diff options
author | Neil Williams <codehelp@debian.org> | 2022-01-06 14:45:54 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2022-01-27 09:08:15 +0000 |
commit | 5233129c9fa75f131a4738b1e195f68de977dc5b (patch) | |
tree | 37ff6076ffc96d0750165a9367c4b86d523dd3a9 /bin/update-vuln | |
parent | 099786adeb2b043ac107ba73279a1f3473b32354 (diff) |
Pylint updates
Extend linelength to 120 in black.
Diffstat (limited to 'bin/update-vuln')
-rwxr-xr-x | bin/update-vuln | 96 |
1 files changed, 35 insertions, 61 deletions
diff --git a/bin/update-vuln b/bin/update-vuln index fd3bd0ad5f..f6f93f2e46 100755 --- a/bin/update-vuln +++ b/bin/update-vuln @@ -48,7 +48,6 @@ import sys import setup_paths # noqa # pylint: disable=unused-import from sectracker.parsers import ( - sourcepackages, PackageAnnotation, PackageBugAnnotation, StringAnnotation, @@ -57,6 +56,8 @@ from sectracker.parsers import ( writecvelist, ) +# pylint: disable=line-too-long + class ParseUpdates: """ @@ -67,22 +68,20 @@ class ParseUpdates: def __init__(self): self.cves = [] self.bugs = {} - self.marker = ( - "aaaaaaaaaaaaa" # replacement for NoneType to always sort first - ) + self.marker = "aaaaaaaaaaaaa" # replacement for NoneType to always sort first self.logger = logging.getLogger("update-vuln") self.logger.setLevel(logging.DEBUG) # console logging - ch = logging.StreamHandler() - ch.setLevel(logging.DEBUG) + ch_log = logging.StreamHandler() + ch_log.setLevel(logging.DEBUG) formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s") - ch.setFormatter(formatter) - self.logger.addHandler(ch) + ch_log.setFormatter(formatter) + self.logger.addHandler(ch_log) def _read_cvelist(self): """Build a list of Bug items for the CVE from data/CVE/list""" os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__)))) - data, _ = cvelist("data/CVE/list") + data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter for cve in self.cves: for bug in data: if bug.header.name == cve: @@ -98,19 +97,11 @@ class ParseUpdates: Accounts for PackageAnnotation.release == None for unstable. """ if isinstance(annotation, PackageAnnotation): - store = { - ann.release: ann - for ann in self.bugs[cve].annotations - if isinstance(ann, PackageAnnotation) - } + store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)} store[annotation.release] = annotation - # this is needed despite python3.7 having ordered dicts - # which would need a copied list anyway. - existing = [ - ann.release - for ann in self.bugs[cve].annotations - if isinstance(ann, PackageAnnotation) - ] + # this is needed despite python3 >= 3.7 having ordered dicts + # because using the dict.keys() would need a copy of that list anyway. + existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)] if None in existing: # release == None for unstable index = existing.index(None) @@ -143,23 +134,26 @@ class ParseUpdates: return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list)) def write_modified(self, modified, cve_file): + """ + Write out a CVE snippet for review and merge + + Fails if the file already exists. + """ if not modified: - return + return 0 if not isinstance(modified, list): - return + return 0 if os.path.exists(cve_file): self.logger.critical( "%s already exists - merge the update and remove the file first.", cve_file, ) return -1 - mods = [] for cve in modified: - self.logger.info( - "Writing to ./%s with update for %s", cve_file, cve.header.name - ) + self.logger.info("Writing to ./%s with update for %s", cve_file, cve.header.name) with open(cve_file, "a") as snippet: writecvelist(modified, snippet) + return 0 def mark_not_affected(self, suite, src, description): """ @@ -168,23 +162,17 @@ class ParseUpdates: Fails if the file already exists. """ release = suite - if suite == "unstable" or suite == "sid": + if suite in ("unstable", "sid"): # special handling for unstable suite = None release = "unstable" modified = [] cve = self.cves[0] cve_file = f"{cve}.list" - existing = [ - line.release - for line in self.bugs[cve].annotations - if isinstance(line, PackageAnnotation) - ] + existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)] if suite not in existing: # line type release package kind version description flags - line = PackageAnnotation( - 0, "package", suite, src, "not-affected", None, description, [] - ) + line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, []) mod_bug = self._add_annotation_to_cve(cve, line) modified.append(mod_bug) for line in self.bugs[cve].annotations: @@ -200,9 +188,7 @@ class ParseUpdates: self.logger.info("Nothing to do for %s in %s.", cve, suite) return mod_line = line._replace(kind="not-affected") - self.logger.info( - "Modified %s for %s in %s to <not-affected>", cve, src, release - ) + self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release) if mod_line.version: self.logger.info("Removing version %s", line.version) ver_line = mod_line @@ -230,16 +216,7 @@ class ParseUpdates: modified = [] cve = self.cves[0] cve_file = f"{cve}.list" - existing = [ - note.description - for note in self.bugs[cve].annotations - if isinstance(note, StringAnnotation) - ] - lines = [ - note.line - for note in self.bugs[cve].annotations - if isinstance(note, StringAnnotation) - ] + existing = [note.description for note in self.bugs[cve].annotations if isinstance(note, StringAnnotation)] if note in existing: self.logger.info("Note already exists, ignoring") return @@ -248,7 +225,7 @@ class ParseUpdates: modified.append(mod_bug) self.write_modified(modified, cve_file) - def add_bug_number(self, bug, itp=False): + def add_bug_number(self, bug, itp=False): # pylint: disable=too-many-locals """ Writes out a CVE file snippet with the filename: ./<cve>.list @@ -266,9 +243,7 @@ class ParseUpdates: ] bugs = [bug for sublist in existing for bug in sublist] if bugs: - self.logger.warning( - "%s already has a bug annotation for unstable: %s", cve, bugs[0].bug - ) + self.logger.warning("%s already has a bug annotation for unstable: %s", cve, bugs[0].bug) return -1 pkgs = [ pkg @@ -296,9 +271,7 @@ class ParseUpdates: return -1 old_pkg = pkgs[0] if itp and old_pkg.kind == "fixed": - self.logger.error( - "%s is already marked as <fixed> but --itp flag was set.", cve - ) + self.logger.error("%s is already marked as <fixed> but --itp flag was set.", cve) return -3 new_flags = [PackageBugAnnotation(bug)] new_pkg = PackageAnnotation( @@ -319,8 +292,10 @@ class ParseUpdates: mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(new_list)) modified.append(mod_bug) self.write_modified(modified, cve_file) + return 0 def load_cve(self, cve): + """Load all data for the specified CVE""" self.logger.info("Loading data for %s...", cve) self.cves.append(cve) self._read_cvelist() @@ -337,8 +312,9 @@ def main(): --note "URL:" """ parser = argparse.ArgumentParser( - description="Make a single update to specified CVE data as " - "not-affected, add bug number or add a note", + description="Make a single update to specified CVE data as not-affected, add bug number or add a note", + usage="%(prog)s [-h] --cve CVE [--src SRC --suite SUITE " + "[--description DESCRIPTION]] | [[--number NUMBER] [--itp SRC]] | [--note NOTE]", epilog="Data is written to a new <cve_number>.list " "file which can be used with './bin/merge-cve-files'. " "Make sure the output file is merged and removed before " @@ -354,9 +330,7 @@ def main(): ) # needs to specify the src_package as well as suite to cope with removed etc. affected.add_argument("--src", help="Source package name in SUITE") - affected.add_argument( - "--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE" - ) + affected.add_argument("--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE") affected.add_argument( "--description", help="Optional description of why the SRC is unaffected in SUITE", |