Re: Proposed refactoring of the per-release tracker pages
On Thu, 7 Jan 2010 23:02:59 -0500 Michael Gilbert wrote:
> Hi all,
>
> In order to address some usability, clutter, and transparancy issues
> with the tracker, I propose to make the following changes:
[...]
Hi all,
Attached is a patch for the proposed refactoring (after taking into
account feedback and discussion). See attached.
Mike
diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 2613308..eea0bcb 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -24,8 +24,10 @@ else:
webservice_base_class = WebServiceHTTP
class BugFilter:
- default_action_list = [("hide_medium_urgency", "lower urgencies"),
- ("hide_non_remote", "local vulnerabilities")]
+ default_action_list = [("show_high_urgency", "only high urgencies"),
+ ("show_medium_urgency", "only medium and high urgencies"),
+ ("show_remote_only", "only remote vulnerabilities"),
+ ("show_undetermined_urgency", "undetermined and unimportant urgencies")]
def __init__(self, params, action_list=None):
if action_list is None:
self.action_list = self.default_action_list
@@ -38,38 +40,45 @@ class BugFilter:
def actions(self, url):
"""Returns a HTML snippet which can be used to change the filter."""
- l = []
+ l = []
for (prop, desc) in self.action_list:
if self.params[prop]:
- a = A(url.updateParamsDict({prop : None}),
- 'Show ' + desc)
+ if self.params['show_medium_urgency'] and prop == 'show_medium_urgency':
+ note = 'Restore lower than medium urgencies'
+ elif self.params['show_high_urgency'] and prop == 'show_high_urgency':
+ note = 'Restore lower than high urgencies'
+ else:
+ note = 'Hide ' + desc
+ l.append(TR(TD(A(url.updateParamsDict({prop : None}), note))))
else:
- a = A(url.updateParamsDict({prop : '1'}),
- 'Hide ' + desc)
- l.append(a)
- l.append(' ')
+ note = 'Show ' + desc
+ l.append(TR(TD(A(url.updateParamsDict({prop : '1'}), note))))
- return apply(P, l[:-1])
+ return TABLE(l)
- def urgencyFiltered(self, urg):
- """Returns True if the urgency urg is filtered."""
- return self.params['hide_medium_urgency'] \
- and urg not in ("high", "unknown", "")
+ def urgencyFiltered(self, urg, vuln):
+ """Returns True for urgencies that should be filtered."""
+ filterlow = self.params['show_medium_urgency'] and \
+ urg in ('low', 'unimportant', 'undetermined')
+ filtermed = self.params['show_high_urgency'] and \
+ urg in ('medium', 'low', 'unimportant', 'undetermined')
+ filteruni = not self.params['show_undetermined_urgency'] \
+ and vuln == 2 or urg == 'unimportant'
+ return filterlow or filtermed or filteruni
def remoteFiltered(self, remote):
- """Returns True if the attack range is filtered."""
- return remote is not None and self.params['hide_non_remote'] \
+ """Returns True for only remote flaws if filtered."""
+ return remote is not None and not self.params['show_remote_only'] \
and not remote
class BugFilterNoDSA(BugFilter):
def __init__(self, params):
BugFilter.__init__(self, params, self.default_action_list
- + [('hide_nodsa', 'non-DSA vulnerabilities')])
- self.hide_nodsa = int(params.get('hide_nodsa',(0,))[0])
+ + [('show_nodsa', 'non-DSA vulnerabilities')])
def nodsaFiltered(self, nodsa):
- """Returns True if no DSA will be issued for the bug."""
- return nodsa and self.params['hide_nodsa']
+ """Returns True for no DSA issues if filtered."""
+ return nodsa and not self.params['show_nodsa']
class TrackerService(webservice_base_class):
head_contents = compose(STYLE(
@@ -624,17 +633,17 @@ this package, but still reference it.""")])
def gen():
old_pkg_name = ''
- for (pkg_name, bug_name, archive, urgency, remote, no_dsa) in \
+ for (pkg_name, bug_name, archive, urgency, vulnerable, remote, no_dsa) in \
self.db.cursor().execute(
- """SELECT package, bug, section, urgency, remote, no_dsa
+ """SELECT package, bug, section, urgency, vulnerable, remote, no_dsa
FROM %s_status""" % release):
- if bf.urgencyFiltered(urgency):
+ if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
continue
if bf.nodsaFiltered(no_dsa):
continue
-
+
if pkg_name == old_pkg_name:
pkg_name = ''
else:
@@ -649,15 +658,11 @@ this package, but still reference it.""")])
