diff options
| author |   Robert Buchholz <rbu@gentoo.org> | 2009-01-04 17:46:43 +0000 |
|---|---|---|
| committer | Robert Buchholz <rbu@gentoo.org> | 2009-01-04 17:46:43 +0000 |
| commit | 9bdb839233f0ddd55eb09e932c0ff4ce39f49bb8 (patch) | |
| tree | e7166e10c0cf409ea663785951428032ccb8bbc7 /lib | |
| parent | PHP Bugs (diff) | |
| download | security-9bdb839233f0ddd55eb09e932c0ff4ce39f49bb8.tar.gz security-9bdb839233f0ddd55eb09e932c0ff4ce39f49bb8.tar.bz2 security-9bdb839233f0ddd55eb09e932c0ff4ce39f49bb8.zip | |
* Add bug assigning code and integrate it into check-todo-issues
* Allow jumping back and forward in CVE list in interactive mode
* Allow setting of whiteboard, try to guess severity from it
svn path=/; revision=1011
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/python/assign.py | 112 | ||||
| -rw-r--r-- | lib/python/cvetools.py | 33 |
2 files changed, 142 insertions, 3 deletions
diff --git a/lib/python/assign.py b/lib/python/assign.py new file mode 100755 index 0000000..82d894b --- /dev/null +++ b/lib/python/assign.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Written by Robert Buchholz <rbu@gentoo.org> + +import sys +import os +import re +try: + import xml.etree.ElementTree as et +except ImportError: + import elementtree.ElementTree as et + +PORTDIR = "/usr/portage" +HERDS = PORTDIR + "/metadata/herds.xml" +heXML = None + +def uniq(seq): + """ order preserving unique """ + seen = {} + result = [] + for item in seq: + if not item in seen: + seen[item] = 1 + result.append(item) + return result + +def get_pkg_cat(string): + """ returns a list with packages or categories found that exist in portdir """ + metadatadirs = [] + + matches = re.findall(r"(?#start: )(?:^|\s)[<>~=]*(?#\ + cat: )([A-Za-z0-9+_][A-Za-z0-9+_.-]*/(?#\ + pnv: )[A-Za-z0-9+_][A-Za-z0-9+_.:@-]*)", string) + + for name in matches: + # remove versions at the end + name = re.sub(r"(?#version: )-[0-9.]+[a-z]?(?#\ + additions: )(_(alpha|beta|pre|rc|p)[0-9]*)?(?#\ + revisions: )(-r[0-9]*)?(?#\ + usedeps: )(\[[!=?A-Za-z0-9+_@-]+\])?(?#\ + slot deps: )(:[A-Za-z0-9+_.-]*)?$", "", name) + + if os.path.isdir("%s/%s" % (PORTDIR, name)): + metadatadirs.append(name) + else: + (cat, _) = name.split('/', 1) + if os.path.isdir("%s/%s" % (PORTDIR, cat)): + metadatadirs.append(cat) + + return metadatadirs + +def get_maintainer_for(directory): + """ returns a priority-sorted list of maintainers for a given CAT or CAT/PN """ + cc = [] + try: + if not heXML: + globals()['heXML'] = et.parse(HERDS) + meXML = et.parse("%s/%s/metadata.xml" % (PORTDIR, directory)) + + for elem in meXML.getiterator(): + if elem.tag == "herd": + for thisherd in heXML.findall("/herd"): + if thisherd.findtext("name") == elem.text: + herdmail = thisherd.findtext("email") + if herdmail: + cc.append(herdmail) + elif elem.tag == "maintainer": + email = elem.findtext("email") + if not email: + continue + if elem.get('ignoreauto') == "1" and elem.get('role'): + if email in cc: + cc.remove(email) + else: + cc.append(email) + + except Exception: + pass + return cc + +def get_cc_from_string(string): + """ returns an ordered list of bug assignees / ccs for an arbitrary string such as + a bug title. the first element of the tuple (if present) is supposed to be the + assignee of the bug. """ + ccs = [] + metadatadirs = get_pkg_cat(string) + for dir in metadatadirs: + ccs.extend(get_maintainer_for(dir)) + + # remove dupes + ccs = uniq(ccs) + return ccs + +def main(): + if len(sys.argv) < 1: + return + arg = " ".join(sys.argv[1:]) + + ccs = get_cc_from_string(arg) + + if len(ccs) > 0: + print "assign-to: %s" % (ccs[0]) + print "cc: %s" % (",".join(ccs[1:])) + + +if __name__ == "__main__": + try: + main() + except KeyboardInterrupt: + print '\n ! Exiting.' diff --git a/lib/python/cvetools.py b/lib/python/cvetools.py index 0e71504..7e5dc5c 100644 --- a/lib/python/cvetools.py +++ b/lib/python/cvetools.py @@ -3,6 +3,7 @@ import os import re +import assign class CVEData: CVEID_RE = re.compile("(CVE-\d+-\d+)") @@ -220,18 +221,26 @@ class BugReporter: password = password, forget = False) - def post_bug(self, title, description, component=""): + def post_bug(self, title, description, component="", whiteboard=""): """ Posts a security bug, returning the Bug number or 0 """ bugno = 0 + ccs = assign.get_cc_from_string(title) + ccs = ",".join(ccs) + + severity = 'normal' try: try: - bugno = self.bugz_auth.post(title = title, description = description) + bugno = self.bugz_auth.post(title = title, description = description, cc = ccs) print "Ignoring Bug component, please upgrade pybugz." except TypeError: # pybugz since 0.7.4 requires to specify product and component - bugno = self.bugz_auth.post(title = title, product="Gentoo Security", component=component, description = description) + bugno = self.bugz_auth.post(title = title, product="Gentoo Security", component=component, description = description, cc = ccs) except Exception, e: print "An error occurred posting a bug: %s" % (e) + + if bugno and whiteboard: + severity = self.severity_from_whiteboard(whiteboard) + self.bugz_auth.modify(bugid = bugno, whiteboard = whiteboard, severity = severity) return bugno def modify_bug(self, bugid, title, comment): @@ -263,3 +272,21 @@ class BugReporter: pass return bug_cves + def severity_from_whiteboard(self, whiteboard): + if (len(whiteboard)) < 2: + return 'normal' + evaluation = whiteboard[0:2] + if evaluation in ['A0', 'B0']: + return 'blocker' + if evaluation in ['A1', 'C0']: + return 'critical' + if evaluation in ['A2', 'B1', 'C1']: + return 'major' + if evaluation in ['A3', 'B2', 'C2']: + return 'normal' + if evaluation in ['A4', 'B3', 'B4', 'C3']: + return 'minor' + if evaluation in ['C4', '~0', '~1', '~2', '~3', '~4']: + return 'trivial' + + return 'normal' |