[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#825695: udd todo: List unsolved security issues in the TODO list?

Control: tags -1 + patch

[Paul Wise]
> Not sure why they are showing up in the UDD database, but the
> explanations are at the bottom of this:
>
> https://security-tracker.debian.org/tracker/status/release/stable

Right.  I guess that need to be fixed in the importer, if it should be
changed.  I'm not trying to address this here.

Anyway, I found a way to test the the code, and fixed a few typos.  The
following patch work and include open security issues in the Todo list.
Is this OK to put into production?

diff --git a/web/inc/dmd-data.rb b/web/inc/dmd-data.rb
index 55a1ec3..8ff8182 100755
--- a/web/inc/dmd-data.rb
+++ b/web/inc/dmd-data.rb
@@ -22,7 +22,7 @@ end
 
 class UDDData
   attr_accessor :debug
-  attr_reader :sources, :versions, :all_bugs, :bugs_tags, :bugs_count, :migration, :buildd, :dmd_todos, :ubuntu_bugs, :autoremovals, :qa, :ubuntu, :ustb, :udev, :dr, :doostb, :dostb, :dstb, :dtst, :lintian
+  attr_reader :sources, :versions, :all_bugs, :bugs_tags, :bugs_count, :migration, :buildd, :dmd_todos, :ubuntu_bugs, :autoremovals, :qa, :ubuntu, :ustb, :udev, :dr, :doostb, :dostb, :dstb, :dtst, :lintian, :security_issues
 
   def UDDData.parse_cgi_params(cgiparams)
     three = {'1' => '', '2' => '', '3' => ''}
@@ -119,6 +119,7 @@ class UDDData
     get_qa
     get_sources_dirty
     get_autoremovals
+    get_security_issues
     get_dmd_todos
     get_ubuntu_bugs
     get_ubuntu_dirty
@@ -729,6 +730,20 @@ and source not in (select source from upload_history where date > (current_date
       end
   end
 
+  def get_security_issues
+    @security_issues = {}
+    return if @sources.empty?
+    q = "SELECT sir.source, sir.release, sir.urgency, sir.issue
+           FROM security_issues_releases sir
+           WHERE sir.status != 'resolved' AND urgency != 'unimportant' AND
+                 sir.source IN (SELECT source FROM mysources) 
+           GROUP BY sir.source, sir.release, sir.urgency, sir.issue;"
+    rows = dbget(q)
+    rows.each do |r|
+      @security_issues[r['source']] = r.to_h
+    end
+  end
+
   def get_dmd_todos
     @dmd_todos = []
     rc_bugs = @all_bugs.select { |b| ['serious', 'grave', 'critical'].include?(b['severity']) }
@@ -774,6 +789,19 @@ and source not in (select source from upload_history where date > (current_date
     @dmd_todos.concat(testing_rc_bugs)
     @dmd_todos.concat(stable_rc_bugs)
 
+    @security_issues.each_pair do |src, v|
+      # v: source, release, urgency, issue
+
+      @dmd_todos << {
+        :shortname => "security_issue_#{src}_#{v['release']}_#{v['issue']}",
+        :type => 'security issue',
+        :source => src,
+        :link => "http://security-tracker.debian.org/tracker/#{v['issue']}",
+        :description => "Open security issue",
+        :details => "#{v['issue']} for #{v['release']} (#{v['urgency']} urgency)"
+      }
+    end
+
     @buildd.each_pair do |src, archs|
       archs.each do |arch|
         h = Digest::MD5.hexdigest("#{src}_#{arch.sort.to_s}")

-- 
Happy hacking
Petter Reinholdtsen
Reply to: