subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1693509 - in /subversion/trunk/tools/dist/security: mailer.py parser.py
Date Thu, 30 Jul 2015 22:24:59 GMT
Author: brane
Date: Thu Jul 30 22:24:59 2015
New Revision: 1693509

URL: http://svn.apache.org/r1693509
Log:
Start writing the PGP/MIME mail generator for security advisories.

* tools/dist/security/mailer.py: New.

* tools/dist/security/parser.py
  (Notification.Metadata): Renamed from Notification.__Metadata.
  (Notification.Metadata.__init__): Correctly convert the culprit(s) to a set.
  (Notification.Metadata.__len__): New.
  (Notification.Metadata.__parse_advisory): Update reference to the Metadata class.

Added:
    subversion/trunk/tools/dist/security/mailer.py   (with props)
Modified:
    subversion/trunk/tools/dist/security/parser.py

Added: subversion/trunk/tools/dist/security/mailer.py
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/security/mailer.py?rev=1693509&view=auto
==============================================================================
--- subversion/trunk/tools/dist/security/mailer.py (added)
+++ subversion/trunk/tools/dist/security/mailer.py Thu Jul 30 22:24:59 2015
@@ -0,0 +1,69 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+"""
+Generator of signed advisory mails
+"""
+
+from __future__ import absolute_import
+
+
+class Mailer(object):
+    """
+    Constructs signed PGP/MIME advisory mails.
+    """
+
+    def __init__(self, notification):
+        assert len(notification) > 0
+        self.__notification = notification
+
+    def __subject(self):
+        """
+        Construct a subject line for the notification mail.
+        """
+
+        template = ('Confidential pre-notification of'
+                    ' {multiple}Subversion {culprit}{vulnerability}')
+
+        # Construct the {culprit} replacement value. If all advisories
+        # are either about the server or the client, use the
+        # appropriate value; for mixed server/client advisories, use
+        # an empty string.
+        culprit = set()
+        for advisory in self.__notification:
+            culprit |= advisory.culprit
+        assert len(culprit) > 0
+        if len(culprit) > 1:
+            culprit = ''
+        elif self.__notification.Metadata.CULPRIT_CLIENT in culprit:
+            culprit = 'client '
+        elif self.__notification.Metadata.CULPRIT_SERVER in culprit:
+            culprit = 'server '
+        else:
+            raise ValueError('Unknown culprit ' + repr(culprit))
+
+        # Construct the format parameters
+        if len(self.__notification) > 1:
+            kwargs = dict(multiple='multiple ', culprit=culprit,
+                          vulnerability='vulnerabilities')
+        else:
+            kwargs = dict(multiple='', culprit=culprit,
+                          vulnerability='vulnerability')
+
+        return template.format(**kwargs)

Propchange: subversion/trunk/tools/dist/security/mailer.py
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: subversion/trunk/tools/dist/security/parser.py
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/security/parser.py?rev=1693509&r1=1693508&r2=1693509&view=diff
==============================================================================
--- subversion/trunk/tools/dist/security/parser.py (original)
+++ subversion/trunk/tools/dist/security/parser.py Thu Jul 30 22:24:59 2015
@@ -35,7 +35,7 @@ class Notification(object):
     The complete security notification, containing multiple advisories.
     """
 
-    class __Metadata(object):
+    class Metadata(object):
         """
         The metadata for one advisory, with the following fields:
             tracking_id - the CVE/CAN number
@@ -58,9 +58,12 @@ class Notification(object):
             if culprit not in self.__culprits:
                 raise ValueError('Culprit should be one of: '
                                  + ', '.join(repr(x) for x in self.__culprits))
+            if not isinstance(culprit, tuple):
+                culprit = (culprit,)
+
             self.tracking_id = tracking_id
             self.title = title
-            self.culprit = frozenset(tuple(culprit))
+            self.culprit = frozenset(culprit)
             self.advisory = Advisory(os.path.join(basedir, advisory))
             self.patches = []
             for base_version, patchfile in patches.items():
@@ -84,16 +87,19 @@ class Notification(object):
     def __iter__(self):
         return self.__advisories.__iter__()
 
+    def __len__(self):
+        return len(self.__advisories)
+
     def __parse_advisory(self, rootdir, tracking_id):
         basedir = os.path.join(rootdir, tracking_id)
         with open(os.path.join(basedir, 'metadata'), 'rt') as md:
             metadata = ast.literal_eval(md.read())
 
-        return self.__Metadata(basedir, tracking_id,
-                               metadata['title'],
-                               metadata['culprit'],
-                               metadata['advisory'],
-                               metadata['patches'])
+        return self.Metadata(basedir, tracking_id,
+                             metadata['title'],
+                             metadata['culprit'],
+                             metadata['advisory'],
+                             metadata['patches'])
 
 
 class __Part(object):



Mime
View raw message