From 592c7c87336d6c7884dae4fc3c1ebda607cdc051 Mon Sep 17 00:00:00 2001 From: Sebastien Delafond Date: Thu, 10 Aug 2017 21:07:04 +0000 Subject: Give /tracker/status/release/stable the ability to filter on "ignored" & "postponed" no-dsa substates git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54582 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- bin/tracker_service.py | 40 ++++++++++++++++++++++++++++++++-------- lib/python/security_db.py | 10 +++++++--- static/style.css | 10 +++++++++- 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/bin/tracker_service.py b/bin/tracker_service.py index c74809ddd8..5e9b06ef61 100755 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -56,10 +56,14 @@ class BugFilter: ('undetermined_issues', 'include issues to be checked (shown in purple)', 'extra'),] - def __init__(self, params, nonodsa=False): + def __init__(self, params, nonodsa=False, noignored=False, nopostponed=False): self.action_list = self.default_action_list if not nonodsa: - self.action_list = self.default_action_list + [('nodsa', 'include issues tagged ', 'extra')] + self.action_list = self.action_list + [('nodsa', 'include issues tagged ', 'nodsa')] + if not noignored: + self.action_list = self.action_list + [('noignored', 'include issues tagged ', 'nodsa')] + if not nopostponed: + self.action_list = self.action_list + [('nopostponed', 'include issues tagged ', 'nodsa')] self.params = {} for (prop, desc, field) in self.action_list: self.params[prop] = int(params.get(prop, (0,))[0]) @@ -109,6 +113,12 @@ class BugFilter: def nodsaFiltered(self, nodsa): """Returns True for no DSA issues if filtered.""" return nodsa and not self.params['nodsa'] + def ignoredFiltered(self, no_dsa_reason): + """Returns True for ignored issues if filtered.""" + return no_dsa_reason == 'ignored' and not self.params['noignored'] + def postponedFiltered(self, no_dsa_reason): + """Returns True for postponedissues if filtered.""" + return no_dsa_reason == 'postponed' and not self.params['nopostponed'] class TrackerService(webservice_base_class): head_contents = compose( @@ -684,9 +694,9 @@ to improve our documentation and procedures, so feedback is welcome.""")])]) def gen(): old_pkg_name = '' - for (pkg_name, bug_name, archive, urgency, vulnerable, remote, no_dsa) in \ + for (pkg_name, bug_name, archive, urgency, vulnerable, remote, no_dsa, no_dsa_reason) in \ self.db.cursor().execute( - """SELECT package, bug, section, urgency, vulnerable, remote, no_dsa + """SELECT package, bug, section, urgency, vulnerable, remote, no_dsa, no_dsa_reason FROM %s_status WHERE (bug LIKE 'CVE-%%' OR bug LIKE 'TEMP-%%')""" % release): if bf.urgencyFiltered(urgency, vulnerable): @@ -695,6 +705,10 @@ to improve our documentation and procedures, so feedback is welcome.""")])]) continue if bf.nodsaFiltered(no_dsa): continue + if bf.ignoredFiltered(no_dsa_reason): + continue + if bf.postponedFiltered(no_dsa_reason): + continue if pkg_name == old_pkg_name: pkg_name = '' @@ -797,7 +811,7 @@ to improve our documentation and procedures, so feedback is welcome.""")])]) def page_status_release_unstable_like(self, path, params, url, rel, title, subrel=""): - bf = BugFilter(params,nonodsa=True) + bf = BugFilter(params,nonodsa=True,noignored=True,nopostponed=True) def gen(): old_pkg_name = '' @@ -1300,8 +1314,9 @@ Debian bug number.'''), status = defaultdict(lambda: defaultdict(dict)) urgency = defaultdict(lambda: defaultdict(dict)) nodsa = defaultdict(lambda: defaultdict(dict)) + nodsa_reason = defaultdict(lambda: defaultdict(dict)) supported_releases = ('sid', 'buster', 'stretch', 'jessie', 'wheezy') - for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_fixed_version, db_status, db_urgency, db_remote, db_nodsa) in