diff options
author | Raphaël Hertzog <hertzog@debian.org> | 2015-04-10 19:33:00 +0000 |
---|---|---|
committer | Raphaël Hertzog <hertzog@debian.org> | 2015-04-10 19:33:00 +0000 |
commit | 54843f76fc9ed6bd67cd05a930fbc59425ce37bc (patch) | |
tree | 4f4a6b5b32a0af95db0759939b39761913f32e3b /bin/lts-cve-triage.py | |
parent | 2301289ef1c6ecd234b882d2c58af3821f53b0ac (diff) |
Add new helper script bin/lts-cve-triage.py
It helps doing CVE triage by comparing status of issues with the
"next_lts" release (managed by the security team instead of the LTS team).
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@33498 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/lts-cve-triage.py')
-rwxr-xr-x | bin/lts-cve-triage.py | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/bin/lts-cve-triage.py b/bin/lts-cve-triage.py new file mode 100755 index 0000000000..b396f80b43 --- /dev/null +++ b/bin/lts-cve-triage.py @@ -0,0 +1,85 @@ +#!/usr/bin/python + +# Copyright 2015 Raphael Hertzog <hertzog@debian.org> +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see <https://www.gnu.org/licenses/>. + +import collections + +from tracker_data import TrackerData, RELEASES + +tracker = TrackerData(update_cache=True) +next_lts = RELEASES['next_lts'] + +LIST_NAMES = ( + ('triage_already_in_dsa_needed', + 'Issues to triage that are in dsa-needed'), + ('triage_likely_nodsa', + 'Issues to triage that are nodsa in {}'.format(next_lts)), + ('triage_other', + 'Other issues to triage (no special status)'), + ('triage_other_not_triaged_in_next_lts', + 'Other issues to triage (not yet triaged in {})'.format(next_lts)), + ('unexpected_nodsa', + 'Issues tagged no-dsa that are open in {}'.format(next_lts)), + ('possible_easy_fixes', + 'Issues that are already fixed in {}'.format(next_lts)), +) + +lists = collections.defaultdict(lambda: collections.defaultdict(lambda: [])) + + +def add_to_list(key, pkg, issue): + assert key in [l[0] for l in LIST_NAMES] + lists[key][pkg].append(issue) + + +for pkg in tracker.iterate_packages(): + for issue in tracker.iterate_pkg_issues(pkg): + status_in_lts = issue.get_status('lts') + status_in_next_lts = issue.get_status('next_lts') + + if status_in_lts.status in ('not-affected', 'resolved'): + continue + + if status_in_lts.status == 'open': + if pkg not in tracker.dla_needed: # Issues not triaged yet + if status_in_next_lts.status == 'open': + if pkg in tracker.dsa_needed: + add_to_list('triage_already_in_dsa_needed', pkg, issue) + else: + add_to_list('triage_other_not_triaged_in_next_lts', + pkg, issue) + elif (status_in_next_lts.status == 'ignored' and + status_in_next_lts.reason == 'no-dsa'): + add_to_list('triage_likely_nodsa', pkg, issue) + else: + add_to_list('triage_other', pkg, issue) + if status_in_next_lts.status == 'resolved': + add_to_list('possible_easy_fixes', pkg, issue) + + if (status_in_lts.status == 'ignored' and + status_in_lts.reason == 'no-dsa' and + status_in_next_lts.status == 'open'): + add_to_list('unexpected_nodsa', pkg, issue) + +for key, desc in LIST_NAMES: + if not len(lists[key]): + continue + print('{}:'.format(desc)) + for pkg in sorted(lists[key].keys()): + cve_list = ' '.join( + [i.name for i in sorted(lists[key][pkg], key=lambda i: i.name)]) + print('* {:20s} -> {}'.format(pkg, cve_list)) + print('') |