1. Patchew
  2. Libvirt
  3. [libvirt] [security-notice PATCH 0/9] various improvements to script for finding broken/fixed branches/tags
  4. View patch

[libvirt] [security-notice PATCH 1/9] scripts: change data structures used to track branches & tags

Daniel P. Berrangé posted 9 patches 6 years, 9 months ago
[libvirt] [security-notice PATCH 1/9] scripts: change data structures used to track branches & tags
Posted by Daniel P. Berrangé 6 years, 9 months ago 
We need to track more info against each branch, so use a more
advanced data structure.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 scripts/report-vulnerable-tags.pl | 53 ++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 15 deletions(-)

diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl
index 0b6ea6f..14d31c0 100644
--- a/scripts/report-vulnerable-tags.pl
+++ b/scripts/report-vulnerable-tags.pl
@@ -11,6 +11,15 @@ if (int(@ARGV) != 1) {
 
 my $changeset = shift @ARGV;
 
+# branch name to hash with keys
+#   - brokenchanges -> list of commit ids
+#   - brokentags -> hash of tag names to '1'
+my %branches;
+
+# tag name to '0' (fixed) or '1' (broken)
+my %tags;
+
+
 sub get_tags {
     my @args = @_;
 
@@ -53,17 +62,31 @@ sub get_branch {
     return @branches;
 }
 
-my @branches;
-my %tags;
-my %branches;
+sub add_branch {
+    my $name = shift @_;
+
+    return if exists $branches{$name};
+
+    $branches{$name} = {
+       "brokenchanges" => [$changeset],
+       "brokentags" => {},
+    };
+}
+
+sub add_broken_tag {
+    my $branch = shift @_;
+    my $tag = shift @_;
+
+    $tags{$tag} = 1;
+    $branches{$branch}->{"brokentags"}->{$tag} = 1;
+}
+
+add_branch("master");
 
-$branches{"master"} = [];
 # Most tags live on master so lets get them first
 for my $tag (get_tags("--contains", $changeset, "--merged", "master")) {
-    push @{$branches{"master"}}, $tag;
-    $tags{$tag} = 1;
+    add_broken_tag("master", $tag);
 }
-push @branches, "master";
 
 # Now we need slower work to find branches for
 # few remaining tags
@@ -84,22 +107,22 @@ for my $tag (get_tags("--contains", $changeset)) {
     if (int(@tagbranches) > 1) {
         print "Tag $tag appears in multiple branches\n";
     }
+    my $branch = $tagbranches[0];
 
-    unless (exists($branches{$tagbranches[0]})) {
-        $branches{$tagbranches[0]} = [];
-        push @branches, $tagbranches[0];
-    }
-    push @{$branches{$tagbranches[0]}}, $tag;
+    add_branch($branch);
+    add_broken_tag($branch, $tag);
 }
 
 
-foreach my $branch (sort versioncmp @branches) {
+foreach my $branch (sort versioncmp keys %branches) {
     print "    <branch>\n";
     print "      <name>$branch</name>\n";
-    foreach my $tag (sort versioncmp @{$branches{$branch}}) {
+    foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokentags"}}) {
         print "      <tag state=\"vulnerable\">$tag</tag>\n";
     }
-    print "      <change state=\"vulnerable\">$changeset</change>\n";
+    foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) {
+	print "      <change state=\"vulnerable\">$commit</change>\n";
+    }
 
     if ($branch eq "master") {
 	print "      <change state=\"fixed\"></change>\n";
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [security-notice PATCH 1/9] scripts: change data structures used to track branches & tags
Posted by Ján Tomko 6 years, 7 months ago 
On Mon, May 13, 2019 at 12:51:58PM +0100, Daniel P. Berrangé wrote:
>We need to track more info against each branch, so use a more
>advanced data structure.
>
>Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>---
> scripts/report-vulnerable-tags.pl | 53 ++++++++++++++++++++++---------
> 1 file changed, 38 insertions(+), 15 deletions(-)
>
>diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl
>index 0b6ea6f..14d31c0 100644
>--- a/scripts/report-vulnerable-tags.pl
>+++ b/scripts/report-vulnerable-tags.pl

[...]

> }
>
>
>-foreach my $branch (sort versioncmp @branches) {
>+foreach my $branch (sort versioncmp keys %branches) {
>     print "    <branch>\n";
>     print "      <name>$branch</name>\n";
>-    foreach my $tag (sort versioncmp @{$branches{$branch}}) {
>+    foreach my $tag (sort versioncmp keys %{$branches{$branch}->{"brokentags"}}) {
>         print "      <tag state=\"vulnerable\">$tag</tag>\n";
>     }
>-    print "      <change state=\"vulnerable\">$changeset</change>\n";
>+    foreach my $commit (@{$branches{$branch}->{"brokenchanges"}}) {
>+	print "      <change state=\"vulnerable\">$commit</change>\n";

  ^ TAB

>+    }
>
>     if ($branch eq "master") {
> 	print "      <change state=\"fixed\"></change>\n";

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.