Bug#887822: Accept more variants of standard CVE identifier format

To: submit@bugs.debian.org
Subject: Bug#887822: Accept more variants of standard CVE identifier format
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 20 Jan 2018 09:22:09 +0100
Message-id: <[🔎] 20180120082209.GA26365@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 887822@bugs.debian.org

Package: security-tracker
Severity: wishlist

Hi Paul

Thanks for the patch, forwarding that to the BTS.

I will try to look at your proposal next week.

Regards,
Salvatore

--- Begin Message ---

To: debian-security-tracker@lists.debian.org
Cc: Paul Wise <pabs@debian.org>
Subject: [PATCH] Accept more variants of standard CVE identifier format
From: Paul Wise <pabs@debian.org>
Date: Wed, 17 Jan 2018 11:50:14 +0800
Message-id: <[🔎] 20180117035014.17791-1-pabs@debian.org>

Transform the given identifier to a standard one and
redirect to the standard form if it is in the database:

* convert spaces to dashes
* convert lowercase to uppercase
---
 bin/tracker_service.py | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 9cbbccc8be..5a890f561d 100755
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -329,9 +329,9 @@ data source.""")],
                 return RedirectResult(self.url_debian_bug(url, str(bugnumber)),
                                       permanent=False)
 
-        if 'A' <= obj[0] <= 'Z':
-            # Bug names start with a capital letter.
-            return self.page_bug(url, obj, redirect)
+        page = self.page_bug(url, obj, redirect)
+        if page is not None:
+            return page
 
         if self.db.isSourcePackage(c, obj):
             return RedirectResult(self.url_source_package(url, obj, full=True))
@@ -339,20 +339,23 @@ data source.""")],
         return self.page_not_found(url, obj)
 
     def page_bug(self, url, name, redirect):
+        # Transform the name to a standard one
+        name_s = name.replace(' ', '-').upper()
+
         # FIXME: Normalize CAN-* to CVE-* when redirecting.  Too many
         # people still use CAN.
-        if redirect and name[0:4] == 'CAN-':
-            name = 'CVE-' + name[4:]
+        if redirect and name_s[0:4] == 'CAN-':
+            name_s = 'CVE-' + name_s[4:]
 
         cursor = self.db.cursor()
         try:
-            bug = bugs.BugFromDB(cursor, name)
+            bug = bugs.BugFromDB(cursor, name_s)
         except ValueError:
             if redirect:
-                if name[0:4] == 'CVE-':
-                    return RedirectResult(self.url_cve(url, name),
+                if name_s[0:4] == 'CVE-':
+                    return RedirectResult(self.url_cve(url, name_s),
                                           permanent=False)
-            return self.page_not_found(url, name)
+            return None
         if bug.name <> name or redirect:
             # Show the normalized bug name in the browser address bar.
             return RedirectResult(url.scriptRelativeFull(bug.name))
-- 
2.15.1

--- End Message ---

Reply to:

Prev by Date: Check fix bug
Next by Date: External check
Previous by thread: Check fix bug
Next by thread: Processing 0030fb18149ba0a743f17c25e643848d9eebdc85 failed
Index(es):
- Date
- Thread