Add new helper script bin/lts-cve-triage.py

It helps doing CVE triage by comparing status of issues with the
"next_lts" release (managed by the security team instead of the LTS team).

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@33498 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 85 insertions, 0 deletions

diff --git a/bin/lts-cve-triage.py b/bin/lts-cve-triage.py
new file mode 100755
index 0000000000..b396f80b43
--- /dev/null
+++ b/bin/lts-cve-triage.py
@@ -0,0 +1,85 @@
+#!/usr/bin/python
+
+# Copyright 2015 Raphael Hertzog <hertzog@debian.org>
+#
+# This file is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <https://www.gnu.org/licenses/>.
+
+import collections
+
+from tracker_data import TrackerData, RELEASES
+
+tracker = TrackerData(update_cache=True)
+next_lts = RELEASES['next_lts']
+
+LIST_NAMES = (
+    ('triage_already_in_dsa_needed',
+     'Issues to triage that are in dsa-needed'),
+    ('triage_likely_nodsa',
+     'Issues to triage that are nodsa in {}'.format(next_lts)),
+    ('triage_other',
+     'Other issues to triage (no special status)'),
+    ('triage_other_not_triaged_in_next_lts',
+     'Other issues to triage (not yet triaged in {})'.format(next_lts)),
+    ('unexpected_nodsa',
+     'Issues tagged no-dsa that are open in {}'.format(next_lts)),
+    ('possible_easy_fixes',
+     'Issues that are already fixed in {}'.format(next_lts)),
+)
+
+lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
+
+
+def add_to_list(key, pkg, issue):
+    assert key in [l[0] for l in LIST_NAMES]
+    lists[key][pkg].append(issue)
+
+
+for pkg in tracker.iterate_packages():
+    for issue in tracker.iterate_pkg_issues(pkg):
+        status_in_lts = issue.get_status('lts')
+        status_in_next_lts = issue.get_status('next_lts')
+
+        if status_in_lts.status in ('not-affected', 'resolved'):
+            continue
+
+        if status_in_lts.status == 'open':
+            if pkg not in tracker.dla_needed:  # Issues not triaged yet
+                if status_in_next_lts.status == 'open':
+                    if pkg in tracker.dsa_needed:
+                        add_to_list('triage_already_in_dsa_needed', pkg, issue)
+                    else:
+                        add_to_list('triage_other_not_triaged_in_next_lts',
+                                    pkg, issue)
+                elif (status_in_next_lts.status == 'ignored' and
+                        status_in_next_lts.reason == 'no-dsa'):
+                    add_to_list('triage_likely_nodsa', pkg, issue)
+                else:
+                    add_to_list('triage_other', pkg, issue)
+            if status_in_next_lts.status == 'resolved':
+                add_to_list('possible_easy_fixes', pkg, issue)
+
+        if (status_in_lts.status == 'ignored' and
+                status_in_lts.reason == 'no-dsa' and
+                status_in_next_lts.status == 'open'):
+            add_to_list('unexpected_nodsa', pkg, issue)
+
+for key, desc in LIST_NAMES:
+    if not len(lists[key]):
+        continue
+    print('{}:'.format(desc))
+    for pkg in sorted(lists[key].keys()):
+        cve_list = ' '.join(
+            [i.name for i in sorted(lists[key][pkg], key=lambda i: i.name)])
+        print('* {:20s} -> {}'.format(pkg, cve_list))
+    print('')