launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master

To: mp+485186@xxxxxxxxxxxxxxxxxx
From: Yuliy Schwartzburg <mp+485186@xxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Apr 2025 15:05:00 -0000
In-reply-to: <174591551650.2582.7888996568426994475.launchpad@scripts.lp.internal>
Reply-to: mp+485186@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

See comment below

Diff comments:

> diff --git a/lib/contrib/cve_lib.py b/lib/contrib/cve_lib.py
> index 863bdee..df01971 100644
> --- a/lib/contrib/cve_lib.py
> +++ b/lib/contrib/cve_lib.py
> @@ -1388,23 +1402,29 @@ def load_cve(cve, strict=False, srcmap=None):
>                  continue
>              data["patches"].setdefault(pkg, list())
>              srcmap["patches"].setdefault(pkg, list())
> -        elif "Tags_" in field:
> +        # This changes are needed to support global `Tags:`
> +        elif "Tags" in field:
>              """These are processed into the "tags" hash"""
>              try:
>                  _, pkg = field.split("_", 1)

I feel like these are separate conditions. Before this matched 'Tags_{pkg}' and now we are looking for 'Tags:'. So I would check before this if the full value is 'Tags' otherwise it should be 'Tags_{pkg}' and otherwise e.g. for 'Tags_' it should fail.

>              except ValueError:
> -                msg += "%s: %d: bad field with 'Tags_': '%s'\n" % (
> -                    cve,
> -                    linenum,
> -                    field,
> -                )
> -                code = EXIT_FAIL
> -                continue
> +                # no package specified - this is the global tags field - use a
> +                # key of '*' to store it in the package hash
> +                pkg = GLOBAL_TAGS_KEY
>              data["tags"].setdefault(pkg, set())
>              srcmap["tags"].setdefault(pkg, (cve, linenum))
>              for word in value.strip().split(" "):
> -                if word not in VALID_TAGS:
> -                    msg += "%s: %d: invalid tag '%s': '%s'\n" % (
> +                if pkg == GLOBAL_TAGS_KEY and word not in valid_cve_tags:
> +                    msg += "%s: %d: invalid CVE tag '%s': '%s'\n" % (
> +                        cve,
> +                        linenum,
> +                        word,
> +                        field,
> +                    )
> +                    code = EXIT_FAIL
> +                    continue
> +                elif pkg != GLOBAL_TAGS_KEY and word not in valid_package_tags:
> +                    msg += "%s: %d: invalid package tag '%s': '%s'\n" % (
>                          cve,
>                          linenum,
>                          word,


-- 
https://code.launchpad.net/~enriqueesanchz/launchpad/+git/launchpad/+merge/485186
Your team Launchpad code reviewers is requested to review the proposed merge of ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master.

References

[Merge] ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master
From: Enrique Sánchez, 2025-04-29