diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2010-05-09 11:39:28 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2010-05-09 11:39:28 +0000 |
commit | 3f2a5a1c5332d458b936f9009651ddb636600de3 (patch) | |
tree | 53d8fbd0f684ec7b82f52e388290d80c2d913cd1 /lib | |
parent | 54530b0232265f549a4dc27aa74d04fbdacb3ed1 (diff) |
sectracker.analyzers.copysources(): helper for DSA/DTSA -> CVE propagation
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14652 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/sectracker/analyzers.py | 31 | ||||
-rw-r--r-- | lib/python/sectracker_test/test_analyzers.py | 8 |
2 files changed, 38 insertions, 1 deletions
diff --git a/lib/python/sectracker/analyzers.py b/lib/python/sectracker/analyzers.py index 753187b28f..433a2c41ab 100644 --- a/lib/python/sectracker/analyzers.py +++ b/lib/python/sectracker/analyzers.py @@ -16,6 +16,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA import apt_pkg as _apt_pkg +import re as _re # vercmp is the Debian version comparison algorithm _apt_pkg.init() @@ -67,3 +68,33 @@ def extractversions(config, bugdb, diag): else: pv[ann.package] = set((ann.version,)) return rpv + +def copysources(bugdb, diag): + """Returns a dictionary, mapping bug names to their copy sources. + + As a side effect, this checks cross-references. Errors found + there are recorded in diag.""" + + re_source = _re.compile("^DT?SA-") + + result = {} + for bug in bugdb.values(): + copy_source = bug.header.name + if not re_source.match(copy_source): + copy_source = None + for ann in bug.annotations: + if ann.type <> "xref": + continue + for target in ann.bugs: + if target not in bugdb: + diag.error("reference to unknown bug %r" % target, + file=bug.file, line=ann.line) + continue + if copy_source is not None: + if target in result: + result[target].add(copy_source) + else: + result[target] = set((copy_source,)) + return result + + diff --git a/lib/python/sectracker_test/test_analyzers.py b/lib/python/sectracker_test/test_analyzers.py index 55d4a38be5..ef4f89f6a4 100644 --- a/lib/python/sectracker_test/test_analyzers.py +++ b/lib/python/sectracker_test/test_analyzers.py @@ -27,6 +27,8 @@ diag = Diagnostics() bugdb = mergelists((p.cvelist("../../data/CVE/list"), p.dsalist("../../data/DSA/list"), p.dtsalist("../../data/DTSA/list")), diag) +assert "CVE-1999-0001" in bugdb +assert "DSA-135" in bugdb assert "CVE-2006-0225" in bugdb assert bugdb["CVE-2006-0225"].annotations[0].package == "openssh" @@ -42,7 +44,11 @@ if False: if len(v) > 1: print r, p, v +# copysources +copysrc = copysources(bugdb, diag) +assert "CVE-2008-0225" in copysrc +assert "DSA-1472-1" in copysrc["CVE-2008-0225"] + for err in diag.messages(): print "%s:%d: %s: %s" % (err.file, err.line, err.level, err.message) assert not diag.messages() - |