launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #29575
[Merge] ~jugmac00/launchpad:allow_limiting_uct_imports into launchpad:master
Jürgen Gmach has proposed merging ~jugmac00/launchpad:allow_limiting_uct_imports into launchpad:master.
Commit message:
WIP
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~jugmac00/launchpad/+git/launchpad/+merge/436146
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad:allow_limiting_uct_imports into launchpad:master.
diff --git a/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255 b/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255
new file mode 100644
index 0000000..db2403d
--- /dev/null
+++ b/lib/lp/bugs/scripts/tests/sampledata/CVE-2007-0255
@@ -0,0 +1,61 @@
+PublicDate: 2007-01-16 23:28:00 UTC
+Candidate: CVE-2007-0255
+References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255
+ http://xine.sourceforge.net/security
+Description:
+ XINE 0.99.4 allows user-assisted remote attackers to cause a denial of
+ service (application crash) and possibly execute arbitrary code via a
+ certain M3U file that contains a long #EXTINF line and contains format
+ string specifiers in an invalid udp:// URI, possibly a variant of
+ CVE-2007-0017.
+Ubuntu-Description:
+Notes:
+ sbeattie> issue is unlisted on xine upstream website
+Priority: medium
+Bugs:
+Discovered-by:
+Assigned-to:
+CVSS:
+
+Patches_xine-ui:
+upstream_xine-ui: needs-triage
+dapper_xine-ui: ignored (reached end-of-life)
+edgy_xine-ui: needed (reached end-of-life)
+feisty_xine-ui: needed (reached end-of-life)
+gutsy_xine-ui: needed (reached end-of-life)
+hardy_xine-ui: ignored (reached end-of-life)
+intrepid_xine-ui: needed (reached end-of-life)
+jaunty_xine-ui: ignored (reached end-of-life)
+karmic_xine-ui: ignored (reached end-of-life)
+lucid_xine-ui: ignored (reached end-of-life)
+maverick_xine-ui: ignored (reached end-of-life)
+natty_xine-ui: ignored (reached end-of-life)
+oneiric_xine-ui: ignored (reached end-of-life)
+precise_xine-ui: ignored (reached end-of-life)
+precise/esm_xine-ui: DNE (precise was needed)
+quantal_xine-ui: ignored (reached end-of-life)
+raring_xine-ui: ignored (reached end-of-life)
+saucy_xine-ui: ignored (reached end-of-life)
+trusty_xine-ui: ignored (reached end-of-life)
+trusty/esm_xine-ui: DNE (trusty was needed)
+utopic_xine-ui: ignored (reached end-of-life)
+vivid_xine-ui: ignored (reached end-of-life)
+vivid/stable-phone-overlay_xine-ui: DNE
+vivid/ubuntu-core_xine-ui: DNE
+wily_xine-ui: ignored (reached end-of-life)
+xenial_xine-ui: ignored (end of standard support, was needed)
+yakkety_xine-ui: ignored (reached end-of-life)
+zesty_xine-ui: ignored (reached end-of-life)
+artful_xine-ui: ignored (reached end-of-life)
+bionic_xine-ui: needed
+cosmic_xine-ui: ignored (reached end-of-life)
+disco_xine-ui: ignored (reached end-of-life)
+eoan_xine-ui: ignored (reached end-of-life)
+focal_xine-ui: needed
+groovy_xine-ui: ignored (reached end-of-life)
+hirsute_xine-ui: ignored (reached end-of-life)
+impish_xine-ui: ignored (reached end-of-life)
+jammy_xine-ui: needed
+kinetic_xine-ui: needed
+devel_xine-ui: needed
\ No newline at end of file
diff --git a/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219 b/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219
new file mode 100644
index 0000000..14aaa73
--- /dev/null
+++ b/lib/lp/bugs/scripts/tests/sampledata/CVE-2022-3219
@@ -0,0 +1,43 @@
+Candidate: CVE-2022-3219
+PublicDate: 2022-09-28
+References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219
+ https://access.redhat.com/security/cve/CVE-2022-3219
+ https://marc.info/?l=oss-security&m=165696590211434&w=4
+Description:
+ gnupg: denial of service issue (resource consumption) using compressed
+ packets
+Ubuntu-Description:
+Notes:
+ mdeslaur> per the upstream gnupg bug, the change will not be applied
+ mdeslaur> as of 2022-09-28, proposed patch has not been accepted by
+ mdeslaur> upstream developers
+Mitigation:
+Bugs:
+ https://dev.gnupg.org/T5993
+Priority: low
+Discovered-by:
+Assigned-to:
+CVSS:
+
+Patches_gnupg:
+upstream_gnupg: needs-triage
+esm-infra/xenial_gnupg: deferred (2022-09-28)
+trusty_gnupg: ignored (out of standard support)
+xenial_gnupg: ignored (out of standard support)
+bionic_gnupg: DNE
+focal_gnupg: DNE
+jammy_gnupg: DNE
+trusty/esm_gnupg: deferred (2022-09-28)
+
+Patches_gnupg2:
+ other: https://dev.gnupg.org/D556
+upstream_gnupg2: needs-triage
+esm-infra/xenial_gnupg2: deferred (2022-09-28)
+trusty_gnupg2: ignored (out of standard support)
+xenial_gnupg2: ignored (end of standard support)
+bionic_gnupg2: deferred (2022-09-28)
+focal_gnupg2: deferred (2022-09-28)
+jammy_gnupg2: deferred (2022-09-28)
+kinetic_gnupg2: deferred (2022-09-28)
+devel_gnupg2: deferred (2022-09-28)
\ No newline at end of file
diff --git a/lib/lp/bugs/scripts/tests/test_uctimport.py b/lib/lp/bugs/scripts/tests/test_uctimport.py
new file mode 100644
index 0000000..80f3f0a
--- /dev/null
+++ b/lib/lp/bugs/scripts/tests/test_uctimport.py
@@ -0,0 +1,152 @@
+import unittest
+from pathlib import Path
+
+from lp.bugs.scripts.uctimport import UCTImportScript
+from lp.services.scripts.tests import run_script
+from lp.testing.layers import LaunchpadZopelessLayer
+
+
+class TestUCTImportScript(unittest.TestCase):
+ """Test the TestUCTImportScript class."""
+
+ layer = LaunchpadZopelessLayer
+
+ def setUp(self):
+ pass
+
+ def makeImporter(self, path=None, dry_run=None, filter=None, logger=None):
+ args = []
+ if path:
+ args.append(path)
+ if dry_run is not None:
+ args.append("--dry-run")
+ if filter is not None:
+ args.extend(["--filter", filter])
+ importer = UCTImportScript(
+ name="uct-import-script", test_args=args, logger=logger
+ )
+ return importer
+
+ def test_no_path(self):
+ """TestUCTImportScript errors when no valid path given"""
+ exit_code, out, err = run_script(
+ script_relpath="scripts/uct-import.py",
+ args=[],
+ expect_returncode=2,
+ )
+ self.assertEqual(2, exit_code)
+ self.assertEqual("", out)
+ self.assertEqual(
+ "Usage: uct-import.py [options] PATH\n\nuct-import.py: "
+ "error: Please specify a path to import\n",
+ err,
+ )
+
+ def test_load_from_file(self):
+ load_from = Path(__file__).parent / "sampledata" / "CVE-2022-23222"
+ exit_code, out, err = run_script(
+ script_relpath="scripts/uct-import.py",
+ args=[str(load_from)],
+ expect_returncode=0,
+ )
+ self.assertEqual(0, exit_code)
+ self.assertEqual("", out)
+ self.assertIn("CVE-2022-23222 was imported successfully", err)
+
+ def test_load_from_directory(self):
