diff options
| author | Neil Williams <codehelp@debian.org> | 2022-01-06 14:45:54 +0000 |
|---|---|---|
| committer | Neil Williams <codehelp@debian.org> | 2022-01-27 09:08:15 +0000 |
| commit | 04b7a5de9b238c28febf48dafb7fecebecdd0984 (patch) | |
| tree | f3e3190e199d47bdda000f6936a8f92f84e18e7f | |
| parent | f1e5876b4f87a2214529e46ddb608bc812e8da5c (diff) | |
Pylint updates
Extend linelength to 120 in black.
| -rwxr-xr-x | bin/grab-cve-in-fix | 61 | ||||
| -rwxr-xr-x | bin/update-vuln | 96 |
2 files changed, 60 insertions, 97 deletions
diff --git a/bin/grab-cve-in-fix b/bin/grab-cve-in-fix index 5d6068f54d..9a7db822f9 100755 --- a/bin/grab-cve-in-fix +++ b/bin/grab-cve-in-fix @@ -29,7 +29,7 @@ grab-cve-in-fix - #1001451 # MA 02110-1301, USA. # -# pylint: disable=too-few-public-methods +# pylint: disable=too-few-public-methods,line-too-long,too-many-instance-attributes,too-many-branches # Examples: # --archive https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html @@ -69,22 +69,20 @@ class ParseChanges: self.bugs = {} self.parsed = [] self.unstable_version = None - self.tracker_base = ( - "https://security-tracker.debian.org/tracker/source-package/" - ) + self.tracker_base = "https://security-tracker.debian.org/tracker/source-package/" self.logger = logging.getLogger("grab-cve-in-fix") self.logger.setLevel(logging.DEBUG) # console logging - ch = logging.StreamHandler() - ch.setLevel(logging.DEBUG) + ch_log = logging.StreamHandler() + ch_log.setLevel(logging.DEBUG) formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s") - ch.setFormatter(formatter) - self.logger.addHandler(ch) - apt_pkg.init_system() + ch_log.setFormatter(formatter) + self.logger.addHandler(ch_log) + apt_pkg.init_system() # pylint: disable=c-extension-no-member def _read_cvelist(self): os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__)))) - data, _ = cvelist("data/CVE/list") + data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter for cve in self.cves: for bug in data: if bug.header.name == cve: @@ -154,20 +152,18 @@ class ParseChanges: if line.package != self.source_package: continue # allow for removed, old or alternate pkg names if line.version: - vc = apt_pkg.version_compare(line.version, self.unstable_version) - if vc < 0: - self.logger.info( - "Updating %s to %s", line.version, self.unstable_version - ) + vcompare = apt_pkg.version_compare( # pylint: disable=c-extension-no-member + line.version, self.unstable_version + ) + if vcompare < 0: + self.logger.info("Updating %s to %s", line.version, self.unstable_version) mod_line = line._replace(version=self.unstable_version) index = self.bugs[cve].annotations.index(line) bug_list = list(self.bugs[cve].annotations) bug_list[index] = mod_line - mod_bug = Bug( - self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list) - ) + mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list)) modified.append(mod_bug) - elif vc > 0: + elif vcompare > 0: self.logger.error( "%s is listed as fixed in %s which is newer than %s", cve, @@ -186,16 +182,13 @@ class ParseChanges: index = self.bugs[cve].annotations.index(line) bug_list = list(self.bugs[cve].annotations) bug_list[index] = mod_line - mod_bug = Bug( - self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list) - ) + mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list)) modified.append(mod_bug) if not modified: - return + return 0 if os.path.exists(cve_file): self.logger.critical("%s already exists", cve_file) return -1 - mods = [] for cve in modified: self.logger.info( "Writing to ./%s with update for %s - %s %s", @@ -206,6 +199,7 @@ class ParseChanges: ) with open(cve_file, "a") as snippet: writecvelist(modified, snippet) + return 0 class ParseSources(ParseChanges): @@ -231,7 +225,7 @@ class ParseSources(ParseChanges): # self.url contains pkgdir which needs to contain Sources files os.chdir(self.url) for srcs_file in glob.glob("sid*Sources"): - srcs = sourcepackages(srcs_file) + srcs = sourcepackages(srcs_file) # pylint: disable=no-value-for-parameter if srcs.get(self.source_package): self.unstable_version = srcs[self.source_package].version # src package is only listed in one Sources file @@ -335,12 +329,10 @@ def main(): description="Grab CVE data from a package upload for manual review", usage="%(prog)s [-h] [[--input] | [--archive URL] | [--tracker TRACKER]] | " "[[--src SRC] & [--cves [CVES ...]]]", - epilog="Data is