Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o
Cc: Zac Medico <zmedico@g.o>, Georg Weiss <gentoo@××××××××××.de>
Subject: [gentoo-portage-dev] [PATCH] glsa-check: fix truncated CVE ids in listmode (bug 692134)
Date: Sun, 01 Sep 2019 04:13:27
Message-Id: 20190901041111.25854-1-zmedico@gentoo.org
1 Use a regular expression to search for CVE ids in GLSA references.
2 Import unicode_literals from __future__ since portage's Glsa class
3 returns unicode strings for all python versions.
4
5 Reported-by: Georg Weiss <gentoo@××××××××××.de>
6 Bug: https://bugs.gentoo.org/692134
7 Signed-off-by: Zac Medico <zmedico@g.o>
8 ---
9 bin/glsa-check | 11 +++++++++--
10 1 file changed, 9 insertions(+), 2 deletions(-)
11
12 diff --git a/bin/glsa-check b/bin/glsa-check
13 index 95ef16fde..6bb2ee21e 100755
14 --- a/bin/glsa-check
15 +++ b/bin/glsa-check
16 @@ -2,9 +2,10 @@
17 # Copyright 1999-2019 Gentoo Authors
18 # Distributed under the terms of the GNU General Public License v2
19
20 -from __future__ import print_function
21 +from __future__ import print_function, unicode_literals
22
23 import argparse
24 +import re
25 import sys
26 import codecs
27 from functools import reduce
28 @@ -204,7 +205,13 @@ def summarylist(myglsalist, fd1=sys.stdout, fd2=sys.stderr, encoding="utf-8"):
29
30 fd1.write(")")
31 if list_cve:
32 - fd1.write(" "+(",".join([r[:13] for r in myglsa.references if r[:4] in ["CAN-", "CVE-"]])))
33 + cve_ids = []
34 + for r in myglsa.references:
35 + m = re.search(r'(CAN|CVE)-[\d-]+', r)
36 + if m is not None:
37 + cve_ids.append(m.group(0))
38 + if cve_ids:
39 + fd1.write(" "+(",".join(cve_ids)))
40 fd1.write("\n")
41 return 0
42
43 --
44 2.21.0

Replies