self.db.cursor().execute( + for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_fixed_version, db_status, db_urgency, db_remote, db_nodsa, db_nodsa_reason) in self.db.cursor().execute( """SELECT sp.name, st.bug_name, (SELECT cve_desc FROM nvd_data WHERE cve_name = st.bug_name), @@ -1318,7 +1333,10 @@ Debian bug number.'''), WHERE cve_name = st.bug_name), (SELECT comment FROM package_notes_nodsa AS nd WHERE nd.package = sp.name AND nd.release = sp.release - AND nd.bug_name = st.bug_name) AS nodsa + AND nd.bug_name = st.bug_name) AS nodsa, + (SELECT reason FROM package_notes_nodsa AS nd + WHERE nd.package = sp.name AND nd.release = sp.release + AND nd.bug_name = st.bug_name) AS nodsa_reason FROM source_package_status AS st, source_packages AS sp, bugs WHERE sp.rowid = st.package AND st.bug_name = bugs.name AND ( st.bug_name LIKE 'CVE-%' OR st.bug_name LIKE 'TEMP-%' ) @@ -1351,6 +1369,8 @@ Debian bug number.'''), urgency[pkg][issue][repository] = db_urgency if str(db_nodsa) != 'None': nodsa[pkg][issue][repository] = db_nodsa + if str(db_nodsa_reason) != 'None': + nodsa_reason[pkg][issue][repository] = db_nodsa_reason data = {} for pkg in packages: @@ -1376,6 +1396,7 @@ Debian bug number.'''), suite_fixed_version = None suite_urgency = None suite_nodsa = None + suite_nodsa_reason = None suite_repositories = {} winner='' for suffix in ('','-security','-lts'): @@ -1401,6 +1422,8 @@ Debian bug number.'''), suite_urgency = urgency[pkg][issue][repository] if nodsa[pkg][issue].has_key(repository): suite_nodsa = nodsa[pkg][issue][repository] + if nodsa_reason[pkg][issue].has_key(repository): + suite_nodsa_reason = nodsa_reason[pkg][issue][repository] for repository in repositories[pkg][issue]: for suffix in ('','-security','-lts'): subrelease=release+suffix @@ -1410,7 +1433,8 @@ Debian bug number.'''), "repositories": suite_repositories, "fixed_version" : suite_fixed_version, "urgency": suite_urgency, - "nodsa": suite_nodsa } + "nodsa": suite_nodsa, + "nodsa_reason": suite_nodsa_reason} clean_dict(suites[release]) pkg_issue = { "description": description, "debianbug": debianbug, diff --git a/lib/python/security_db.py b/lib/python/security_db.py index d059f3e7d1..f613d5e448 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -500,10 +500,14 @@ class DB: st.vulnerable AS vulnerable, (SELECT range_remote FROM nvd_data WHERE cve_name = st.bug_name) AS remote, - (EXISTS (SELECT * FROM package_notes_nodsa AS pnd + (SELECT comment FROM package_notes_nodsa AS pnd WHERE pnd.bug_name = st.bug_name AND pnd.package = sp.name - AND pnd.release = '%s')) AS no_dsa + AND pnd.release = '%s') AS no_dsa, + (SELECT reason FROM package_notes_nodsa AS pnd + WHERE pnd.bug_name = st.bug_name + AND pnd.package = sp.name + AND pnd.release = '%s') AS no_dsa_reason FROM source_package_status AS st, source_packages AS sp WHERE st.vulnerable > 0 AND sp.rowid = st.package AND sp.release = '%s' AND sp.subrelease = '' @@ -515,7 +519,7 @@ class DB: AND secst.bug_name = st.bug_name AND secst.package = secp.rowid), 0) ORDER BY sp.name, urgency_to_number(urgency), st.bug_name""" - % (name, nickname, nickname, nickname)) + % (name, nickname, nickname, nickname, nickname)) cursor.execute( """CREATE TEMPORARY VIEW debian_cve AS diff --git a/static/style.css b/static/style.css index fb6d52085d..fda01b0ee8 100644 --- a/static/style.css +++ b/static/style.css @@ -196,7 +196,15 @@ label[rel="extra"] { /*background: #d70a53;*/ } -label[rel="extra"]:last-child { +label[rel="nodsa"] { + padding: 0.5em 0; + color: #fff; + background: #5399E4; + /*background: #5c3566;*/ + /*background: #d70a53;*/ +} + +label[rel="nodsa"]:last-child { margin-right: 0.5em; padding-right: 0.5em; } -- cgit v1.2.3