/[secure-testing]/bin/tracker_service.py

Diff of /bin/tracker_service.py

Parent Directory | Revision Log | View Patch Patch

-revision 2488 by fw,
Thu Oct 20 09:03:39 2005 UTC
+revision 2511 by fw,
Thu Oct 20 13:47:06 2005 UTC
 Line 14 
 import re
  import security_db
  from web_support import *
+ class BugFilter:
+     def __init__(self, params):
+         self.hide_medium_urgency = int(params.get('hide_medium_urgency',
+                                                   (0,))[0])
+         self.hide_non_remote = int(params.get('hide_non_remote',
+                                               (0,))[0])
+     def actions(self, url):
+         """Returns a HTML snippet which can be used to change the filter."""
+         if self.hide_medium_urgency:
+             urg = A(url.updateParams(hide_medium_urgency=None),
+                     'Show lower urgencies')
+         else:
+             urg = A(url.updateParams(hide_medium_urgency='1'),
+                     'Hide lower urgencies')
+         if self.hide_non_remote:
+             rem = A(url.updateParams(hide_non_remote=None),
+                     'Show local vulnerabilities')
+         else:
+             rem = A(url.updateParams(hide_non_remote='1'),
+                     'Hide local vulnerabilities')
+         return P(urg, ' ', rem)
+     def urgencyFiltered(self, urg):
+         """Returns True if the urgency urg is filtered."""
+         return self.hide_medium_urgency and urg not in ("high", "unknown", "")
+     def remoteFiltered(self, remote):
+         """Returns True if the attack range is filtered."""
+         return remote is not None and self.hide_non_remote and not remote
  class TrackerService(WebService):
      head_contents = compose(STYLE(
          """h1 { font-size : 144%; }
-Line 105 
 should be fine."""),
+Line 136 
 should be fine."""),
              ('data/releases',
               'Covered Debian releases and architectures (slow)'),
              self.make_search_button(url)),
-              P("""(You can enter CAN/CVE names, Debian bug numbers and package
+              P("""(You can enter CVE names, Debian bug numbers and package
  names in the search forms.)"""),
-              H2("A few notes on data sources"),
+              H2("Data sources"),
               P("""Data in this tracker comes solely from the bug database
  which is maintained by Debian's testing security team in their
  Subversion repository.  All external data (this includes
-Line 118 
 can be some delay before this happens.""
+Line 149 
 can be some delay before this happens.""
               P("""At the moment, the database only contains information which is
  relevant for tracking the security status of the stable, testing and
  unstable suites.  This means that data for oldstable is likely wrong."""),
+              P('Data marked "NVD" comes from the ',
+                A(url.absolute('http://nvd.nist.gov/'),
+                  'National Vulnerability Database'),
+                ' maintained by NIST.'),
               H2("External interfaces"),
               P("""If you want to automatically open a relevant web page for
-Line 168 
 data source.""")],
+Line 203 
 data source.""")],
          return self.page_not_found(url, obj)
      def page_bug(self, url, name, redirect):
+         # FIXME: Normalize CAN-* to CVE-* when redirecting.  Too many
+         # people still use CAN.
+         if redirect and name[0:4] == 'CAN-':
+             name = 'CVE-' + name[4:]
          cursor = self.db.cursor()
          try:
              bug = bugs.BugFromDB(cursor, name)
          except ValueError:
              if redirect:
-                 if name[0:4] in ('CAN-', 'CVE-'):
+                 if name[0:4] == 'CVE-':
                      return RedirectResult(self.url_cve(url, name),
                                            permanent=False)
              return self.page_not_found(url, name)
-Line 187 
 data source.""")],
+Line 227 
 data source.""")],
              yield B("Name"), bug.name
              source = bug.name.split('-')[0]
-             if source in ('CAN', 'CVE'):
+             if source == 'CVE':
                  source_xref = compose(self.make_cve_ref(url, bug.name, 'CVE'),
                                        " (",
                                        self.make_nvd_ref(url, bug.name,
-Line 455 
 architecture is currently not tracked.""
+Line 495 
 architecture is currently not tracked.""
  this package, but still reference it.""")])
      def page_status_release_stable(self, path, params, url):
+         bf = BugFilter(params)
          def gen():
              old_pkg_name = ''
              for (pkg_name, bug_name, archive, urgency, remote) in \
                      self.db.cursor().execute(
                  """SELECT package, bug, section, urgency, remote
                  FROM stable_status"""):
+                 if bf.urgencyFiltered(urgency):
+                     continue
+                 if bf.remoteFiltered(remote):
+                     continue
                  if pkg_name == old_pkg_name:
                      pkg_name = ''
                  else:
-Line 484 
 this package, but still reference it."""
+Line 531 
 this package, but still reference it."""
          return self.create_page(
              url, 'Vulnerable source packages in the stable suite',
-             [make_table(gen(), caption=("Package", "Bug", "Urgency",
+             [bf.actions(url),
+              make_table(gen(), caption=("Package", "Bug", "Urgency",
                                          "Remote"))])
      def page_status_release_testing(self, path, params, url):
+         bf = BugFilter(params)
          def gen():
              old_pkg_name = ''
              for (pkg_name, bug_name, archive, urgency,
-Line 495 
 this package, but still reference it."""
+Line 545 
 this package, but still reference it."""
                  """SELECT package, bug, section, urgency, unstable_vulnerable,
                  testing_security_fixed, remote
                  FROM testing_status"""):
+                 if bf.urgencyFiltered(urgency):
+                     continue
+                 if bf.remoteFiltered(remote):
