External check

2018-01-16 Thread Security Tracker 
CVE-2017-13194: TODO: check
CVE-2017-13215: TODO: check
CVE-2017-13216: TODO: check
CVE-2018-1049: RESERVED
CVE-2018-2579: RESERVED
CVE-2018-2696: RESERVED
CVE-2018-2703: RESERVED
CVE-2018-3818: RESERVED
CVE-2018-5704: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

[PATCH] Accept more variants of standard CVE identifier format

2018-01-16 Thread Paul Wise 
Transform the given identifier to a standard one and
redirect to the standard form if it is in the database:

* convert spaces to dashes
* convert lowercase to uppercase
---
 bin/tracker_service.py | 21 -
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 9cbbccc8be..5a890f561d 100755
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -329,9 +329,9 @@ data source.""")],
 return RedirectResult(self.url_debian_bug(url, str(bugnumber)),
   permanent=False)
 
-if 'A' <= obj[0] <= 'Z':
-# Bug names start with a capital letter.
-return self.page_bug(url, obj, redirect)
+page = self.page_bug(url, obj, redirect)
+if page is not None:
+return page
 
 if self.db.isSourcePackage(c, obj):
 return RedirectResult(self.url_source_package(url, obj, full=True))
@@ -339,20 +339,23 @@ data source.""")],
 return self.page_not_found(url, obj)
 
 def page_bug(self, url, name, redirect):
+# Transform the name to a standard one
+name_s = name.replace(' ', '-').upper()
+
 # FIXME: Normalize CAN-* to CVE-* when redirecting.  Too many
 # people still use CAN.
-if redirect and name[0:4] == 'CAN-':
-name = 'CVE-' + name[4:]
+if redirect and name_s[0:4] == 'CAN-':
+name_s = 'CVE-' + name_s[4:]
 
 cursor = self.db.cursor()
 try:
-bug = bugs.BugFromDB(cursor, name)
+bug = bugs.BugFromDB(cursor, name_s)
 except ValueError:
 if redirect:
-if name[0:4] == 'CVE-':
-return RedirectResult(self.url_cve(url, name),
+if name_s[0:4] == 'CVE-':
+return RedirectResult(self.url_cve(url, name_s),
   permanent=False)
-return self.page_not_found(url, name)
+return None
 if bug.name <> name or redirect:
 # Show the normalized bug name in the browser address bar.
 return RedirectResult(url.scriptRelativeFull(bug.name))
-- 
2.15.1