launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #32434
Re: [Merge] ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master
Replied!
Diff comments:
> diff --git a/lib/contrib/cve_lib.py b/lib/contrib/cve_lib.py
> index 863bdee..df01971 100644
> --- a/lib/contrib/cve_lib.py
> +++ b/lib/contrib/cve_lib.py
> @@ -1388,23 +1402,29 @@ def load_cve(cve, strict=False, srcmap=None):
> continue
> data["patches"].setdefault(pkg, list())
> srcmap["patches"].setdefault(pkg, list())
> - elif "Tags_" in field:
> + # This changes are needed to support global `Tags:`
> + elif "Tags" in field:
> """These are processed into the "tags" hash"""
> try:
> _, pkg = field.split("_", 1)
We can see in cve_lib.py:3082 https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/cve_lib.py that this is how it works now.
There are no separate conditions, it is checking if 'Tags' is in the field string and later trying to split by `_`.
That `try catch` seems like a workaround and I would have done this in a different way but that's what they are doing on their repo.
> except ValueError:
> - msg += "%s: %d: bad field with 'Tags_': '%s'\n" % (
> - cve,
> - linenum,
> - field,
> - )
> - code = EXIT_FAIL
> - continue
> + # no package specified - this is the global tags field - use a
> + # key of '*' to store it in the package hash
> + pkg = GLOBAL_TAGS_KEY
> data["tags"].setdefault(pkg, set())
> srcmap["tags"].setdefault(pkg, (cve, linenum))
> for word in value.strip().split(" "):
> - if word not in VALID_TAGS:
> - msg += "%s: %d: invalid tag '%s': '%s'\n" % (
> + if pkg == GLOBAL_TAGS_KEY and word not in valid_cve_tags:
> + msg += "%s: %d: invalid CVE tag '%s': '%s'\n" % (
> + cve,
> + linenum,
> + word,
> + field,
> + )
> + code = EXIT_FAIL
> + continue
> + elif pkg != GLOBAL_TAGS_KEY and word not in valid_package_tags:
> + msg += "%s: %d: invalid package tag '%s': '%s'\n" % (
> cve,
> linenum,
> word,
--
https://code.launchpad.net/~enriqueesanchz/launchpad/+git/launchpad/+merge/485186
Your team Launchpad code reviewers is requested to review the proposed merge of ~enriqueesanchz/launchpad:add-cve-tags into launchpad:master.
References