written to a new <source_package>.list " - "file which can be used with './bin/merge-cve-files'", + epilog="Data is written to a new <source_package>.list " "file which can be used with './bin/merge-cve-files'", ) online = parser.add_argument_group( - "Online - query one of distro-tracker or " - "debian-devel-changes mail archive or debian-devel-changes email" + "Online - query one of distro-tracker or " "debian-devel-changes mail archive or debian-devel-changes email" ) online.add_argument( "--input", @@ -358,16 +350,12 @@ def main(): offline = parser.add_argument_group( "Offline - run 'make update-packages' first & specify source package and CVE list" ) - offline.add_argument( - "--src", help="Source package name to look up version in local packages files" - ) + offline.add_argument("--src", help="Source package name to look up version in local packages files") offline.add_argument( "--force-version", help="Explicitly set the fixed version, in case sid has moved ahead.", ) - offline.add_argument( - "--cves", nargs="*", help="CVE ID tag with version from local packages files" - ) + offline.add_argument("--cves", nargs="*", help="CVE ID tag with version from local packages files") args = parser.parse_args() if args.input: data = ParseDDStdIn(args.input) @@ -386,7 +374,8 @@ def main(): if args.force_version: data.unstable_version = args.force_version return data.parse() - self.logger.error("Unable to parse package data!") + logger = logging.getLogger("grab-cve-in-fix") + logger.error("Unable to parse package data!") return -1 diff --git a/bin/update-vuln b/bin/update-vuln index fd3bd0ad5f..f6f93f2e46 100755 --- a/bin/update-vuln +++ b/bin/update-vuln @@ -48,7 +48,6 @@ import sys import setup_paths # noqa # pylint: disable=unused-import from sectracker.parsers import ( - sourcepackages, PackageAnnotation, PackageBugAnnotation, StringAnnotation, @@ -57,6 +56,8 @@ from sectracker.parsers import ( writecvelist, ) +# pylint: disable=line-too-long + class ParseUpdates: """ @@ -67,22 +68,20 @@ class ParseUpdates: def __init__(self): self.cves = [] self.bugs = {} - self.marker = ( - "aaaaaaaaaaaaa" # replacement for NoneType to always sort first - ) + self.marker = "aaaaaaaaaaaaa" # replacement for NoneType to always sort first self.logger = logging.getLogger("update-vuln") self.logger.setLevel(logging.DEBUG) # console logging - ch = logging.StreamHandler() - ch.setLevel(logging.DEBUG) + ch_log = logging.StreamHandler() + ch_log.setLevel(logging.DEBUG) formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s") - ch.setFormatter(formatter) - self.logger.addHandler(ch) + ch_log.setFormatter(formatter) + self.logger.addHandler(ch_log) def _read_cvelist(self): """Build a list of Bug items for the CVE from data/CVE/list""" os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__)))) - data, _ = cvelist("data/CVE/list") + data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter for cve in self.cves: for bug in data: if bug.header.name == cve: @@ -98,19 +97,11 @@ class ParseUpdates: Accounts for PackageAnnotation.release == None for unstable. """ if isinstance(annotation, PackageAnnotation): - store = { - ann.release: ann - for ann in self.bugs[cve].annotations - if isinstance(ann, PackageAnnotation) - } + store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)} store[annotation.release] = annotation - # this is needed despite python3.7 having ordered dicts - # which would need a copied list anyway. - existing = [ - ann.release - for ann in self.bugs[cve].annotations - if isinstance(ann, PackageAnnotation) - ] + # this is needed despite python3 >= 3.7 having ordered dicts + # because using the dict.keys() would need a copy of that list anyway. + existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)] if None in existing: # release == None for unstable index = existing.index(None) @@ -143,23 +134,26 @@ class ParseUpdates: return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list)) def write_modified(self, modified, cve_file): + """ + Write out a CVE snippet for review and merge + + Fails if the file already exists. + """ if not modified: - return + return 0 if not isinstance(modified, list): - return + return 0 if os.path.exists(cve_file): self.logger.critical( "%s already exists - merge the update and remove the file first.", cve_file, ) return -1 - mods = [] for cve in modified: - self.logger.info( - "Writing to ./%s with update