diff --git a/test/test_group.py b/test/test_group.py index f1c2357f..1f5290db 100644 --- a/test/test_group.py +++ b/test/test_group.py @@ -248,6 +248,69 @@ def test_add_group_with_dot_in_pkgrel(db, client): set_and_assert_group_data(db, client, url_for('tracker.add_group'), affected='1.2-3.4') +@create_package(name='foo', version='1.2.3-4') +@create_package(name='lib32-foo', version='1.2.3-4') +@logged_in +def test_add_group_missing_foo(db, client): + pkgnames = ['lib32-foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for foo' in resp.data.decode() + + +@create_package(name='foo', version='1.2.3-4') +@create_package(name='lib32-foo', version='1.2.3-4') +@logged_in +def test_add_group_missing_lib32(db, client): + pkgnames = ['foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for lib32-foo' in resp.data.decode() + + +@create_package(name='foo', version='1.2.3-4') +@create_package(name='lib32-foo', version='1.2.3-4') +@logged_in +def test_add_group_missing_lib32_included(db, client): + pkgnames = ['foo', 'lib32-foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for lib32-foo' not in resp.data.decode() + + +@create_package(name='foo', version='1.2.3-4') +@logged_in +def test_add_group_missing_lib32_invalid(db, client): + pkgnames = ['foo'] + issues = ['CVE-1234-1234', 'CVE-2222-2222'] + data = default_group_dict(dict( + cve='\n'.join(issues), + pkgnames='\n'.join(pkgnames), + )) + + resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data) + assert 200 == resp.status_code + assert 'Missing AVG for lib32-foo' not in resp.data.decode() + + @create_package(name='foo') @logged_in def test_dont_add_group_with_dot_at_beginning_of_pkgrel(db, client): diff --git a/tracker/view/add.py b/tracker/view/add.py index 499992b2..9add0561 100644 --- a/tracker/view/add.py +++ b/tracker/view/add.py @@ -10,6 +10,7 @@ from tracker.model import CVEGroup from tracker.model import CVEGroupEntry from tracker.model import CVEGroupPackage +from tracker.model import Package from tracker.model.enum import Affected from tracker.model.enum import Remote from tracker.model.enum import Severity @@ -199,4 +200,26 @@ def add_group(): db.session.commit() flash('Added {}'.format(group.name)) + + missing_variants(pkgnames, group) + return redirect('/{}'.format(group.name)) + + +def missing_variants(pkgnames, group, variants=['lib32']): + testpkgs = [] + for pkgname in pkgnames: + for variant in variants: + if variant in pkgname: + pkg = pkgname.replace(f'{variant}-', '') + if pkg not in pkgnames: + testpkgs.append(pkg) + else: + pkg = f'{variant}-{pkgname}' + if pkg not in pkgnames: + testpkgs.append(pkg) + + package_data = Package.query.filter(Package.name.in_(testpkgs)).all() + for pkg in package_data: + if pkg not in group.packages: + flash('Missing AVG for {}'.format(pkg.name))