summaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* bugs.py: sort using Release's sortEmilio Pozuelo Monfort2020-07-291-1/+1
| | | | | string sort doesn't work here, as buster < jessie < stretch. However Release's sort will dtrt.
* bugs.py: make PackageNoteNoDSA.release a Release objectEmilio Pozuelo Monfort2020-07-291-1/+4
| | | | Like in the other PackageNote objects
* bugs.py: sort using a lambda key functionEmilio Pozuelo Monfort2020-07-291-9/+2
|
* debian_support: decode lines when necessaryEmilio Pozuelo Monfort2020-07-291-3/+11
| | | | | | | | | We sometimes get passed lines as bytes, which we need to decode under python3. We should probably add an argument to PackageFile's constructor for when we get a fileObj argument, but let's do that when we no longer have to worry about py2 and py3 compatibility.
* security_db: encode data before passing it to base64Emilio Pozuelo Monfort2020-07-291-3/+3
| | | | In python3, base64 takes bytes.
* security_db: use pickle's dumps and loadsEmilio Pozuelo Monfort2020-07-291-5/+3
| | | | | | | Rather than using StringIO in py2 and BytesIO in py3 and porting away from buffer which is also gone in py3, let's just use dumps and loads and let the pickle library handle the memory representation for us.
* debian_support.py: add py3 compatibility for apt-update-fileEmilio Pozuelo Monfort2020-07-291-4/+10
|
* web_support.py: make_list: don't subscript the listEmilio Pozuelo Monfort2020-07-291-5/+5
| | | | | | We may get objects that are not subscriptable in py3, such as map objects, so just iterate over the whole object and pop the last separator instead.
* web_support.py: adapt urllib.quote for python3Emilio Pozuelo Monfort2020-07-291-3/+7
|
* web_support.py: decode data when necessaryEmilio Pozuelo Monfort2020-07-291-1/+8
| | | | We can't pass bytes under python3
* web_support.py: adapt HTTPServer imports for python3Emilio Pozuelo Monfort2020-07-291-5/+9
|
* web_support.py: adapt StringIO for python3Emilio Pozuelo Monfort2020-07-291-7/+11
|
* lib/python: replace tabs with spacesEmilio Pozuelo Monfort2020-07-292-2/+2
|
* web_support.py: fix octal numbers under py3Emilio Pozuelo Monfort2020-07-291-1/+1
|
* debian_support: use BytesIO for GzipFile in python3Emilio Pozuelo Monfort2020-07-291-2/+6
|
* bugs.py: encode the string before using the digestEmilio Pozuelo Monfort2020-07-291-1/+1
| | | | Needed for py3 compatibility.
* lib/python: use isinstance rather than typesEmilio Pozuelo Monfort2020-07-295-35/+47
| | | | types.TypeFoo are gone in python3.
* config.py: force keys() to get evaluated as listEmilio Pozuelo Monfort2020-07-291-1/+1
|
* Replace cPickle with pickle libraryBrian May2020-07-292-4/+4
| | | | cPickle isn't available in Python 3.
* Use urllib urllib instead of urllib2Brian May2020-07-291-3/+6
|
* Force map() to get evaluated as listBrian May2020-07-291-1/+1
| | | | | Under Python 3, map() doesn't return a list (as in Python 2), but must be evaluated before it can be used as a list.
* Force keys() to get evaluated as listBrian May2020-07-293-11/+11
| | | | | Under Python 3, keys() doesn't return a list (as in Python 2), but must be evaluated before it can be used as a list.
* Merge branch 'distro-config' into 'master'Salvatore Bonaccorso2020-06-045-186/+109
|\ | | | | | | | | Distro config reunification See merge request security-tracker-team/security-tracker!48
| * security_db: don't hardcode the list of supported releasesEmilio Pozuelo Monfort2020-02-261-5/+6
| | | | | | | | | | At times there will just be two, so get that list from the config.
| * Makefile: don't hardcode Debian releasesEmilio Pozuelo Monfort2020-02-261-2/+2
| |
| * Don't hardcode architecture list in the MakefileEmilio Pozuelo Monfort2020-02-261-1/+5
| | | | | | | | Move it to config.json instead and grab it from there.
