Sometimes fixes are mistakenly cherry picked into branches without using the '-x' flag to record the cherry pick master commit. Add fuzzy matching based on subject line to attempt to identify these fixes on branches.
Signed-off-by: Daniel P. Berrangé <[email protected]> --- scripts/report-vulnerable-tags.pl | 46 +++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl index 6a0f7dc..c37416d 100644 --- a/scripts/report-vulnerable-tags.pl +++ b/scripts/report-vulnerable-tags.pl @@ -121,6 +121,38 @@ sub get_cherry_picks { return %cherrypicks; } +sub get_fuzzy_picks { + my $branch = shift @_; + my $tag = shift @_; + + my %subjects; + + for my $commit (@fixed) { + open GIT, "-|", "git", "show", "--no-patch", "--format=%s", $commit + or die "cannot query 'git show --no-patch --format=%s $commit': $!"; + my $subject = <GIT>; + chomp $subject; + close GIT; + + $subjects{$subject} = $commit; + } + + open GIT, "-|", "git", "log", "--format=%H %s", "$tag..origin/$branch" or + die "cannot query 'git log --format='%h %s' $tag..origin/$branch': $!\n"; + + my $commit; + my %fuzzypicks; + while (<GIT>) { + if (/([a-zA-Z0-9]+)\s(.*)$/) { + if (exists $subjects{$2}) { + $fuzzypicks{$subjects{$2}} = $1; + } + } + } + + return %fuzzypicks; +} + sub add_branch { my $name = shift @_; @@ -226,6 +258,20 @@ if (defined $fixed) { } } + if (int(@missing)) { + my @unfixed = @missing; + my %fuzzypicks = get_fuzzy_picks($branch, $basetag); + @missing = (); + for my $commit (@unfixed) { + if (exists $fuzzypicks{$commit}) { + my $fuzzy = $fuzzypicks{$commit}; + add_fixed_commit($branch, $fuzzy); + } else { + push @missing, $commit; + } + } + } + # If all fixes on master exist on branch, then # identify any tags holding the last cherry-pick # so the branch gets marked as non-vulnerable. -- 2.21.0 -- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
