subject:"Bug#727534\: security\-tracker\: Add tabular view listing all CVEs and version table for a source package"

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2014-02-12 Thread Luciano Bello

On Tuesday 11 February 2014 19:05:21 Antonio Terceiro wrote:
 now the patches :-)

This is great! Let me take a look and I will push them (probably during the 
weekend) officially.

Thanks!

/luciano

signature.asc
Description: This is a digitally signed message part.

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2014-02-11 Thread Antonio Terceiro

On Sat, Feb 08, 2014 at 11:31:27AM +0100, Salvatore Bonaccorso wrote:
 Hi Antonio,
 
 On Thu, Oct 24, 2013 at 09:49:19AM -0300, Antonio Terceiro wrote:
  It would be nice if someone familiar with the codebase could write up
  instructions on how to do that.
 
 Actually at the Security Team meeting we are working now on this.
 Mainly if you want to set up a testinstance of the security tracker is
 doing the three steps:
 
 make update-packages
 make all
 make serve

that worked just fine, thanks! :-)

 But Luciano is working on adding a section for this to the
 documentation.

FYI if you want to document the dependencies, these are the packages I
had to install to make it run on a clean chroot:

make
python
python-apt
python-apsw

-- 
Antonio Terceiro terce...@debian.org


signature.asc
Description: Digital signature

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2014-02-11 Thread Antonio Terceiro

Control: tag -1 + patch

On Tue, Feb 11, 2014 at 04:00:45PM -0300, Antonio Terceiro wrote:
 On Sat, Feb 08, 2014 at 11:31:27AM +0100, Salvatore Bonaccorso wrote:
  Hi Antonio,
  
  On Thu, Oct 24, 2013 at 09:49:19AM -0300, Antonio Terceiro wrote:
   It would be nice if someone familiar with the codebase could write up
   instructions on how to do that.
  
  Actually at the Security Team meeting we are working now on this.
  Mainly if you want to set up a testinstance of the security tracker is
  doing the three steps:
  
  make update-packages
  make all
  make serve
 
 that worked just fine, thanks! :-)

now the patches :-)

the first one just sets some whitespace right in bin/tracker_service.py,
and the second one is the actual implementation of a Vulnerability
summary for a given source package.

-- 
Antonio Terceiro terce...@debian.org
From d3ac0a9682ebc1538a083fb92c5b7101a53646ca Mon Sep 17 00:00:00 2001
From: Antonio Terceiro terce...@softwarelivre.org
Date: Tue, 11 Feb 2014 16:13:44 -0300
Subject: [PATCH 1/2] tracker_service: remove spurious whitespace

---
 bin/tracker_service.py | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 455ea9b..c0879a0 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -93,7 +93,8 @@ h3 { font-size : 100%; }
 
 table { padding-left : 1.5em }
 td, th { text-align : left;
-	 padding-left : 0.25em;
+ padding-left : 0.25em;
+ padding-left : 0.25em;
  padding-right : 0.25em; }
 td { vertical-align: baseline }
 span.red { color: red; }
@@ -1174,9 +1175,9 @@ Debian bug number.'''),
  Testing Security Team),
  - , A(url.absolute(http://www.debian.org/security/;),
  Debian Security),
-		 - , A(url.absolute(http://anonscm.debian.org/viewvc/secure-testing/bin/tracker_service.py?view=markup;),
-		 Source),
-		 , A(url.absolute(svn://anonscm.debian.org/secure-testing), (SVN)),
+ - , A(url.absolute(http://anonscm.debian.org/viewvc/secure-testing/bin/tracker_service.py?view=markup;),
+ Source),
+ , A(url.absolute(svn://anonscm.debian.org/secure-testing), (SVN)),
 ))
 if search_in_page:
 on_load = selectSearch()
@@ -1324,7 +1325,8 @@ Debian bug number.'''),
 return SPAN(contents, _class=red)
 
 def make_purple(self, contents):
-	return SPAN(contents, _class=purple)
+return SPAN(contents, _class=purple)
+return SPAN(contents, _class=purple)
 
 def make_dangerous(self, contents):
 return SPAN(contents, _class=dangerous)
-- 
1.9.0.rc3

From 8d31c637e78a9c224426e2baef5a7d094a6857c0 Mon Sep 17 00:00:00 2001
From: Antonio Terceiro terce...@softwarelivre.org
Date: Tue, 11 Feb 2014 18:55:27 -0300
Subject: [PATCH 2/2] Vulnerabitily summary for packages