else:
remote = 'no'
- if urgency == 'unknown':
- if no_dsa:
- urgency = 'no DSA'
- else:
- urgency = ''
- elif urgency == 'high':
- urgency = self.make_red(urgency)
- elif urgency == 'undetermined':
+ if vulnerable == 2:
urgency = self.make_purple(urgency)
+
+ if urgency == 'high':
+ urgency = self.make_red(urgency)
else:
if no_dsa:
urgency = urgency + '*'
@@ -666,7 +671,7 @@ this package, but still reference it.""")])
return self.create_page(
url, 'Vulnerable source packages in the %s suite' % release,
- [bf.actions(url),
+ [bf.actions(url), BR(),
make_table(gen(), caption=("Package", "Bug", "Urgency",
"Remote")),
P('''(If a "*" is included in the urgency field, no DSA is planned
@@ -689,7 +694,7 @@ for this vulnerability.)''')])
"""SELECT package, bug, section, urgency, unstable_vulnerable,
testing_security_fixed, remote, no_dsa
FROM testing_status"""):
- if bf.urgencyFiltered(urgency):
+ if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
continue
@@ -710,6 +715,9 @@ for this vulnerability.)''')])
else:
remote = 'no'
+ if sid_vulnerable == 2:
+ urgency = self.make_purple(urgency)
+
if ts_fixed:
status = 'fixed in testing-security'
else:
@@ -718,9 +726,6 @@ for this vulnerability.)''')])
else:
status = self.make_dangerous('fixed in unstable')
- if urgency == 'unknown':
- urgency = ''
-
yield (pkg_name, self.make_xref(url, bug_name),
urgency, remote, status)
@@ -728,7 +733,7 @@ for this vulnerability.)''')])
url, 'Vulnerable source packages in the testing suite',
[make_menu(url.scriptRelative,
("status/dtsa-candidates", "Candidates for DTSAs")),
- bf.actions(url),
+ bf.actions(url), BR(),
make_table(gen(), caption=("Package", "Bug", "Urgency",
"Remote"))])
@@ -738,18 +743,17 @@ for this vulnerability.)''')])
def gen():
old_pkg_name = ''
- for (pkg_name, bug_name, section, urgency, remote) \
+ for (pkg_name, bug_name, section, urgency, vulnerable, remote) \
in self.db.cursor().execute(
"""SELECT DISTINCT sp.name, st.bug_name,
- sp.archive, st.urgency,
+ sp.archive, st.urgency, st.vulnerable,
(SELECT range_remote FROM nvd_data
WHERE cve_name = st.bug_name)
FROM source_package_status AS st, source_packages AS sp
- WHERE st.vulnerable AND st.urgency <> 'unimportant'
- AND sp.rowid = st.package AND sp.release = ?
- AND sp.subrelease = ''
+ WHERE st.vulnerable AND sp.rowid = st.package
+ AND sp.release = ? AND sp.subrelease = ''
ORDER BY sp.name, st.bug_name""", (rel,)):
- if bf.urgencyFiltered(urgency):
+ if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
continue
@@ -770,14 +774,13 @@ for this vulnerability.)''')])
else:
remote = 'no'
- if urgency == 'unknown':
- urgency = ''
- elif urgency == 'high':
+ if urgency == 'high':
urgency = self.make_red(urgency)
- elif urgency == 'undetermined':
+ elif vulnerable == 2:
urgency = self.make_purple(urgency)
yield pkg_name, self.make_xref(url, bug_name), urgency, remote
+
return self.create_page(
url, title,
[P("""Note that the list below is based on source packages.
@@ -785,7 +788,7 @@ for this vulnerability.)''')])
fixed source version has been uploaded to the archive, even
if there are still some vulnerably binary packages present
in the archive."""),
- bf.actions(url),
+ bf.actions(url), BR(),
make_table(gen(), caption=('Package', 'Bug', 'Urgency',
'Remote'))])
@@ -831,7 +834,7 @@ for this vulnerability.)''')])
FROM testing_status
WHERE (NOT unstable_vulnerable)
AND (NOT testing_security_fixed)"""):
- if bf.urgencyFiltered(urgency):
+ if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
continue
@@ -855,9 +858,7 @@ for this vulnerability.)''')])
