[Git][security-tracker-team/security-tracker][master] 3 commits: check-new-issues: Move definition of embedded-code-copies location

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 21 07:51:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2edaa7b by Salvatore Bonaccorso at 2025-04-20T22:37:01+02:00
check-new-issues: Move definition of embedded-code-copies location

Move the defintion of the (relative) path for the embedded-code-copies
file out of the read_embedded_copies() function and set it directly
before calling reading the embedded-code-copies file.

No functional change (intended) and serves as preparation of supporting
a work-dir argument for check-new-issues.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
e104e3cc by Salvatore Bonaccorso at 2025-04-20T22:46:15+02:00
check-new-issues: Add --work-dir argument support

By default check-new-issues is run in the security-tracker repository
relative to the script location. We add support for a --work-dir
argument as supported by process-cve-records and update-xrefs as we want
to be be able to run the script in a different work dir for automatic
processing of NFU entires.

Link: https://salsa.debian.org/security-tracker-team/security-tracker-service/-/merge_requests/7
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
9997b650 by Salvatore Bonaccorso at 2025-04-21T06:51:49+00:00
Merge branch 'check-new-issues-workdir' into 'master'

check-new-issues: Add --work-dir argument support

See merge request security-tracker-team/security-tracker!214
- - - - -


1 changed file:

- bin/check-new-issues


Changes:

=====================================
bin/check-new-issues
=====================================
@@ -262,7 +262,6 @@ def apt_cache(term):
     return apt_cache_cache
 
 def read_embedded_copies():
-    emb_file = "data/embedded-code-copies"
     with open(emb_file) as f:
         comment_section = True
         code = None
@@ -370,6 +369,9 @@ def print_commands():
   * CTRL-C to quit without saving
   * everything else is inserted as product name for a NOT-FOR-US''')
 
+# define the default workdir (relative to the script)
+default_workdir = os.path.join(os.path.dirname(os.path.dirname(__file__)))
+
 parser = argparse.ArgumentParser(description="review new CVE entries")
 parser.add_argument('-l', '--list', action='store_true',
                     help='Only list issues')
@@ -387,6 +389,7 @@ parser.add_argument('-D', '--no-download', action='store_true',
                     help='Skip downloading files')
 parser.add_argument('-v', '--verbose', action='store_true',
                     help='Verbose mode')
+parser.add_argument('--work-dir', help='path to security-tracker repository (default: relative to the script)', default=default_workdir)
 
 args = parser.parse_args()
 
@@ -394,16 +397,17 @@ args = parser.parse_args()
 embed_code = {}
 embed_pkg = {}
 
+emb_file = args.work_dir + "/data/embedded-code-copies"
 read_embedded_copies()
 
 cve5_file_url = 'https://github.com/CVEProject/cvelistV5/archive/refs/heads/main.zip'
-cve5_file = 'mitre.zip'
-datafile = "data/CVE/list"
-removed_packages_file = "data/packages/removed-packages"
-ignore_bug_file = "data/packages/ignored-debian-bug-packages"
+cve5_file = args.work_dir + '/mitre.zip'
+datafile = args.work_dir + "/data/CVE/list"
+removed_packages_file = args.work_dir + "/data/packages/removed-packages"
+ignore_bug_file = args.work_dir + "/data/packages/ignored-debian-bug-packages"
 wnppurl = "https://qa.debian.org/data/bts/wnpp_rm"
-wnppfile = "../wnpp_rm"
-auto_nfu_file = "data/packages/nfu.yaml"
+wnppfile = args.work_dir + "/../wnpp_rm"
+auto_nfu_file = args.work_dir + "/data/packages/nfu.yaml"
 
 issue_re = re.compile(r'CVE-20(?:0[3-9]|[1-9][0-9])|TEMP')
 auto_display_limit = 10



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab607b5c391c32404b197f5fd6d2e48ba612e1a3...9997b650b7048b7ec503b2ff6f0d35f7d8c7cf56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab607b5c391c32404b197f5fd6d2e48ba612e1a3...9997b650b7048b7ec503b2ff6f0d35f7d8c7cf56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/0c8eb5ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list