+                     continue
                  if pkg_name == old_pkg_name:
                      pkg_name = ''
                  else:
-Line 527 
 this package, but still reference it."""
+Line 582 
 this package, but still reference it."""
              url, 'Vulnerable source packages in the testing suite',
              [make_menu(url.scriptRelative,
                         ("status/dtsa-candidates", "Candidates for DTSAs")),
+              bf.actions(url),
               make_table(gen(), caption=("Package", "Bug", "Urgency",
                                          "Remote"))])
      def page_status_release_unstable(self, path, params, url):
+         bf = BugFilter(params)
          def gen():
              old_pkg_name = ''
-             for (pkg_name, bug_name, section, urgency) \
+             for (pkg_name, bug_name, section, urgency, remote) \
                      in self.db.cursor().execute(
                  """SELECT DISTINCT sp.name, st.bug_name,
-                 sp.archive, st.urgency
+                 sp.archive, st.urgency,
+                 (SELECT range_remote FROM nvd_data
+                  WHERE cve_name = st.bug_name)
                  FROM source_package_status AS st, source_packages AS sp
                  WHERE st.vulnerable AND st.urgency <> 'unimportant'
                  AND sp.rowid = st.package AND sp.release = 'sid'
                  AND sp.subrelease = ''
                  ORDER BY sp.name, st.bug_name"""):
+                 if bf.urgencyFiltered(urgency):
+                     continue
+                 if bf.remoteFiltered(remote):
+                     continue
                  if pkg_name == old_pkg_name:
                      pkg_name = ''
                  else:
-Line 551 
 this package, but still reference it."""
+Line 616 
 this package, but still reference it."""
                      else:
                          pkg_name = self.make_xref(url, pkg_name)
+                 if remote is None:
+                     remote = ''
+                 elif remote:
+                     remote = 'yes'
+                 else:
+                     remote = 'no'
                  if urgency == 'unknown':
                      urgency = ''
                  elif urgency == 'high':
                      urgency = self.make_red(urgency)
-                 yield pkg_name, self.make_xref(url, bug_name), urgency
+                 yield pkg_name, self.make_xref(url, bug_name), urgency, remote
          return self.create_page(
-Line 566 
 this package, but still reference it."""
+Line 638 
 this package, but still reference it."""
              fixed source version has been uploaded to the archive, even
              if there are still some vulnerably binary packages present
              in the archive."""),
-              make_table(gen(), caption=('Package', 'Bug', 'Urgency'))])
+              bf.actions(url),
+              make_table(gen(), caption=('Package', 'Bug', 'Urgency',
+                                         'Remote'))])
      def page_status_dtsa_candidates(self, path, params, url):
+         bf = BugFilter(params)
          def gen():
              old_pkg_name = ''
-             for (pkg_name, bug_name, archive, urgency, stable_later) \
+             for (pkg_name, bug_name, archive, urgency, stable_later,
+                  remote) \
                      in self.db.cursor().execute(
                  """SELECT package, bug, section, urgency,
                  (SELECT testing.version_id < stable.version_id
-Line 583 
 this package, but still reference it."""
+Line 660 
 this package, but still reference it."""
                   AND stable.name = testing_status.package
                   AND stable.release = 'sarge'
                   AND stable.subrelease = 'security'
-                  AND stable.archive = testing_status.section)
+                  AND stable.archive = testing_status.section),
+                 (SELECT range_remote FROM nvd_data
+                  WHERE cve_name = bug)
                  FROM testing_status
                  WHERE (NOT unstable_vulnerable)
                  AND (NOT testing_security_fixed)"""):
+                 if bf.urgencyFiltered(urgency):
+                     continue
+                 if bf.remoteFiltered(remote):
+                     continue
                  if pkg_name == old_pkg_name:
                      pkg_name = ''
                      migration = ''
-Line 599 
 this package, but still reference it."""
+Line 683 
 this package, but still reference it."""
                      else:
                          pkg_name = self.make_source_package_ref(url, pkg_name)
+                 if remote is None:
+                     remote = ''
+                 elif remote:
+                     remote = 'yes'
+                 else:
+                     remote = 'no'
                  if urgency == 'unknown':
                      urgency = ''
                  elif urgency == 'high':
-Line 610 
 this package, but still reference it."""
+Line 701 
 this package, but still reference it."""
                      notes = ''
                  yield (pkg_name, migration, self.make_xref(url, bug_name),
-                        urgency, notes)
+                        urgency, remote, notes)
          return self.create_page(
              url, "Candidates for DTSAs",
-Line 621 
 return web_supporttesting yet."""),
+Line 712 
 return web_supporttesting yet."""),
               make_menu(url.scriptRelative,
                         ("status/release/testing",
                          "List of vulnerable packages in testing")),
+              bf.actions(url),
               make_table(gen(),
-                         caption=("Package", "Migration", "Bug", "Urgency"))])
+                         caption=("Package", "Migration", "Bug", "Urgency",
+                                  "Remote"))])
      def page_status_todo(self, path, params, url):
          def gen():

 Legend:



Removed from v.2488
 


changed lines


 
Added in v.2511
 Legend:



Removed from v.2488
 


changed lines


 
Added in v.2511
-Removed from v.2488
+Added in v.2511

	ViewVC Help
Powered by ViewVC 1.1.5