Skip to content

Commit ba6c01c

Browse files
jellyjelly
committed
Warn if lib32- variant is missing when adding a group
When adding a new group, warn if the lib32 variant does not exists via a flashcard. Closes: #120
1 parent 19bc697 commit ba6c01c

File tree

2 files changed

+50
-0
lines changed

2 files changed

+50
-0
lines changed

test/test_group.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,37 @@ def test_add_group_with_dot_in_pkgrel(db, client):
248248
set_and_assert_group_data(db, client, url_for('tracker.add_group'), affected='1.2-3.4')
249249

250250

251+
@create_package(name='foo', version='1.2.3-4')
252+
@create_package(name='lib32-foo', version='1.2.3-4')
253+
@logged_in
254+
def test_add_group_mising_lib32(db, client):
255+
pkgnames = ['foo']
256+
issues = ['CVE-1234-1234', 'CVE-2222-2222']
257+
data = default_group_dict(dict(
258+
cve='\n'.join(issues),
259+
pkgnames='\n'.join(pkgnames),
260+
))
261+
262+
resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
263+
assert 200 == resp.status_code
264+
assert 'Missing AVG for lib32-foo' in resp.data.decode()
265+
266+
267+
@create_package(name='foo', version='1.2.3-4')
268+
@logged_in
269+
def test_add_group_mising_lib32_invalid(db, client):
270+
pkgnames = ['foo']
271+
issues = ['CVE-1234-1234', 'CVE-2222-2222']
272+
data = default_group_dict(dict(
273+
cve='\n'.join(issues),
274+
pkgnames='\n'.join(pkgnames),
275+
))
276+
277+
resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
278+
assert 200 == resp.status_code
279+
assert 'Missing AVG for lib32-foo' not in resp.data.decode()
280+
281+
251282
@create_package(name='foo')
252283
@logged_in
253284
def test_dont_add_group_with_dot_at_beginning_of_pkgrel(db, client):

tracker/view/add.py

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
from tracker.model import CVEGroup
1111
from tracker.model import CVEGroupEntry
1212
from tracker.model import CVEGroupPackage
13+
from tracker.model import Package
1314
from tracker.model.enum import Affected
1415
from tracker.model.enum import Remote
1516
from tracker.model.enum import Severity
@@ -199,4 +200,22 @@ def add_group():
199200

200201
db.session.commit()
201202
flash('Added {}'.format(group.name))
203+
204+
missing_lib32_variant(pkgnames, group)
205+
202206
return redirect('/{}'.format(group.name))
207+
208+
209+
def missing_lib32_variant(pkgnames, group):
210+
for pkgname in pkgnames:
211+
if 'lib32' in pkgname:
212+
continue
213+
214+
lib32pkg = f'lib32-{pkgname}'
215+
if not Package.query.filter(Package.name == lib32pkg).first():
216+
continue
217+
218+
if CVEGroupPackage.query.filter(CVEGroupPackage.pkgname == lib32pkg, CVEGroupPackage.group == group).first():
219+
continue
220+
221+
flash('Missing AVG for {}'.format(lib32pkg))

0 commit comments

Comments
 (0)