subject:"Bug#761859\: yaml..."

Bug#761859: yaml...

2015-02-22 Thread Florian Weimer

* Holger Levsen:

 the patch currently creates yaml, not json. Which do you prefer?

JSON has less risk of unwanted data execution when deserializing.  It
is also supported by Python out of the box, so it's more natural for
the successor of the custom debsecan format (which I created when
Python did not have built-in JSON support).


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87vbit8tff@mid.deneb.enyo.de

Bug#761859: yaml...

2015-02-22 Thread Holger Levsen

Hi,

the patch currently creates yaml, not json. Which do you prefer?

Also, is the bug description useful in the data? Do you want no 
data/remote/local or (null|None)/true/false?

Anything else? 


cheers,
Holger
From 4237fa854c9dc4f1d8ac8de5c8e2030f68bf847b Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer-acht.org
Date: Sun, 22 Feb 2015 00:39:00 +0100
Subject: [PATCH] Dump data as .yaml via /tracker/data/yaml (Closes: #761859)

---
 bin/tracker_service.py | 48 
 1 file changed, 48 insertions(+)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index ec7cee5..fcc5621 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -138,6 +138,7 @@ class TrackerService(webservice_base_class):
 self.register('data/funny-versions', self.page_data_funny_versions)
 self.register('data/fake-names', self.page_data_fake_names)
 self.register('data/pts/1', self.page_data_pts)
+self.register('data/yaml', self.page_yaml)
 self.register('debsecan/**', self.page_debsecan)
 self.register('data/report', self.page_report)
 self.register('style.css', self.page_style_css)
@@ -1226,6 +1227,53 @@ Debian bug number.'''),
 data.append('\n')
 return BinaryResult(''.join(data),'application/octet-stream')
 
+def page_yaml(self, path, params, url):
+data = []
+old_pkg = ''
+releases = ('sid', 'jessie', 'wheezy', 'squeeze')
+for (pkg, bug, desc, release, subrelease, status, urgency, remote, nodsa) in self.db.cursor().execute(
+SELECT sp.name, st.bug_name, bugs.description,
+sp.release, sp.subrelease, st.vulnerable, st.urgency,
+(SELECT range_remote FROM nvd_data
+WHERE cve_name = st.bug_name),
+(SELECT comment FROM package_notes_nodsa AS nd
+WHERE nd.package = sp.name AND nd.release = sp.release
+AND nd.bug_name = st.bug_name) AS nodsa
+FROM source_package_status AS st, source_packages AS sp, bugs
+WHERE sp.rowid = st.package AND st.bug_name = bugs.name
+AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
+OR sp.release = ? )
+ORDER BY sp.name, st.bug_name, sp.release, sp.subrelease , releases):
+
+if old_pkg != pkg:
+old_pkg = pkg
+old_bug = ''
+data.append(pkg+':\n')
+if old_bug != bug:
+old_bug = bug
+data.append('  '+bug+':\n')
+data.append('description: '+desc+'\n')
+data.append('releases: \n')
+if subrelease == '':
+my_release = release
+else:
+my_release = release+'-'+subrelease
+data.append('  '+my_release+':\n')
+if status  0:
+data.append('status: open\n')
+else:
+data.append('status: resolved\n')
+data.append('urgency: '+urgency+'\n')
+if str(remote) == 'None':
+data.append('range: no data\n')
+elif remote == 1:
+data.append('range: remote\n')
+else:
+data.append('range: local\n')
+if str(nodsa) != 'None':
+data.append('nodsa: '+nodsa+'\n')
+return BinaryResult(''.join(data),'application/octet-stream')
+
 def page_debsecan(self, path, params, url):
 obj = '/'.join(path)
 data = self.db.getDebsecan(obj)
-- 
1.9.1



signature.asc
Description: This is a digitally signed message part.

Bug#761859: yaml...

Bug#761859: yaml...

2 matches

Site Navigation

Mail list logo

Footer information