* [gentoo-portage-dev] [PATCH] glsa-check: fix truncated CVE ids in listmode (bug 692134)
@ 2019-09-01 4:11 Zac Medico
2019-09-01 15:20 ` Aaron Bauman
0 siblings, 1 reply; 2+ messages in thread
From: Zac Medico @ 2019-09-01 4:11 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico, Georg Weiss
Use a regular expression to search for CVE ids in GLSA references.
Import unicode_literals from __future__ since portage's Glsa class
returns unicode strings for all python versions.
Reported-by: Georg Weiss <gentoo@georgweiss.de>
Bug: https://bugs.gentoo.org/692134
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
bin/glsa-check | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/bin/glsa-check b/bin/glsa-check
index 95ef16fde..6bb2ee21e 100755
--- a/bin/glsa-check
+++ b/bin/glsa-check
@@ -2,9 +2,10 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-from __future__ import print_function
+from __future__ import print_function, unicode_literals
import argparse
+import re
import sys
import codecs
from functools import reduce
@@ -204,7 +205,13 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"):
fd1.write(")")
if list_cve:
- fd1.write(" "+(",".join([r[:13] for r in myglsa.references if r[:4] in ["CAN-", "CVE-"]])))
+ cve_ids = []
+ for r in myglsa.references:
+ m = re.search(r'(CAN|CVE)-[\d-]+', r)
+ if m is not None:
+ cve_ids.append(m.group(0))
+ if cve_ids:
+ fd1.write(" "+(",".join(cve_ids)))
fd1.write("\n")
return 0
--
2.21.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [gentoo-portage-dev] [PATCH] glsa-check: fix truncated CVE ids in listmode (bug 692134)
2019-09-01 4:11 [gentoo-portage-dev] [PATCH] glsa-check: fix truncated CVE ids in listmode (bug 692134) Zac Medico
@ 2019-09-01 15:20 ` Aaron Bauman
0 siblings, 0 replies; 2+ messages in thread
From: Aaron Bauman @ 2019-09-01 15:20 UTC (permalink / raw
To: gentoo-portage-dev; +Cc: Zac Medico, Georg Weiss
[-- Attachment #1: Type: text/plain, Size: 650 bytes --]
On Sat, Aug 31, 2019 at 09:11:11PM -0700, Zac Medico wrote:
> Use a regular expression to search for CVE ids in GLSA references.
> Import unicode_literals from __future__ since portage's Glsa class
> returns unicode strings for all python versions.
>
> Reported-by: Georg Weiss <gentoo@georgweiss.de>
> Bug: https://bugs.gentoo.org/692134
> Signed-off-by: Zac Medico <zmedico@gentoo.org>
> ---
> bin/glsa-check | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
Applied and checked multiple large GLSA's which contain numerous CVE's (e.g.
Chromium)
Acked-by: Aaron Bauman <bman@gentoo.org>
--
Cheers,
Aaron
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-01 15:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-01 4:11 [gentoo-portage-dev] [PATCH] glsa-check: fix truncated CVE ids in listmode (bug 692134) Zac Medico
2019-09-01 15:20 ` Aaron Bauman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox