diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2010-02-07 22:10:53 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2010-02-07 22:10:53 +0000 |
commit | bede46e7ea668e6832b233460ebb47d599fb6a0d (patch) | |
tree | 09dd2a98d54fdaedcba97f06ffe1327c208a1834 /bin | |
parent | 7f003fb7b8bf5af6a55e5eab7bf863cadb64c81e (diff) |
use nvd urgencies and add finer control for per-release pages
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14058 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin')
-rw-r--r-- | bin/tracker_service.py | 73 | ||||
-rw-r--r-- | bin/update-nvd | 5 |
2 files changed, 46 insertions, 32 deletions
diff --git a/bin/tracker_service.py b/bin/tracker_service.py index a166a546a0..1771cf2282 100644 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -24,10 +24,11 @@ else: webservice_base_class = WebServiceHTTP class BugFilter: - default_action_list = [("show_high_urgency", "only high urgencies"), - ("show_medium_urgency", "only medium and high urgencies"), - ("show_remote_only", "only remote vulnerabilities"), - ("show_undetermined_urgency", "undetermined and unimportant urgencies")] + default_action_list = [('show_high_urgency', 'only high urgencies'), + ('show_medium_urgency', 'only medium and high urgencies'), + ('show_undetermined_urgency', 'issues that may be vulnerable but need to be checked (shown in purple)'), + ('show_unimportant_urgency', 'unimportant issues'), + ('show_remote_only', 'only remote vulnerabilities')] def __init__(self, params, action_list=None): if action_list is None: self.action_list = self.default_action_list @@ -59,22 +60,25 @@ class BugFilter: def urgencyFiltered(self, urg, vuln): """Returns True for urgencies that should be filtered.""" filterlow = self.params['show_medium_urgency'] and \ - urg in ('low', 'unimportant', 'undetermined') + urg in ('low', 'low**', 'unimportant', + 'undetermined', 'not yet assigned') filtermed = self.params['show_high_urgency'] and \ - urg in ('medium', 'low', 'unimportant', 'undetermined') - filteruni = not self.params['show_undetermined_urgency'] \ - and vuln == 2 or urg == 'unimportant' - return filterlow or filtermed or filteruni + urg in ('medium', 'medium**', 'low', 'low**', + 'unimportant', 'undetermined', 'not yet assigned') + filterund = not self.params['show_undetermined_urgency'] and vuln == 2 + filteruni = not self.params['show_unimportant_urgency'] \ + and urg == 'unimportant' + return filterlow or filtermed or filterund or filteruni def remoteFiltered(self, remote): """Returns True for only remote flaws if filtered.""" - return remote is not None and not self.params['show_remote_only'] \ + return remote is not None and self.params['show_remote_only'] \ and not remote class BugFilterNoDSA(BugFilter): def __init__(self, params): BugFilter.__init__(self, params, self.default_action_list - + [('show_nodsa', 'non-DSA vulnerabilities')]) + + [('show_nodsa', 'issues that are not severe enough to warrant a DSA')]) def nodsaFiltered(self, nodsa): """Returns True for no DSA issues if filtered.""" @@ -112,6 +116,14 @@ function onSearch(query) { } ''')).toHTML() + nvd_text = P('''If a "**" is included, the urgency field was automatically + assigned by the NVD (National Vulnerability Database). Note that this + rating is automatically derived from a set of known factors about the + issue (such as access complexity, confidentiality impact, exploitability, + remediation level, and others). Human intervention is involved in + determining the values of these factors, but the rating itself comes + from a fully automated formula.''') + def __init__(self, socket_name, db_name): webservice_base_class.__init__(self, socket_name) self.db = security_db.DB(db_name) @@ -422,6 +434,8 @@ data source.""")], urgency = '' else: ver = self.make_red('(unfixed)') + if urgency == 'not yet assigned': + urgency = '' pkg = n.package pkg_kind = n.package_kind @@ -658,11 +672,10 @@ this package, but still reference it.""")]) else: remote = 'no' - if vulnerable == 2: - urgency = self.make_purple(urgency) - - if urgency == 'high': + if urgency.startswith('high'): urgency = self.make_red(urgency) + elif vulnerable == 2: + urgency = self.make_purple(urgency) else: if no_dsa: urgency = urgency + '*' @@ -672,10 +685,10 @@ this package, but still reference it.""")]) return self.create_page( url, 'Vulnerable source packages in the %s suite' % release, [bf.actions(url), BR(), - make_table(gen(), caption=("Package", "Bug", "Urgency", - "Remote")), - P('''(If a "*" is included in the urgency field, no DSA is planned -for this vulnerability.)''')]) + make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")), + P('''If a "*" is included in the urgency field, no DSA is planned + for this vulnerability.'''), + self.nvd_text]) def page_status_release_stable(self, path, params, url): return self.page_status_release_stable_oldstable('stable', params, url) @@ -715,9 +728,6 @@ for this vulnerability.)''')]) else: remote = 'no' - if sid_vulnerable == 2: - urgency = self.make_purple(urgency) - if ts_fixed: status = 'fixed in testing-security' else: @@ -726,6 +736,11 @@ for this vulnerability.)''')]) else: status = self.make_dangerous('fixed in unstable') + if urgency.startswith('high'): + urgency = self.make_red(urgency) + elif vulnerable == 2: + urgency = self.make_purple(urgency) + yield (pkg_name, self.make_xref(url, bug_name), urgency, remote, status) @@ -734,8 +749,8 @@ for this vulnerability.)''')]) [make_menu(url.scriptRelative, ("status/dtsa-candidates", "Candidates for DTSAs")), bf.actions(url), BR(), - make_table(gen(), caption=("Package", "Bug", "Urgency", - "Remote"))]) + make_table(gen(), caption=("Package", "Bug", "Urgency", "Remote")), + self.nvd_text]) def page_status_release_unstable_like(self, path, params, url, rel, title): @@ -774,7 +789,7 @@ for this vulnerability.)''')]) else: remote = 'no' - if urgency == 'high': + if urgency.startswith('high'): urgency = self.make_red(urgency) elif vulnerable == 2: urgency = self.make_purple(urgency) @@ -789,8 +804,8 @@ for this vulnerability.)''')]) if there are still some vulnerably binary packages present in the archive."""), bf.actions(url), BR(), - make_table(gen(), caption=('Package', 'Bug', 'Urgency', - 'Remote'))]) + make_table(gen(), caption=('Package', 'Bug', 'Urgency', 'Remote')), + self.nvd_text]) def page_status_release_unstable(self, path, params, url): return self.page_status_release_unstable_like( @@ -858,8 +873,10 @@ for this vulnerability.)''')]) else: remote = 'no' - if urgency == 'high': + if urgency.starstwith('high'): urgency = self.make_red(urgency) + elif vulnerable == 2: + urgency = self.make_purple(urgency) if stable_later: notes = "(fixed in stable?)" diff --git a/bin/update-nvd b/bin/update-nvd index 281c047dd9..fb564c4a9f 100644 --- a/bin/update-nvd +++ b/bin/update-nvd @@ -43,8 +43,5 @@ data = deduplicate.values() data.sort() cursor = db.writeTxn() -if incremental: - db.updateNVD(cursor, data) -else: - db.replaceNVD(cursor, data) +db.updateNVD(cursor, data, incremental) db.commit(cursor) |