| * security_db: don't hardcode release namesEmilio Pozuelo Monfort2020-02-261-1/+1
| |
| * debian_support: don't hardcode release namesEmilio Pozuelo Monfort2020-02-261-2/+3
| |
| * config: add a method to get all releasesEmilio Pozuelo Monfort2020-02-261-1/+8
| |
| * security_db: drop squeeze workaroundsEmilio Pozuelo Monfort2020-02-261-6/+0
| |
| * security_db: don't hardcode the testing suite codenameEmilio Pozuelo Monfort2020-02-261-8/+11
| |
| * dist_config.py: remove unused fileEmilio Pozuelo Monfort2020-02-261-97/+0
| |
| * security_db: remove unused getEffectiveVersion methodEmilio Pozuelo Monfort2020-02-261-54/+0
| |
| * security_db: don't hardcode release codenames in _initViewsEmilio Pozuelo Monfort2020-02-261-1/+5
| |
| * security_db: don't hardcode releases in db queriesEmilio Pozuelo Monfort2020-02-261-4/+10
| |
| * security_db: don't hardcode release codenames in calculateDebsecanEmilio Pozuelo Monfort2020-02-261-1/+1
| |
| * security_db: take the sid value in calculateDebsecan0Emilio Pozuelo Monfort2020-02-261-4/+2
| | | | | | | | | | When the release is sid, just pass 'sid' rather than the empty string to change that afterwards.
| * security_db: don't hardcode codenames in calls to gen_releaseEmilio Pozuelo Monfort2020-02-261-1/+1
| |
| * security_db: don't hardcode codenames in calls to _calcTesting()Emilio Pozuelo Monfort2020-02-261-4/+8
| |
| * config.py: add python module to read config.jsonEmilio Pozuelo Monfort2020-02-261-0/+52
| |
* | Add basic Unicode support to the web frameworkFlorian Weimer2020-05-011-20/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As mentioned in Debian bug #959231 ("security-tracker: Proxy Error on CVE-2020-11565 tracker page"): * Florian Weimer: > * Francesco Poli: > >> Please note that the CVE is mentioned in [DSA-4667-1]. >> >> [DSA-4667-1]: <https://lists.debian.org/debian-security-announce/2020/msg00071.html> >> >> What's wrong with that tracker page? > > It's something in the NVD data that breaks the HTML escaping. This patch adds basic Unicode support to the web framework. I'm not sure if it is the right direction to move in, but it fixes the issue. An alternative fix would be to change the NVD importer not to put Unicode strings into the database, by encoding them as byte strings first. [carnil: Slightly rewrite the commit message] BugLink: https://bugs.debian.org/929228 BugLink: https://bugs.debian.org/959231 Signed-off-by: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | security_db: don't return duplicated advisoriesEmilio Pozuelo Monfort2020-03-181-1/+1
| | | | | | | | | | | | This is used to build the advisory table in package views, and it makes no sense to list some advisories (e.g. DSAs that fixed both stable and oldstable) twice.
* | nvd.py: Fix typo in Parser when issueing error (VAlueError -> ValueError)Salvatore Bonaccorso2020-03-041-1/+1
|/ | | | | Fixes: 966aef0927e2 ("Reimplement (incompletely) simplistic NVD parser to handle JSON feed") Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Merge branch 'bam/security-tracker-fix_cmp'Salvatore Bonaccorso2020-01-021-1/+2
|\ | | | | | | See merge request security-tracker-team/security-tracker!40
| * Fix list sortBrian May2019-06-171-1/+2
| |
* | Fix inconsistent leading ident before if statementBrian May2019-12-261-2/+2
| |
* | Reimplement (incompletely) simplistic NVD parser to handle JSON feedSalvatore Bonaccorso2019-10-201-68/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The reimplementation is focused on only the functionality actually strictly required by the security-tracker. This includes fetching the CVE id and corresponding description. All of specific imapct metrics (severity, range, loss attributes) are not implemented. Those will require a database schema version bump and reimplementation as well for the security_db. Closes: #942670 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | nvd.py: Add missing note that CVE description is returnedSalvatore Bonaccorso2019-10-201-0/+1
| |
* | Drop mips from bullseye architecturesSalvatore Bonaccorso2019-08-211-1/+1
| |
* | Another place where mips needs to be droppedRaphaƫl Hertzog2019-08-211-1/+1
| |

© 2014-2024 Faster IT GmbH | imprint | privacy policy