else:
remote = 'no'
- if urgency == 'unknown':
- urgency = ''
- elif urgency == 'high':
+ if urgency == 'high':
urgency = self.make_red(urgency)
if stable_later:
@@ -876,7 +877,7 @@ checker to find out why they have not entered testing yet."""),
make_menu(url.scriptRelative,
("status/release/testing",
"List of vulnerable packages in testing")),
- bf.actions(url),
+ bf.actions(url), BR(),
make_table(gen(),
caption=("Package", "Migration", "Bug", "Urgency",
"Remote"))])
diff --git a/bin/update-db b/bin/update-db
index ca9735f..9c3cc2b 100755
--- a/bin/update-db
+++ b/bin/update-db
@@ -24,7 +24,7 @@ import security_db
db_file = sys.argv[1]
try:
- db = security_db.DB(db_file)
+ db = security_db.DB(db_file, verbose=True)
new_file = False
except security_db.SchemaMismatch:
os.unlink(db_file)
diff --git a/data/CVE/list b/data/CVE/list
index 997da70..5e57d0b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3698,11 +3698,11 @@ CVE-2009-3385
RESERVED
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
- webkit 1.1.17-2 (medium; bug #559759)
- - qt4-x11 <undetermined> (bug #561760)
+ - qt4-x11 <undetermined> (low; bug #561760)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
[lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- - kdelibs <undetermined> (bug #561765)
- - kde4libs <undetermined> (bug #561762)
+ - kdelibs <undetermined> (low; bug #561765)
+ - kde4libs <undetermined> (low; bug #561762)
CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
diff --git a/lib/python/bugs.py b/lib/python/bugs.py
index 1decab2..bbadfcd 100644
--- a/lib/python/bugs.py
+++ b/lib/python/bugs.py
@@ -23,7 +23,7 @@ class Urgency(debian_support.PseudoEnum): pass
def listUrgencies():
urgencies = {}
- urgs = ("high", "medium", "low", "unimportant", "unknown", "undetermined")
+ urgs = ("high", "medium", "low", "unimportant", "undetermined")
for u in range(len(urgs)):
urgencies[urgs[u]] = Urgency(urgs[u], -u)
Urgency.urgencies = urgencies
@@ -140,7 +140,10 @@ class PackageNoteParsed(PackageNote):
def __init__(self, package, version, notes, release=None):
bugs = []
- urgency = "unknown"
+ if version == 'undetermined':
+ urgency = 'undetermined'
+ else:
+ urgency = 'low'
if notes is not None:
for n in self.re_notes_split.split(notes):
u = internUrgency(n)
@@ -614,8 +617,7 @@ class FileBase(debian_support.PackageFile):
if not d:
d = 'undetermined'
pkg_notes.append(PackageNoteParsed
- (p, 'undetermined', 'undetermined',
- release=release))
+ (p, 'undetermined', d, release=release))
else:
self.raiseSyntaxError(
"invalid special version %s in package entry"
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index 1871d39..919768d 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -362,6 +362,7 @@ class DB:
"""CREATE VIEW testing_status AS
SELECT DISTINCT sp.name AS package, st.bug_name AS bug,
sp.archive AS section, st.urgency AS urgency,
+ st.vulnerable AS vulnerable,
(SELECT vulnerable
FROM source_packages AS sidp, source_package_status AS sidst
WHERE sidp.name = sp.name
@@ -383,9 +384,8 @@ class DB:
AND pnd.package = sp.name
AND pnd.release = 'squeeze')) AS no_dsa
FROM source_package_status AS st, source_packages AS sp
- WHERE st.vulnerable AND st.urgency <> 'unimportant'
- AND sp.rowid = st.package AND sp.release = 'squeeze'
- AND sp.subrelease = ''
+ WHERE st.vulnerable > 0 AND sp.rowid = st.package
+ AND sp.release = 'squeeze' AND sp.subrelease = ''
ORDER BY sp.name, st.urgency, st.bug_name""")
for (name, nickname) in (('stable', 'lenny'), ('oldstable', 'etch'),):
@@ -393,6 +393,7 @@ class DB:
"""CREATE VIEW %s_status AS
SELECT DISTINCT sp.name AS package, st.bug_name AS bug,
sp.archive AS section, st.urgency AS urgency,
+ st.vulnerable AS vulnerable,
(SELECT range_remote FROM nvd_data
WHERE cve_name = st.bug_name) AS remote,
(EXISTS (SELECT * FROM package_notes_nodsa AS pnd
@@ -400,9 +401,8 @@ class DB:
AND pnd.package = sp.name
AND pnd.release = '%s')) AS no_dsa
FROM source_package_status AS st, source_packages AS sp
- WHERE st.vulnerable AND st.urgency <> 'unimportant'
- AND sp.rowid = st.package AND sp.release = '%s'
- AND sp.subrelease = ''
+ WHERE st.vulnerable > 0 AND sp.rowid = st.package
+ AND sp.release = '%s' AND sp.subrelease = ''
AND NOT COALESCE((SELECT NOT vulnerable
FROM source_packages AS secp, source_package_status AS secst
WHERE secp.name = sp.name
@@ -413,8 +413,6 @@ class DB:
ORDER BY sp.name, urgency_to_number(urgency), st.bug_name"""
% (name, nickname, nickname, nickname))
-
-
def _initFunctions(self):
"""Registers user-defined SQLite functions."""
Reply to: