← Back to team overview

launchpad-reviewers team mailing list archive

Re: [Merge] ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master

 

See comment below

Diff comments:

> diff --git a/lib/contrib/cve_lib.py b/lib/contrib/cve_lib.py
> index 863bdee..df01971 100644
> --- a/lib/contrib/cve_lib.py
> +++ b/lib/contrib/cve_lib.py
> @@ -1388,23 +1402,29 @@ def load_cve(cve, strict=False, srcmap=None):
>                  continue
>              data["patches"].setdefault(pkg, list())
>              srcmap["patches"].setdefault(pkg, list())
> -        elif "Tags_" in field:
> +        # This changes are needed to support global `Tags:`
> +        elif "Tags" in field:
>              """These are processed into the "tags" hash"""
>              try:
>                  _, pkg = field.split("_", 1)

I feel like these are separate conditions. Before this matched 'Tags_{pkg}' and now we are looking for 'Tags:'. So I would check before this if the full value is 'Tags' otherwise it should be 'Tags_{pkg}' and otherwise e.g. for 'Tags_' it should fail.

>              except ValueError:
> -                msg += "%s: %d: bad field with 'Tags_': '%s'\n" % (
> -                    cve,
> -                    linenum,
> -                    field,
> -                )
> -                code = EXIT_FAIL
> -                continue
> +                # no package specified - this is the global tags field - use a
> +                # key of '*' to store it in the package hash
> +                pkg = GLOBAL_TAGS_KEY
>              data["tags"].setdefault(pkg, set())
>              srcmap["tags"].setdefault(pkg, (cve, linenum))
>              for word in value.strip().split(" "):
> -                if word not in VALID_TAGS:
> -                    msg += "%s: %d: invalid tag '%s': '%s'\n" % (
> +                if pkg == GLOBAL_TAGS_KEY and word not in valid_cve_tags:
> +                    msg += "%s: %d: invalid CVE tag '%s': '%s'\n" % (
> +                        cve,
> +                        linenum,
> +                        word,
> +                        field,
> +                    )
> +                    code = EXIT_FAIL
> +                    continue
> +                elif pkg != GLOBAL_TAGS_KEY and word not in valid_package_tags:
> +                    msg += "%s: %d: invalid package tag '%s': '%s'\n" % (
>                          cve,
>                          linenum,
>                          word,


-- 
https://code.launchpad.net/~enriqueesanchz/launchpad/+git/launchpad/+merge/485186
Your team Launchpad code reviewers is requested to review the proposed merge of ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master.



References