for %s", cve_file, cve.header.name - ) + self.logger.info("Writing to ./%s with update for %s", cve_file, cve.header.name) with open(cve_file, "a") as snippet: writecvelist(modified, snippet) + return 0 def mark_not_affected(self, suite, src, description): """ @@ -168,23 +162,17 @@ class ParseUpdates: Fails if the file already exists. """ release = suite - if suite == "unstable" or suite == "sid": + if suite in ("unstable", "sid"): # special handling for unstable suite = None release = "unstable" modified = [] cve = self.cves[0] cve_file = f"{cve}.list" - existing = [ - line.release - for line in self.bugs[cve].annotations - if isinstance(line, PackageAnnotation) - ] + existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)] if suite not in existing: # line type release package kind version description flags - line = PackageAnnotation( - 0, "package", suite, src, "not-affected", None, description, [] - ) + line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, []) mod_bug = self._add_annotation_to_cve(cve, line) modified.append(mod_bug) for line in self.bugs[cve].annotations: @@ -200,9 +188,7 @@ class ParseUpdates: self.logger.info("Nothing to do for %s in %s.", cve, suite) return mod_line = line._replace(kind="not-affected") - self.logger.info( - "Modified %s for %s in %s to <not-affected>", cve, src, release - ) + self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release) if mod_line.version: self.logger.info("Removing version %s", line.version) ver_line = mod_line @@ -230,16 +216,7 @@ class ParseUpdates: modified = [] cve = self.cves[0] cve_file = f"{cve}.list" - existing = [ - note.description - for note in self.bugs[cve].annotations - if isinstance(note, StringAnnotation) - ] - lines = [ - note.line - for note in self.bugs[cve].annotations - if isinstance(note, StringAnnotation) - ] + existing = [note.description for note in self.bugs[cve].annotations if isinstance(note, StringAnnotation)] if note in existing: self.logger.info("Note already exists, ignoring") return @@ -248,7 +225,7 @@ class ParseUpdates: modified.append(mod_bug) self.write_modified(modified, cve_file) - def add_bug_number(self, bug, itp=False): + def add_bug_number(self, bug, itp=False): # pylint: disable=too-many-locals """ Writes out a CVE file snippet with the filename: ./<cve>.list @@ -266,9 +243,7 @@ class ParseUpdates: ] bugs = [bug for sublist in existing for bug in sublist] if bugs: - self.logger.warning( - "%s already has a bug annotation for unstable: %s", cve, bugs[0].bug - ) + self.logger.warning("%s already has a bug annotation for unstable: %s", cve, bugs[0].bug) return -1 pkgs = [ pkg @@ -296,9 +271,7 @@ class ParseUpdates: return -1 old_pkg = pkgs[0] if itp and old_pkg.kind == "fixed": - self.logger.error( - "%s is already marked as <fixed> but --itp flag was set.", cve - ) + self.logger.error("%s is already marked as <fixed> but --itp flag was set.", cve) return -3 new_flags = [PackageBugAnnotation(bug)] new_pkg = PackageAnnotation( @@ -319,8 +292,10 @@ class ParseUpdates: mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(new_list)) modified.append(mod_bug) self.write_modified(modified, cve_file) + return 0 def load_cve(self, cve): + """Load all data for the specified CVE""" self.logger.info("Loading data for %s...", cve) self.cves.append(cve) self._read_cvelist() @@ -337,8 +312,9 @@ def main(): --note "URL:" """ parser = argparse.ArgumentParser( - description="Make a single update to specified CVE data as " - "not-affected, add bug number or add a note", + description="Make a single update to specified CVE data as not-affected, add bug number or add a note", + usage="%(prog)s [-h] --cve CVE [--src SRC --suite SUITE " + "[--description DESCRIPTION]] | [[--number NUMBER] [--itp SRC]] | [--note NOTE]", epilog="Data is written to a new <cve_number>.list " "file which can be used with './bin/merge-cve-files'. " "Make sure the output file is merged and removed before " @@ -354,9 +330,7 @@ def main(): ) # needs to specify the src_package as well as suite to cope with removed etc. affected.add_argument("--src", help="Source package name in SUITE") - affected.add_argument( - "--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE" - ) + affected.add_argument("--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE") affected.add_argument( "--description", help="Optional description of why the SRC is unaffected in SUITE", |