diff options
| author | Stefan Fritsch <sf@debian.org> | 2009-05-30 20:43:39 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@debian.org> | 2009-05-30 20:43:39 +0000 |
| commit | 012b06720e6439defafc64d18e13f3045c20149e (patch) | |
| tree | 744e94022c62854ba0144cff077ce5d86ea6c122 /bin/check-new-issues | |
| parent | f2790e98ee8cb420fc6c71335a8bdc9882b38495 (diff) | |
Add -u/-U options to also/only select issues that are marked as unfixed but
are missing a bug reference.
This ignores some packages (kernels, some removed packages, php4).
Comments welcome.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12001 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/check-new-issues')
| -rwxr-xr-x | bin/check-new-issues | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/bin/check-new-issues b/bin/check-new-issues index 0781bc3d95..5462420e47 100755 --- a/bin/check-new-issues +++ b/bin/check-new-issues @@ -7,7 +7,7 @@ use Getopt::Std; use Term::ReadLine; my %opts; -getopts('ln:fhi:t:Tca:e:', \%opts); +getopts('ln:fhi:t:Tca:e:uU', \%opts); if ($opts{h}) { print <<'EOF'; @@ -32,9 +32,11 @@ OPTIONS: [ -l [-n <n>] [-f] ] -l : just list issues -n <n> : show max n lines of each description (default 2) -f : show full CVE/list entry as well --i regexp : use regexp to select issues (default: 'CVE-200[3-9]' ) +-i regexp : use regexp to select todos (default: 'CVE-20(?:0[3-9]|1[0-9])' ) -t regexp : use regexp to select todos (default: '^\s+TODO: check$' ) -T : same as -t '^\s+TODO: check' (note the missing $) +-u : also show unfixed issues without bug reference +-U : only show unfixed issues without bug reference instead of TODO items -c : only do syntax check of embedded-code-copies -e <file> : use <file> for embedded-code-copies, "-" for STDIN -a <n> : If automatic apt-cache/apt-file search gives more than n results, @@ -77,7 +79,7 @@ my $datafile="$basedir/data/CVE/list"; my $allitemsfile="gunzip -c $basedir/../allitems.txt.gz|"; my $allitemsurl="http://cve.mitre.org/data/downloads/allitems.txt.gz"; -my $issue_regexp= $opts{i} || 'CVE-200[3-9]'; +my $issue_regexp= $opts{i} || 'CVE-20(?:0[3-9]|1[0-9])'; my $todo_regexp= $opts{t} || ( $opts{T} ? '^\s+TODO: check' : '^\s+TODO: check$' ); my $auto_display_limit = 10; $auto_display_limit = $opts{a} if defined $opts{a}; @@ -94,12 +96,23 @@ my $CVEs=read_file($allitemsfile, qr/^=+$/ ); my $data; my @todos; my %afcache; +my $num_todo; +my $num_missing_bug; foreach my $cve (@{$CVEs}) { $cve =~ /^Name:\s*(CVE\S+)/m or next; $data->{$1}->{CVE}=\$cve; } +# packages that should be ignored by -u/-U +my @ignore_missing_bug_list = qw/linux-2.6 linux-2.6.24 + kfreebsd-source kfreebsd-5 kfreebsd-6 kfreebsd-7 + mozilla mozilla-firefox mozilla-thunderbird firefox + php4 + gnutls11 + /; +my %ignore_missing_bug; +$ignore_missing_bug{$_} = 1 for @ignore_missing_bug_list; foreach my $entry (@{$entries}) { my $name; @@ -113,15 +126,28 @@ foreach my $entry (@{$entries}) { die "invlid entry:\n$entry"; } $data->{$name}->{entry}=\$entry; - if ( $entry =~ /$todo_regexp/m - and $name =~ /$issue_regexp/ ) { - push @todos, $name; + if ($name =~ /$issue_regexp/) { + if (!$opts{U} && $entry =~ /$todo_regexp/m ) { + push @todos, $name; + $num_todo++; + } + elsif ( ($opts{u} || $opts{U}) + && $entry =~ /^\s+-\s+(\S+)\s+<unfixed>(.*)$/m + && ! exists $ignore_missing_bug{$1} + && $2 !~ /unimportant/ + && $entry !~ /-\s+$1\s.*?bug/m + ) { + push @todos, $name; + $num_missing_bug++; + } } } print scalar(@{$CVEs}), " CVEs, ", - scalar(@{$entries}) - scalar(@{$CVEs}), " temp issues, ", - scalar(@todos), " todos matching /$todo_regexp/\n"; + scalar(@{$entries}) - scalar(@{$CVEs}), " temp issues"; +print ", $num_todo todos matching /$todo_regexp/" if $num_todo; +print ", $num_missing_bug entries with missing bug reference" if $num_missing_bug; +print "\n"; if ($opts{l}) { #list only |