| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
| |
In some cases, alias_refs and the references input via the GLSA form
might not be mutually exclusive sets (lists), so it is necessary to
deduplicate the union of both lists, rather than each list separately.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
| |
We only want to use vulnerability identifiers as GLSA references, but
those aren't the only things that we might pick up in bug aliases.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
| |
Fixes: 9285344 ("autoglsa: switch Relationship column assignments to appends")
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
| |
This proper typing fixes the following mypy errors:
glsamaker/autoglsa.py:253: error: Unsupported left operand type for + ("RelationshipProperty[Any]") [operator]
glsamaker/autoglsa.py:254: error: "RelationshipProperty[Any]" has no attribute "__iter__"; maybe "__str__"? (not iterable) [attr-defined]
glsamaker/autoglsa.py:255: error: Unsupported left operand type for + ("RelationshipProperty[Any]") [operator]
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were always using the "vulnerable version" objects to find which
package name to output into the table, but that doesn't work if
there's no vulnerable version. Since there's always one package in
either of the vulnerable or unaffected objects, use whichever happens
to provide the string we're looking for.
Since we were (and are) relying on the caller providing us a pair of
queries which includes only one package, raise an exception if that
assumption is broken.
Also add a test case which catches the original issue.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
| |
This prevents a few type-clashing issues on assignment:
glsamaker/autoglsa.py:253: error: Incompatible types in assignment (expression has type "list[Any]", variable has type "RelationshipProperty[Any]") [assignment]
glsamaker/autoglsa.py:260: error: Incompatible types in assignment (expression has type "list[Any]", variable has type "RelationshipProperty[Any]") [assignment]
glsamaker/autoglsa.py:270: error: Incompatible types in assignment (expression has type "list[Affected]", variable has type "RelationshipProperty[Any]") [assignment]
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
| |
Fixes mypy error:
glsamaker/models/glsa.py:130: error: "RelationshipProperty[Any]" has no attribute "__iter__"; maybe "__str__"? (not iterable) [attr-defined]
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
| |
Tuples are better when the object is intended to be a particular
length, as it is in this case.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
| |
Just like we do below with Affected objects with no unaffected versions.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit 03ebd8805524fb7d98ab6db6b987a36e32d0a95f. This
turned out to be wrong, and now triggers an exception with duplicate
bug rows.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQLAlchemy's implicit handling of uniqueness of primary keys in merges
seems to have changed, and this triggers the following error when
submitting an edited GLSA twice. It ends up attempting to merge
multiple bug rows with the same ID, rather than simply reusing
existing rows.
glsamaker-http-1 | sqlalchemy.exc.IntegrityError: (raised as a result of Query-invoked autoflush; consider using a session.no_autoflush block if this flush is occurring prematurely)
glsamaker-http-1 | (psycopg2.errors.UniqueViolation) duplicate key value violates unique constraint "bug_pkey"
glsamaker-http-1 | DETAIL: Key (bug_id)=(713098) already exists.
glsamaker-http-1 |
glsamaker-http-1 | [SQL: INSERT INTO bug (bug_id) VALUES (%(bug_id)s)]
glsamaker-http-1 | [parameters: {'bug_id': '713098'}]
glsamaker-http-1 | (Background on this error at: https://sqlalche.me/e/20/gkpj)
Interestingly, this seems to trigger when creating Affected rows,
which shouldn't touch the bugs table:
glsamaker-http-1 | File "/usr/local/lib/python3.11/site-packages/glsamaker/views.py", line 205, in edit_glsa
glsamaker-http-1 | glsa.affected = parse_atoms(request, "unaffected") + parse_atoms(
glsamaker-http-1 | ^^^^^^^^^^^^
glsamaker-http-1 | File "/usr/local/lib/python3.11/site-packages/glsamaker/views.py", line 166, in parse_atoms
glsamaker-http-1 | ret.append(atom_to_affected(pkg, arch, range_type))
glsamaker-http-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
glsamaker-http-1 | File "/usr/local/lib/python3.11/site-packages/glsamaker/views.py", line 151, in atom_to_affected
glsamaker-http-1 | return Affected(pn, version, pkg_range, arch, slot, range_type)
glsamaker-http-1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
| |
And add a trivial test.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
| |
This includes a bit of refactoring of autoglsa.get_max_versions to
allow for easy recovery when parsing of a particular bug fails. Bugs
which fail the "autoglsa" process will be returned as a list of
exceptions for the caller to handle as necessary. Currently, this
means spitting out an error message on the edit_glsa page.
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
|
|
| |
Mystery finally solved...
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
| |
|
|
| |
Signed-off-by: John Helmert III <ajak@gentoo.org>
|
John Helmert III
GitWeb