFile, in
+        # which case we don't want to keep an empty CVE entry
+        continue
 
-        cve.annotations=annotations
-        if not cve.annotations:
-            # this shouldn't happen on a normal CVE file as we're only removing
-            # the dist specific tags, but it may happen in an ExtendFile, in
-            # which case we don't want to keep an empty CVE entry
-            continue
     new_data.append(cve)
 
 with open(main_list, 'w') as f:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d2563d6b1b88366b0e47d0e6d7c80cd210437e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d2563d6b1b88366b0e47d0e6d7c80cd210437e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240827/50a904d5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list