launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #28391
Re: [Merge] ~lgp171188/launchpad:vulnerability-creation-api into launchpad:master
Diff comments:
> diff --git a/lib/lp/registry/interfaces/distribution.py b/lib/lp/registry/interfaces/distribution.py
> index 5ccc03d..afee0b5 100644
> --- a/lib/lp/registry/interfaces/distribution.py
> +++ b/lib/lp/registry/interfaces/distribution.py
> @@ -873,6 +889,70 @@ class IDistributionEditRestricted(IOfficialBugTagTargetRestricted):
> def deleteOCICredentials():
> """Delete any existing OCI credentials for the distribution."""
>
> + @call_with(creator=REQUEST_USER)
> + @operation_parameters(
> + status=Choice(
> + title=_('The status of the vulnerability.'),
> + required=True,
> + vocabulary=VulnerabilityStatus,
> + ),
> + creator=Reference(
> + title=_('Person creating the vulnerability.'),
> + schema=IPerson,
> + required=True,
> + ),
> + importance=Choice(
> + title=_('Indicates the work priority, not the severity. '
> + 'Defaults to `Undecided`.'),
> + vocabulary=BugTaskImportance,
> + required=False,
> + default=BugTaskImportance.UNDECIDED,
> + ),
> + information_type=Choice(
> + title=_('Information Type. Defaults to `Public`.'),
> + required=False,
> + vocabulary=InformationType,
> + default=InformationType.PUBLIC,
> + ),
> + cve=Reference(
> + ICve,
> + title=_('External CVE reference corresponding to '
> + 'this vulnerability, if any.'),
> + required=False,
> + ),
> + description=TextLine(
> + title=_('A short description of the vulnerability.'),
> + required=False,
> + ),
> + notes = TextLine(
> + title=_("Free-form notes for this vulnerability."),
> + required=False,
> + readonly=False
> + ),
> + mitigation=TextLine(
> + title=_("Explains why we're ignoring this vulnerability."),
> + required=False,
> + ),
> + importance_explanation=TextLine(
> + title=_('Used to explain why our importance differs from '
> + "somebody else's CVSS score."),
> + required=False,
> + ),
> + date_made_public=Datetime(
> + title=_("The date this vulnerability was made public."),
> + required=False,
> + ),
> + )
> + @export_write_operation()
> + @operation_for_version("devel")
> + def newVulnerability(status, creator,
The access to this method is controlled by the `launchpad.Edit` permission atm. Colin mentioned that we need to investigate creating a new permission/role for the security team and getting William's take on it.
> + importance=BugTaskImportance.UNDECIDED,
> + information_type=InformationType.PUBLIC,
> + cve=None, description=None, notes=None,
> + mitigation=None, importance_explanation=None,
> + date_made_public=None):
> + """Create a new vulnerability in the distribution."""
> +
>
> @exported_as_webservice_entry(as_of="beta")
> class IDistribution(
--
https://code.launchpad.net/~lgp171188/launchpad/+git/launchpad/+merge/420401
Your team Launchpad code reviewers is requested to review the proposed merge of ~lgp171188/launchpad:vulnerability-creation-api into launchpad:master.
References