diff options
| author | Dan Fandrich <danf@mageia.org> | 2024-04-15 23:26:06 -0700 |
|---|---|---|
| committer | Dan Fandrich <danf@mageia.org> | 2024-04-16 10:58:32 -0700 |
| commit | 7b864281523a0bf15ecea235f463c27bb77dec53 (patch) | |
| tree | aa9d4435296bc296f306e0b1485f424191b28a56 /lib | |
| parent | 63160c8456f5fc561ce86a373d027d8acd630d4e (diff) | |
| download | mgaadvisories-7b864281523a0bf15ecea235f463c27bb77dec53.tar mgaadvisories-7b864281523a0bf15ecea235f463c27bb77dec53.tar.gz mgaadvisories-7b864281523a0bf15ecea235f463c27bb77dec53.tar.bz2 mgaadvisories-7b864281523a0bf15ecea235f463c27bb77dec53.tar.xz mgaadvisories-7b864281523a0bf15ecea235f463c27bb77dec53.zip | |
Get the last modified date of advisories from SVN
The modification date helps track if an advisory was changed after
initial publication. This is especially important for OSV users who need
the modification date in the vulns.json index to determine whether an
existing advisory was updated so they can download the update. Also,
keep "ref" (pointing to bug number) in all advisories, not just the TODO
ones.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/MGA/Advisories.pm | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/MGA/Advisories.pm b/lib/MGA/Advisories.pm index 1b86049..2506c3c 100644 --- a/lib/MGA/Advisories.pm +++ b/lib/MGA/Advisories.pm @@ -5,6 +5,7 @@ use strict; use YAML qw(LoadFile DumpFile Load); use Template; use DateTime; +use DateTime::Format::ISO8601; use Email::Sender::Simple qw(try_to_sendmail); use Email::Simple; use Email::Simple::Creator; @@ -13,6 +14,8 @@ use LWP::UserAgent; use Parallel::ForkManager; use File::Basename; use XMLRPC::Lite; +use XML::XPath; +use XML::XPath::XMLParser; use Term::ReadKey; #use Data::Dump qw(dd); @@ -169,6 +172,9 @@ sub login_bz { sub get_advisories_from_dir { + # Retrieve last modified dates from SVN + my $modified = get_modified(); + my %advisories; foreach my $advfile (glob "$config->{advisories_dir}/*.adv") { my $adv; @@ -180,9 +186,9 @@ sub get_advisories_from_dir { print $@; next; } + $adv->{ref} = basename($advfile, ".adv"); if (!$adv->{ID}) { next unless $config->{mode} eq 'qa'; - $adv->{ref} = basename($advfile, ".adv"); $adv->{ID} = next_id('TODO', keys %advisories); $adv->{no_save_status} = 1; } @@ -192,6 +198,11 @@ sub get_advisories_from_dir { $advisories{$adv->{ID}} = $adv; my $statusfile = status_file($adv->{ID}); $adv->{status} = -f $statusfile ? LoadFile($statusfile) : {}; + my $fn = $adv->{ref} = basename($advfile); + if (exists $modified->{$fn}) { + # Pull the modified date into the advisory + $adv->{status}{modified} = $modified->{$fn}; + } } return \%advisories; } @@ -619,6 +630,23 @@ sub process_template { } } +# Get the last modified date for each advisory file from SVN +sub get_modified { + my $xml = `svn status -v --xml`; + my $xp = XML::XPath->new(xml => $xml); + my $nodeset = $xp->find('/status/target/entry'); + my %modified; + foreach my $node ($nodeset->get_nodelist) { + my $path = $node->findvalue('@path')->value(); + my $datez = $node->findvalue('wc-status/commit/date')->value(); + if ($path and $datez) { + my $timestamp = DateTime::Format::ISO8601->parse_datetime($datez); + $modified{$path} = $timestamp->epoch; + } + } + return \%modified; +} + # Max 10 processes for processing templates my $pm = Parallel::ForkManager->new(10); $pm->run_on_finish(\¶llel_finish); |