|
14565.2.8
by Curtis Hovey
Moved test data to lp.bugs. |
1 |
CVE IMPORT PROCESS |
2 |
================== |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
3 |
|
4 |
Launchpad has a cronscript (in "cronscripts/update-cve.py") that will fetch |
|
5 |
the latest CVE database, in XML format, from the web, and then ensure that |
|
6 |
the CVE data in it is correctly reflected in the local Launchpad database. |
|
7 |
It takes care to reflect the correct description, status (Entry, Candidate, |
|
8 |
or Deprecated), as well as all the References for that CVE entry. |
|
9 |
||
10 |
This documentation test will describe and test the behaviour of this |
|
11 |
infrastructure. Note that it assumes that the XML format is not changing, |
|
12 |
and it does not attempt to connect to the outside world to verify that is |
|
13 |
the case. |
|
14 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
15 |
>>> import subprocess, os.path, sys |
16 |
>>> import transaction |
|
|
14605.1.1
by Curtis Hovey
Moved canonical.config to lp.services. |
17 |
>>> from lp.services.config import config |
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
18 |
|
19 |
OK. So now lets import the first XML database. First, lets se how many CVE |
|
20 |
entries are in the database. |
|
21 |
||
|
11626.3.12
by Curtis Hovey
Cross fingers and toes and hope for the best--remove all glob imports of bugs from |
22 |
>>> from lp.bugs.model.cve import Cve |
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
23 |
>>> print Cve.select().count() |
24 |
10 |
|
|
1681.1.139
by Stuart Bishop
Refactor update-cve.py tests |
25 |
|
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
26 |
>>> script = os.path.join(config.root, 'cronscripts', 'update-cve.py') |
27 |
>>> url_base = os.path.join( |
|
|
14565.2.8
by Curtis Hovey
Moved test data to lp.bugs. |
28 |
... config.root, 'lib', 'lp', 'bugs', 'tests', 'data' |
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
29 |
... ) |
|
1681.1.139
by Stuart Bishop
Refactor update-cve.py tests |
30 |
|
31 |
Now run the cronscript. |
|
32 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
33 |
>>> url = 'file://%s' % os.path.join(url_base, 'cvedb_init.xml.gz') |
34 |
>>> process = subprocess.Popen( |
|
35 |
... [sys.executable, script, '-u', url], stdin=subprocess.PIPE, |
|
36 |
... stdout=subprocess.PIPE, stderr=subprocess.STDOUT, |
|
37 |
... ) |
|
38 |
>>> (output, empty) = process.communicate() |
|
39 |
>>> print output |
|
|
7675.624.69
by Tim Penhey
More lockfile creation fixes. |
40 |
INFO Creating lockfile: /var/lock/launchpad-updatecve.lock |
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
41 |
... |
42 |
INFO CVE-1999-0002 created |
|
43 |
INFO Creating new SGI reference for 1999-0002 |
|
44 |
INFO Creating new BID reference for 1999-0002 |
|
45 |
INFO Creating new XF reference for 1999-0002 |
|
46 |
INFO CVE-1999-0003 created |
|
47 |
INFO Creating new CERT reference for 1999-0003 |
|
48 |
INFO Creating new SGI reference for 1999-0003 |
|
49 |
INFO Creating new XF reference for 1999-0003 |
|
50 |
INFO Creating new XF reference for 1999-0003 |
|
51 |
INFO CVE-1999-0005 created |
|
52 |
INFO Creating new CERT reference for 1999-0005 |
|
53 |
INFO Creating new BID reference for 1999-0005 |
|
54 |
INFO CVE-1999-0007 created |
|
55 |
INFO Creating new CERT reference for 1999-0007 |
|
56 |
INFO Creating new XF reference for 1999-0007 |
|
57 |
INFO CVE-2005-2761 created |
|
58 |
INFO Creating new MISC reference for 2005-2761 |
|
59 |
INFO Creating new DEBIAN reference for 2005-2761 |
|
60 |
INFO CVE-2005-2762 created |
|
61 |
INFO CVE-2005-2763 created |
|
62 |
INFO CVE-2005-2764 created |
|
63 |
... |
|
64 |
<BLANKLINE> |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
65 |
|
66 |
And lets make sure we got the right number of CVE entries. |
|
67 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
68 |
>>> transaction.commit() |
69 |
>>> print Cve.select().count() |
|
70 |
18 |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
71 |
|
72 |
We will make a note of the CVE modification time of 1999-0002. When we |
|
73 |
update it later, we can use this modification time to check that its |
|
74 |
modification time is being updated correctly. |
|
75 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
76 |
>>> c = Cve.bySequence('2005-2734')
|
77 |
>>> mod_time = c.datemodified |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
78 |
|
79 |
And while we are here, make a note of the number of references for that CVE |
|
80 |
entry. |
|
81 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
82 |
>>> print c.references.count() |
83 |
6 |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
84 |
|
85 |
Now, let's run an import of the update db. |
|
86 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
87 |
>>> url = 'file://%s' % os.path.join(url_base, 'cvedb_update.xml.gz') |
88 |
>>> process = subprocess.Popen( |
|
89 |
... [sys.executable, script, '-u', url], stdin=subprocess.PIPE, |
|
90 |
... stdout=subprocess.PIPE, stderr=subprocess.STDOUT, |
|
91 |
... ) |
|
92 |
>>> (output, empty) = process.communicate() |
|
93 |
>>> print output |
|
|
7675.624.69
by Tim Penhey
More lockfile creation fixes. |
94 |
INFO Creating lockfile: /var/lock/launchpad-updatecve.lock |
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
95 |
... |
96 |
INFO Creating new CERT reference for 1999-0002 |
|
97 |
INFO Creating new CIAC reference for 1999-0002 |
|
98 |
INFO Creating new NAI reference for 1999-0003 |
|
99 |
INFO Creating new SGI reference for 1999-0003 |
|
100 |
INFO Creating new BID reference for 1999-0003 |
|
101 |
INFO Creating new SUN reference for 1999-0005 |
|
102 |
INFO Creating new XF reference for 1999-0005 |
|
103 |
INFO CVE-1999-0006 created |
|
104 |
INFO Creating new CERT reference for 1999-0006 |
|
105 |
INFO Creating new SGI reference for 1999-0006 |
|
106 |
INFO Creating new AUSCERT reference for 1999-0006 |
|
107 |
INFO Creating new XF reference for 1999-0006 |
|
108 |
INFO Creating new BID reference for 1999-0006 |
|
109 |
INFO CVE-1999-0007 updated description |
|
110 |
INFO Creating new SECUNIA reference for 2005-2761 |
|
111 |
INFO CVE-2005-2734 updated description |
|
112 |
INFO Removing BID reference for 2005-2734 |
|
113 |
INFO Removing BUGTRAQ reference for 2005-2734 |
|
114 |
INFO Removing CONFIRM reference for 2005-2734 |
|
115 |
INFO Removing SECTRACK reference for 2005-2734 |
|
116 |
INFO Removing SECUNIA reference for 2005-2734 |
|
117 |
INFO Removing XF reference for 2005-2734 |
|
118 |
INFO CVE-2005-2764 updated description |
|
119 |
INFO CVE-2005-2765 created |
|
120 |
INFO Creating new MSKB reference for 2005-2765 |
|
121 |
INFO CVE-2005-2766 created |
|
122 |
INFO Creating new BUGTRAQ reference for 2005-2766 |
|
123 |
... |
|
124 |
<BLANKLINE> |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
125 |
|
126 |
Let's make sure we got the new CVE's. |
|
127 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
128 |
>>> transaction.commit() |
129 |
>>> print Cve.select().count() |
|
130 |
21 |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
131 |
|
132 |
And lets make sure the modification time of 2005-2734 was updated, as were |
|
133 |
the number of comments. |
|
134 |
||
|
7037.1.1
by Bjorn Tillenius
reformat doctest, make it run in zopeless mode. |
135 |
>>> c.sync() |
136 |
>>> print mod_time < c.datemodified |
|
137 |
True |
|
138 |
>>> print c.references.count() |
|
139 |
0 |
|
|
7037.1.2
by Bjorn Tillenius
move CVEUpdater to scripts, so that it can be tested. |
140 |
|
|
14565.2.8
by Curtis Hovey
Moved test data to lp.bugs. |
141 |
|
142 |
Script class |
|
143 |
------------ |
|
|
7037.1.2
by Bjorn Tillenius
move CVEUpdater to scripts, so that it can be tested. |
144 |
|
|
7037.1.3
by Bjorn Tillenius
fix typo. |
145 |
The class the cronscript uses to do its work is CVEUpdater. |
|
7037.1.2
by Bjorn Tillenius
move CVEUpdater to scripts, so that it can be tested. |
146 |
|
|
8523.3.1
by Gavin Panella
Bugs tree reorg after automated migration. |
147 |
>>> from lp.bugs.scripts.cveimport import CVEUpdater |
|
7037.1.4
by Bjorn Tillenius
raise an error, if no CVEs can be found. |
148 |
|
149 |
The method that does all the processing of the CVE XML is |
|
150 |
processCVEXML(). It accepts that XML as a string. If no CVEs are found |
|
151 |
in the XML, a LaunchpadScriptFailure is raised. This helps us catch |
|
152 |
issues that causes no CVEs to be processed, for example if the XML |
|
153 |
schema is changed. |
|
154 |
||
|
7019.1.6
by Stuart Bishop
Tests need to override the sys.argv command line |
155 |
>>> cve_updater = CVEUpdater('cve-updater', test_args=[])
|
|
7037.1.4
by Bjorn Tillenius
raise an error, if no CVEs can be found. |
156 |
>>> cve_updater.processCVEXML('<some-xml />')
|
157 |
Traceback (most recent call last): |
|
158 |
... |
|
159 |
LaunchpadScriptFailure: No CVEs found in XML file. |