---
 bin/tracker_service.py | 43 +++
 1 file changed, 43 insertions(+)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index c0879a0..5df25ba 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -99,6 +99,7 @@ td, th { text-align : left;
 td { vertical-align: baseline }
 span.red { color: red; }
 span.purple { color: purple; }
+span.green { color: green; }
 span.dangerous { color: rgb(191,127,0); }
 ), SCRIPT('''var old_query_value = ;
 
@@ -546,6 +547,34 @@ to improve our documentation and procedures, so feedback is welcome.)])])
 for (bug, description) in lst:
 yield self.make_xref(url, bug), description
 
+suites = ()
+for (releases, version) in self.db.getSourcePackageVersions(
+self.db.cursor(), pkg):
+for r in releases:
+if r not in suites:
+suites = suites + (r,)
+
+def gen_summary(bugs):
+for (bug, description) in bugs:
+status = {}
+for (package, releases, version, vulnerable) \
+in self.db.getSourcePackages(self.db.cursor(), bug):
+for release in releases:
+if package == pkg:
+if vulnerable == 1:
+status[release] = self.make_red('vulnerable')
+elif vulnerable == 2:
+status[release] = self.make_purple('undetermined')
+else:
+status[release] = self.make_green('fixed')
+status_row = ()
+for release in suites:
+if release in status:
+status_row = status_row + (status[release],)
+else:
+status_row = status_row + (self.make_purple('unknown'),)
+yield (self.make_xref(url, bug),) +

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2014-02-08 Thread Salvatore Bonaccorso

Hi Antonio,

On Thu, Oct 24, 2013 at 09:49:19AM -0300, Antonio Terceiro wrote:
 It would be nice if someone familiar with the codebase could write up
 instructions on how to do that.

Actually at the Security Team meeting we are working now on this.
Mainly if you want to set up a testinstance of the security tracker is
doing the three steps:

make update-packages
make all
make serve

But Luciano is working on adding a section for this to the
documentation.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2013-10-24 Thread Antonio Terceiro

On Thu, Oct 24, 2013 at 06:36:15AM +0200, Salvatore Bonaccorso wrote:
 Package: security-tracker
 Severity: wishlist
 
 Hi
 
 On last DebConf Antonio Terceiro brought up the following idea for an
 additional view for a source package in the security-tracker. I'm
 opening the bugreport to not forget about it.
 
 It would be nice to have for a given source package a report/view
 listing in a table each (in at least a suite open) CVE, with collumns
 marking if fixed in the given suite.
 
 srpkg:
 
 +---+---++---+-+---+---+
 | CVE   | oldstable | oldstable-security | stable| 
 stable-security | testing   | unstable  |
 +---+---++---+-+---+---+
 | CVE-1234-5678 | unfixed | 1.2-3+squeeze1 | unfixed | 1.3-4+deb7u1   
  | unfixed | 1.5   |
 | CVE-5678-1234 | unfixed | unfixed  | unfixed | unfixed  
  | unfixed | unfixed |
 +---+---++---+-+---+---+
 
 Im principle it should look like an aggregated view of each CVE page,
 for a queried source package.

Thanks for opening a bug about this, Salvatore! :-)

I am actually willing to write the code for this. Unfortunately I tried
setting up a local instance of the security-tracker and failed
miserably.

It would be nice if someone familiar with the codebase could write up
instructions on how to do that.

-- 
Antonio Terceiro terce...@debian.org


signature.asc
Description: Digital signature

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

2013-10-23 Thread Salvatore Bonaccorso

Package: security-tracker
Severity: wishlist

Hi

On last DebConf Antonio Terceiro brought up the following idea for an
additional view for a source package in the security-tracker. I'm
opening the bugreport to not forget about it.

It would be nice to have for a given source package a report/view
listing in a table each (in at least a suite open) CVE, with collumns
marking if fixed in the given suite.

srpkg:

+---+---++---+-+---+---+
| CVE   | oldstable | oldstable-security | stable| stable-security 
| testing   | unstable  |
+---+---++---+-+---+---+
| CVE-1234-5678 | unfixed | 1.2-3+squeeze1 | unfixed | 1.3-4+deb7u1
| unfixed | 1.5   |
| CVE-5678-1234 | unfixed | unfixed  | unfixed | unfixed   
| unfixed | unfixed |
+---+---++---+-+---+---+

Im principle it should look like an aggregated view of each CVE page,
for a queried source package.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

Bug#727534: security-tracker: Add tabular view listing all CVEs and version table for a source package

6 matches

Site Navigation

Mail list logo

Footer information