aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/check-todo-issues12
-rw-r--r--lib/python/cvetools.py10
-rw-r--r--lib/python/nvd.py2
3 files changed, 15 insertions, 9 deletions
diff --git a/bin/check-todo-issues b/bin/check-todo-issues
index a0102f8..64d88ae 100755
--- a/bin/check-todo-issues
+++ b/bin/check-todo-issues
@@ -107,7 +107,7 @@ class EntryEditor:
names = []
for cvenames in self.cvedb.guess_name_for(cve).values():
names.extend(cvenames)
- joinednames = ", ".join(list(set(names)))
+ joinednames = u", ".join(list(set(names)))
names = joinednames
if names:
credit = names + " reported "
@@ -117,7 +117,7 @@ class EntryEditor:
cvedesc = self.cvedb.get_cve_desc(cve, indentation = 0)
if cvedesc[-1] == '.':
cvedesc = cvedesc[:-1]
- print "%s%s (%s)." % (credit, cvedesc, cve)
+ print u"%s%s (%s)." % (credit, cvedesc, cve)
print "</li>"
else:
print "%s (http://nvd.nist.gov/nvd.cfm?cvename=%s):" % (cve, cve)
@@ -319,11 +319,17 @@ class EntryEditor:
title = self.bugs_atom + " DESCR (" + self.bugs_unify_cvenames(cvelist) + ")"
description = ""
+ bug_url = ""
for cve in cvelist:
# print cve
description += "%s (http://nvd.nist.gov/nvd.cfm?cvename=%s):\n" % (cve, cve)
description += "%s" % self.cvedb.get_cve_desc(cve, indentation = 2)
description += "\n\n"
+ if not bug_url:
+ for source, url in self.cvedb.get_refs_for(cve):
+ if source == u"CONFIRM":
+ bug_url = url
+ break
import tempfile
(fd, filename) = tempfile.mkstemp(suffix='.txt', prefix='gsec', text=True)
@@ -360,7 +366,7 @@ class EntryEditor:
answer = sys.stdin.readline()
if answer[0] == "y" or answer[0] == "Y" or answer[0] == "\n":
- bugno = self.bugreporter.post_bug(title, description, component, whiteboard)
+ bugno = self.bugreporter.post_bug(title, description, component, whiteboard, bug_url)
if bugno:
print "Success! https://bugs.gentoo.org/%d" % (bugno)
# note the bug in the list
diff --git a/lib/python/cvetools.py b/lib/python/cvetools.py
index 7e5dc5c..d7d35e0 100644
--- a/lib/python/cvetools.py
+++ b/lib/python/cvetools.py
@@ -64,8 +64,8 @@ class CVEData:
return {}
SAs = []
names = {}
- for url in refs:
- if url.startswith("http://secunia.com/advisories/") or url.startswith("http://www.secunia.com/advisories/"):
+ for source, url in refs:
+ if source == u"SECUNIA" or url.startswith("http://secunia.com/advisories/") or url.startswith("http://www.secunia.com/advisories/"):
SAs.append(re.sub(r".*advisories/(\d+)", r"\1", url))
import urllib2
@@ -221,7 +221,7 @@ class BugReporter:
password = password,
forget = False)
- def post_bug(self, title, description, component="", whiteboard=""):
+ def post_bug(self, title, description, component="", whiteboard="", url=""):
""" Posts a security bug, returning the Bug number or 0 """
bugno = 0
ccs = assign.get_cc_from_string(title)
@@ -230,11 +230,11 @@ class BugReporter:
severity = 'normal'
try:
try:
- bugno = self.bugz_auth.post(title = title, description = description, cc = ccs)
+ bugno = self.bugz_auth.post(title = title, description = description, cc = ccs, url = url)
print "Ignoring Bug component, please upgrade pybugz."
except TypeError:
# pybugz since 0.7.4 requires to specify product and component
- bugno = self.bugz_auth.post(title = title, product="Gentoo Security", component=component, description = description, cc = ccs)
+ bugno = self.bugz_auth.post(title = title, product="Gentoo Security", component=component, description = description, cc = ccs, url = url)
except Exception, e:
print "An error occurred posting a bug: %s" % (e)
diff --git a/lib/python/nvd.py b/lib/python/nvd.py
index d457e04..1c1c9fb 100644
--- a/lib/python/nvd.py
+++ b/lib/python/nvd.py
@@ -133,7 +133,7 @@ class _Parser(xml.sax.handler.ContentHandler):
pass
def TAG_ref(self, name, attrs):
if attrs.has_key('url'):
- self.refs.append(attrs['url'])
+ self.refs.append([attrs['source'], attrs['url']])
def endElement(self, name):
if name == 'entry':