summaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add basic Unicode support to the web frameworkFlorian Weimer2020-05-011-20/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As mentioned in Debian bug #959231 ("security-tracker: Proxy Error on CVE-2020-11565 tracker page"): * Florian Weimer: > * Francesco Poli: > >> Please note that the CVE is mentioned in [DSA-4667-1]. >> >> [DSA-4667-1]: <https://lists.debian.org/debian-security-announce/2020/msg00071.html> >> >> What's wrong with that tracker page? > > It's something in the NVD data that breaks the HTML escaping. This patch adds basic Unicode support to the web framework. I'm not sure if it is the right direction to move in, but it fixes the issue. An alternative fix would be to change the NVD importer not to put Unicode strings into the database, by encoding them as byte strings first. [carnil: Slightly rewrite the commit message] BugLink: https://bugs.debian.org/929228 BugLink: https://bugs.debian.org/959231 Signed-off-by: Florian Weimer <fw@deneb.enyo.de> Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* security_db: don't return duplicated advisoriesEmilio Pozuelo Monfort2020-03-181-1/+1
| | | | | | This is used to build the advisory table in package views, and it makes no sense to list some advisories (e.g. DSAs that fixed both stable and oldstable) twice.
* nvd.py: Fix typo in Parser when issueing error (VAlueError -> ValueError)Salvatore Bonaccorso2020-03-041-1/+1
| | | | | Fixes: 966aef0927e2 ("Reimplement (incompletely) simplistic NVD parser to handle JSON feed") Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Merge branch 'bam/security-tracker-fix_cmp'Salvatore Bonaccorso2020-01-021-1/+2
|\ | | | | | | See merge request security-tracker-team/security-tracker!40
| * Fix list sortBrian May2019-06-171-1/+2
| |
* | Fix inconsistent leading ident before if statementBrian May2019-12-261-2/+2
| |
* | Reimplement (incompletely) simplistic NVD parser to handle JSON feedSalvatore Bonaccorso2019-10-201-68/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The reimplementation is focused on only the functionality actually strictly required by the security-tracker. This includes fetching the CVE id and corresponding description. All of specific imapct metrics (severity, range, loss attributes) are not implemented. Those will require a database schema version bump and reimplementation as well for the security_db. Closes: #942670 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* | nvd.py: Add missing note that CVE description is returnedSalvatore Bonaccorso2019-10-201-0/+1
| |
* | Drop mips from bullseye architecturesSalvatore Bonaccorso2019-08-211-1/+1
| |
* | Another place where mips needs to be droppedRaphaël Hertzog2019-08-211-1/+1
| |
* | Don't track mips in sid, it's goneRaphaël Hertzog2019-08-211-1/+1
| | | | | | | | | | As announced in https://lists.debian.org/debian-mips/2019/07/msg00010.html it's now gone from the mirrors.
* | Disable fetching of backportsSalvatore Bonaccorso2019-07-071-1/+4
| | | | | | | | | | | | | | | | | | | | | | They ship Packages/Sources.gz only and backports is anyway not very good supported in tracker. Until #664866 is fixed backports will anyway not be tracked properly in security-tracker. Temporarily disable until downloadFile can handle multiple situations more gracefully.
* | Adjust dist directory on security archives for distributionSalvatore Bonaccorso2019-07-061-0/+8
| | | | | | | | | | | | | | | | | | | | Starting with bullseye the distribution/suite are switched to *-security instead of */updates for consistency through the Debian archives. See: https://lists.debian.org/debian-security/2019/06/msg00015.html for details and the intention to switch. Thanks: Ansgar Burchardt
* | lib/debian-releases.mk: Fetch backports suites for $(OLDSTABLE)Salvatore Bonaccorso2019-07-061-1/+1
| |
* | security_db: Update mappings after buster stable releaseSalvatore Bonaccorso2019-07-061-16/+16
| |
* | dist_config: Add support for bullseye release and initial list of supported ↵Salvatore Bonaccorso2019-07-061-0/+5
| | | | | | | | | | | | | | architectures Add list of currently suported architectures inherited from buster supported architectures.
* | debian_support: Add bullseye to supported releasesSalvatore Bonaccorso2019-07-061-1/+1
|/
* Remove hurd-i386, kfreebsd-{i386,amd64} from architectures in sidSalvatore Bonaccorso2019-05-011-1/+1
| | | | | | As announced in https://lists.debian.org/debian-devel/2019/04/msg00207.html hurd-i386 and kfreebsd-{i386,amd64} are going to be moved to debian-ports instead.
