From 0532ce530ae234daefb31b1cf2a2041fbf2beb86 Mon Sep 17 00:00:00 2001 From: Gerrit User 28739 <28739@4a232e18-c5a9-48ee-94c0-e04e7cca6543> Date: Mon, 22 Apr 2024 13:39:43 +0000 Subject: [PATCH] Update patch set 2 Patch Set 2: Code-Review+1 (2 comments) Patch-set: 2 Reviewer: Gerrit User 28739 <28739@4a232e18-c5a9-48ee-94c0-e04e7cca6543> Label: Code-Review=+1, ca2e180b9d798f00fa3ec473cbbde12306142c2a Attention: {"person_ident":"Gerrit User 32753 \u003c32753@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"ADD","reason":"\u003cGERRIT_ACCOUNT_28739\u003e replied on the change"} Attention: {"person_ident":"Gerrit User 28739 \u003c28739@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_28739\u003e replied on the change"} --- 13039cef23df11684a4042049d5e2c90ab85bac5 | 24 +++++++++++++++++++++ d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160 | 27 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160 diff --git a/13039cef23df11684a4042049d5e2c90ab85bac5 b/13039cef23df11684a4042049d5e2c90ab85bac5 index c2dfd759..7f8fccd4 100644 --- a/13039cef23df11684a4042049d5e2c90ab85bac5 +++ b/13039cef23df11684a4042049d5e2c90ab85bac5 @@ -140,6 +140,30 @@ }, "revId": "13039cef23df11684a4042049d5e2c90ab85bac5", "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543" + }, + { + "unresolved": true, + "key": { + "uuid": "ecdc1b3c_0923db81", + "filename": "cve_support/lp.py", + "patchSetId": 1 + }, + "lineNbr": 71, + "author": { + "id": 28739 + }, + "writtenOn": "2024-04-22T13:39:43Z", + "side": 1, + "message": "Using the full URL is an improvement, in so far as it is less likely to be present in a bug description. If you can influence the authors of the bug reports, then please feel free to make that assertion.\n\nI looked at an example from the recent Starlingx report. This format is what I see in bug https://bugs.launchpad.net/starlingx/+bug/2058868:\n\n CVE-2022-2127: https://nvd.nist.gov/vuln/detail/CVE-2022-2127\n CVE-2022-3437: https://nvd.nist.gov/vuln/detail/CVE-2022-3437\n CVE-2023-4091: https://nvd.nist.gov/vuln/detail/CVE-2023-4091\n CVE-2023-34966: https://nvd.nist.gov/vuln/detail/CVE-2023-34966\n CVE-2023-34967: https://nvd.nist.gov/vuln/detail/CVE-2023-34967\n CVE-2023-34968: https://nvd.nist.gov/vuln/detail/CVE-2023-34968\n\nIf you can assert with the security team members that this format will be used as deliberate CVE reference to be recognized by this reporting script, then this script can search for the specific format.\n\n pattern \u003d cve_id + \": \" + path.join(NVD_URL, cve_id)", + "parentUuid": "d84687fd_c10f0e99", + "range": { + "startLine": 70, + "startChar": 0, + "endLine": 71, + "endChar": 22 + }, + "revId": "13039cef23df11684a4042049d5e2c90ab85bac5", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543" } ] } \ No newline at end of file diff --git a/d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160 b/d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160 new file mode 100644 index 00000000..a9c82c21 --- /dev/null +++ b/d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160 @@ -0,0 +1,27 @@ +{ + "comments": [ + { + "unresolved": true, + "key": { + "uuid": "bc49a107_fb986898", + "filename": "cve_support/cve_policy_filter.py", + "patchSetId": 2 + }, + "lineNbr": 15, + "author": { + "id": 28739 + }, + "writtenOn": "2024-04-22T13:39:43Z", + "side": 1, + "message": "I was reviewing the launchpad API for bug example https://bugs.launchpad.net/starlingx/+bug/2058868\n\nThere\u0027s a cves_collection_link\n\n \u003e\u003e\u003e print(bug)\n https://api.launchpad.net/devel/bugs/1910130\n \u003e\u003e\u003e print(bug.cves_collection_link)\n \u0027https://api.launchpad.net/devel/bugs/1910130/cves\u0027\n\n\nBut I can\u0027t figure out how get at it. Maybe bug 2058868 is a bad example(?)\n\n {\"start\": 0, \"total_size\": 6, \"entries\": [], \"resource_type_link\" : \"https://api.launchpad.net/devel/#cve-page-resource\"}", + "range": { + "startLine": 15, + "startChar": 0, + "endLine": 15, + "endChar": 31 + }, + "revId": "d9c10bd47ca89e86d1f4d2c16dd2b257cbc1e160", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543" + } + ] +} \ No newline at end of file