diff options
author | Sylvain Beucler <beuc@beuc.net> | 2021-02-12 17:09:54 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2021-02-12 17:09:54 +0100 |
commit | 165d747f44d7f859c26f4a78804a108c9a998520 (patch) | |
tree | 226eda2ad98a42d3520946392590774043ce1f62 | |
parent | 7f0e477f8a9e9af405eea7f62cd313d96aa5adb2 (diff) |
tracker_service: display CVE entries using natural sort order [#76]
to avoid annoying confusions with the default incorrect sort due to
e.g. CVE-2021-3392 considered higher than CVE-2021-20203
Approach:
- use 'COLLATE natorder' [1]; however, we'd have to leave the bug
unfixed for a few years, until this feature is merged and packaged
in stable sqlite3
[1] https://sqlite.org/forum/forumpost/e4dc6f3331
- sort at the Python level; AFAICS this breaks the current code global
logic that delegates the sort to the database, so we'd need to
revamp the Python code or introduce ad-hoc logic
- use a size-bounded sort at the SQL level (current patch) using a
reasonable max size (10 digits / 32-bits), until 1) is available.
(variable-length is feasible but impacts readability and performance)
-rw-r--r-- | lib/python/security_db.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/python/security_db.py b/lib/python/security_db.py index e8167f3187..a7979f61da 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -137,7 +137,14 @@ BugsForSourcePackage_query = \ JOIN source_packages sp ON (st.package = sp.rowid) WHERE sp.name = ? AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%') - ORDER BY bugs.name DESC, sp.release""" + ORDER BY + -- 'COLLATE natorder' emulation, using 0-padding (MR#76) + -- e.g. CVE-2016-1000393 -> CVE-2016-0001000393 + CASE substr(bugs.name,1,3) + WHEN 'CVE' THEN + substr(bugs.name,1,9) || substr("0000000000"||substr(bugs.name, 10, 10), -10) + ELSE bugs.name + END DESC, sp.release""" # Sort order is important for the groupby operation below. def getBugsForSourcePackage(cursor, pkg): |