* security_db: Make source code comment independent of codename for distributionSalvatore Bonaccorso2019-04-281-2/+2
|
* lib/debian-releases.mk: Correctly remove $(OLDSTABLE) for backportsSalvatore Bonaccorso2019-03-261-1/+1
|
* Fetch packages files for backports suites only for $(STABLE)Salvatore Bonaccorso2019-03-261-2/+2
| | | | | | Current oldstable does not contains anymore the backports suites as it is the LTS release. As such jessie-backports was removed from the mirrors.
* Replace file() with open() for Python 3 compatabilityBrian May2019-03-046-12/+12
|
* Replace `abc` with repr(abc)Brian May2019-02-182-7/+7
|
* lib/python/bugs.py: Use explicit list comprehension; the "lambda (x,)" ↵Chris Lamb2019-02-111-2/+2
| | | | syntax is not actually valid in Python 3.
* lib/python/debian_support.py: Use repr(..) over backticks; they are removed ↵Chris Lamb2019-02-111-3/+3
| | | | in Python 3.x
* CVEExtendFile: treat TEMP-* entries as uniqueEmilio Pozuelo Monfort2018-12-041-0/+9
| | | | | | Otherwise, they will get rehashed into a different temp name, preventing one to add notes to TEMP entries in an extend file.
* Merge branch 'bam/security-tracker-use_pythons_namedtuple'Salvatore Bonaccorso2018-11-114-96/+3
|\
| * Use the namedtuple class supplied with PythonBrian May2018-08-204-96/+3
| |
* | Replace "x.has_key(y)" with "y in x" syntaxBrian May2018-08-207-16/+16
|/
* Fix print statements for Python 3.6 compatibilityBrian May2018-08-068-72/+77
|
* Replace <> with != for Python 3.6 compatibilityBrian May2018-07-156-26/+26
|
* Update python exception syntax for Python 3.6 compatibilityBrian May2018-07-137-45/+45
|
* Drop powerpc from sid architecturesRaphaël Hertzog2018-07-081-1/+1
| | | | It's gone from the main mirror. It now resides on ports.debian.org.
* Merge branch 'jcristau/security-tracker-head'Salvatore Bonaccorso2018-07-071-2/+5
|\
| * lib: add support for the HEAD HTTP methodJulien Cristau2018-07-061-2/+5
| | | | | | | | Fixes security-tracker-team/security-tracker#3
* | Also set Content-Length for HTMLResultJulien Cristau2018-07-061-0/+1
|/
* Set Content-Length for BinaryResultJulien Cristau2018-07-061-0/+1
|
* lib: add "headers" attribute on Result objectsJulien Cristau2018-07-061-31/+26
| | | | Make it possible to set arbitrary headers when returning a Result.
* Reduce list of supported architectures for jessie under LTS supportSalvatore Bonaccorso2018-06-161-1/+1
|
* sources: add name and path infoEmilio Pozuelo Monfort2018-06-151-6/+9
| | | | This avoids having to guess the name from the path.
* Rename CVECUSTOMERFile to CVEExtendFileEmilio Pozuelo Monfort2018-06-081-1/+5
|
* Simplify Extends supportEmilio Pozuelo Monfort2018-06-081-44/+20
| | | | | | BugExtend.writeDB() is pretty similar to BugBase's, so update the latter to take extends into account when necessary to avoid unneeded duplicated code.
* Add support for CUSTOMER bugs and CVE extendsBastian Blank2018-06-081-1/+36
|
* Dynamically create announce queriesEmilio Pozuelo Monfort2018-06-081-2/+20
| | | | Based on the DSA-like files present in the config file.
* Move source list to a config fileEmilio Pozuelo Monfort2018-06-081-10/+11
|
* Merge DLAFile into DSAFileEmilio Pozuelo Monfort2018-06-082-10/+10
| | | | | The only difference is that the regular expressions look for DSA or DLA, but we can just guess that based on the path.
* Simplify DLAFileEmilio Pozuelo Monfort2018-06-081-36/+1
| | | | Subclass DSAFile rather than copying it.
* Generalize the code to fetch Packages/Sources updatesRaphaël Hertzog2018-05-311-0/+39
| | | | | | | | | | It's now easy to extend by adding a supplementary lib/foobar-releases.mk file. I verified that the set of downloaded files are identical with the exception of a bug that got fixed in the process: the update-backports-% rule used to download files for all sections (main, contrib, non-free) but saved them all under the name corresponding to the main section.
* Revert changes unrelated to the partclone no-dsa markingSalvatore Bonaccorso2018-05-052-45/+3
|
* partclone no-dsa on wheezyEmilio Pozuelo Monfort2018-05-052-3/+45
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy