From d2644a17084465f38546ec810e478a3d08704c0c Mon Sep 17 00:00:00 2001 From: Jelle van der Waa Date: Mon, 11 Jun 2018 21:55:47 +0200 Subject: [PATCH] Warn if lib32- variant is missing when adding a group When adding a new group, warn if the lib32 variant does not exists via a flashcard. Closes: #120 --- test/test_group.py | 31 +++++++++++++++++++++++++++++++ tracker/view/add.py | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/test/test_group.py b/test/test_group.py index f1c2357f..9846d051 100644 --- a/test/test_group.py +++ b/test/test_group.py @@ -248,6 +248,37 @@ def test_add_group_with_dot_in_pkgrel(db, client): set_and_assert_group_data(db, client, url_for('tracker.add_group'), affected='1.2-3.4') +@create_package(name='foo', version='1.2.3-4') +@create_package(name='lib32-foo', version='1.2.3-4') +@logged_in +def test_add_group_mising_lib32(db, client): + pkgnames = ['foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for lib32-foo' in resp.data.decode() + + +@create_package(name='foo', version='1.2.3-4') +@logged_in +def test_add_group_mising_lib32_invalid(db, client): + pkgnames = ['foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for lib32-foo' not in resp.data.decode() + + @create_package(name='foo') @logged_in def test_dont_add_group_with_dot_at_beginning_of_pkgrel(db, client): diff --git a/tracker/view/add.py b/tracker/view/add.py index 499992b2..d53dd3bd 100644 --- a/tracker/view/add.py +++ b/tracker/view/add.py @@ -10,6 +10,7 @@ from tracker.model import CVEGroup from tracker.model import CVEGroupEntry from tracker.model import CVEGroupPackage +from tracker.model import Package from tracker.model.enum import Affected from tracker.model.enum import Remote from tracker.model.enum import Severity @@ -199,4 +200,21 @@ def add_group(): db.session.commit() flash('Added {}'.format(group.name)) + missing_lib32_variant(pkgnames, group) + return redirect('/{}'.format(group.name)) + + +def missing_lib32_variant(pkgnames, group): + for pkgname in pkgnames: + if 'lib32' in pkgname: + continue + + lib32pkg = f'lib32-{pkgname}' + if not Package.query.filter(Package.name == lib32pkg).first(): + continue + + if CVEGroupPackage.query.filter(CVEGroupPackage.pkgname == lib32pkg, CVEGroupPackage.group == group).first(): + continue + + flash('Missing AVG for {}'.format(lib32pkg))