+ load_from = Path(__file__).parent / "sampledata"
+ exit_code, out, err = run_script(
+ script_relpath="scripts/uct-import.py",
+ args=[str(load_from)],
+ expect_returncode=0,
+ )
+ self.assertEqual(0, exit_code)
+ self.assertEqual("", out)
+ self.assertIn("CVE-2022-23222 was imported successfully", err)
+
+ def test_use_dry_mode(self):
+ load_from = Path(__file__).parent / "sampledata"
+ exit_code, out, err = run_script(
+ script_relpath="scripts/uct-import.py",
+ args=[str(load_from)],
+ expect_returncode=0,
+ )
+ self.assertEqual(0, exit_code)
+ self.assertEqual("", out)
+ self.assertIn("CVE-2022-23222 was imported successfully", err)
+
+ # def test_filter_cve(self):
+ # """apply a glob filter"""
+ # load_from = Path(__file__).parent / "sampledata" / "CVE-2022-23222"
+ # exit_code, out, err = run_script(
+ # script_relpath="scripts/uct-import.py",
+ # args=[str(load_from)],
+ # expect_returncode=0
+ # )
+ # self.assertEqual(0, exit_code)
+ # self.assertEqual("", out)
+ # self.assertIn("CVE-2022-23222 was imported successfully", err)
+ # # import pdb;pdb.set_trace()
+ # # pass
+ # # importer = self.makeImporter()
+ # # lib/lp/bugs/scripts/uctimport.py
+
+ # def test_filter_cve_missing_argument(self):
+ # # assert error: --filter option requires 1 argument
+ # """-"""
+
+ def test_filter_cve_no_run_script(self):
+ from lp.services.log.logger import BufferLogger
+
+ load_from = Path(__file__).parent / "sampledata"
+ logger = BufferLogger()
+ args = [str(load_from)]
+ importer = UCTImportScript(
+ name="uct-import-script", test_args=args, logger=logger
+ )
+ # import pdb;pdb.set_trace()
+ # importer.main()
+ # I expected to get some output from
+ # (Pdb++) logger.getLogBuffer().splitlines()
+ # []
+
+ # from lp.testing.fixture import CapturedOutput
+ # with CapturedOutput() as captured:
+ # importer.main()
+
+ # # captured
+ # import pdb;pdb.set_trace()
+
+ # def test_filter_cve(self):
+ # load_from = Path(__file__).parent / "sampledata"
+ # exit_code, out, err = run_script(
+ # script_relpath="scripts/uct-import.py",
+ # args=[str(load_from), "--filter", "2007*"],
+ # expect_returncode=0
+ # )
+ # self.assertEqual(0, exit_code)
+ # self.assertEqual("", out)
+ # self.assertNotIn("CVE-2022-23222 was imported successfully", err)
+ # self.assertIn("CVE-2007-0255 was imported successfully", err)
+
+ # exit_code, out, err = run_script(
+ # script_relpath="scripts/uct-import.py",
+ # args=[str(load_from), "--filter", "2022*"],
+ # expect_returncode=0
+ # )
+ # self.assertEqual(0, exit_code)
+ # self.assertEqual("", out)
+ # self.assertIn("CVE-2022-23222 was imported successfully", err)
+ # self.assertIn("CVE-2022-3219 was imported successfully", err)
+ # self.assertNotIn("CVE-2007-0255 was imported successfully", err)
+
+ # exit_code, out, err = run_script(
+ # script_relpath="scripts/uct-import.py",
+ # args=[str(load_from), "--filter", "20[02][07]*"],
+ # expect_returncode=0
+ # )
+ # self.assertEqual(0, exit_code)
+ # self.assertEqual("", out)
+ # self.assertIn("CVE-2022-23222 was imported successfully", err)
+ # self.assertIn("CVE-2022-3219 was imported successfully", err)
+ # self.assertNotIn("CVE-2007-0255 was imported successfully", err)
diff --git a/lib/lp/bugs/scripts/uctimport.py b/lib/lp/bugs/scripts/uctimport.py
new file mode 100644
index 0000000..7f8a810
--- /dev/null
+++ b/lib/lp/bugs/scripts/uctimport.py
@@ -0,0 +1,57 @@
+import logging
+from pathlib import Path
+
+from lp.app.validators.cve import CVEREF_PATTERN
+from lp.bugs.scripts.uct import UCTImporter
+from lp.services.scripts.base import LaunchpadScript
+
+logger = logging.getLogger(__name__)
+
+
+class UCTImportScript(LaunchpadScript):
+
+ usage = "usage: %prog [options] PATH"
+ description = (
+ "Import bugs into Launchpad from CVE entries in ubuntu-cve-tracker. "
+ "PATH is either path to a CVE file, or path to a directory "
+ "containing the CVE files"
+ )
+ loglevel = logging.INFO
+
+ def add_my_options(self):
+ self.parser.add_option(
+ "--dry-run",
+ action="store_true",
+ dest="dry_run",
+ default=False,
+ help="Don't commit changes to the DB.",
+ )
+ self.parser.add_option(
+ "--filter",
+ action="store",
+ dest="filter",
+ default="*",
+ help="Apply given pattern to filter CVEs.",
+ )
+
+ def main(self):
+ if len(self.args) != 1:
+ self.parser.error("Please specify a path to import")
+ path = Path(self.args[0])
+ if path.is_dir():
+ logger.info(
+ "Importing CVE files from directory: %s", path.resolve()
+ )
+ cve_paths = sorted(
+ p
+ for p in path.rglob("CVE-%s" % self.options.filter)
+ if p.is_file() and CVEREF_PATTERN.match(p.name)
+ )
+ if not cve_paths:
+ logger.warning("Could not find CVE files in %s", path)
+ return
+ else:
+ cve_paths = [path]
+ importer = UCTImporter(dry_run=self.options.dry_run)
+ for cve_path in cve_paths:
+ importer.import_cve_from_file(cve_path)
diff --git a/scripts/uct-import.py b/scripts/uct-import.py
index 489d6ea..9ade412 100755
--- a/scripts/uct-import.py
+++ b/scripts/uct-import.py
@@ -4,59 +4,7 @@
# GNU Affero General Public License version 3 (see the file LICENSE).
import _pythonpath # noqa: F401
-import logging
-from pathlib import Path
-
-from lp.app.validators.cve import CVEREF_PATTERN
-from lp.bugs.scripts.uct import UCTImporter
-from lp.services.scripts.base import LaunchpadScript
-
-logger = logging.getLogger(__name__)
-
-
-class UCTImportScript(LaunchpadScript):
-
- usage = "usage: %prog [options] PATH"
- description = (
- "Import bugs into Launchpad from CVE entries in ubuntu-cve-tracker. "
- "PATH is either path to a CVE file, or path to a directory "
- "containing the CVE files"
- )
- loglevel = logging.INFO
-
- def add_my_options(self):
- self.parser.add_option(
- "--dry-run",
- action="store_true",
- dest="dry_run",
- default=False,
- help="Don't commit changes to the DB.",
- )
-
- def main(self):
- if len(self.args) != 1:
- self.parser.error("Please specify a path to import")
-
- path = Path(self.args[0])
- if path.is_dir():
- logger.info(
- "Importing CVE files from directory: %s", path.resolve()
- )
- cve_paths = sorted(
- p
- for p in path.rglob("CVE-*")
- if p.is_file() and CVEREF_PATTERN.match(p.name)
- )
- if not cve_paths:
- logger.warning("Could not find CVE files in %s", path)
- return
- else:
- cve_paths = [path]
-
- importer = UCTImporter(dry_run=self.options.dry_run)
- for cve_path in cve_paths:
- importer.import_cve_from_file(cve_path)
-
+from lp.bugs.scripts.uctimport import UCTImportScript
if __name__ == "__main__":
script = UCTImportScript("lp.services.scripts.uctimport")
Follow ups
