def show_advisory(advisory_id, raw=False): entries = (db.session.query( Advisory, CVEGroup, CVEGroupPackage, CVE).filter(Advisory.id == advisory_id).join(CVEGroupPackage).join( CVEGroup).join(CVEGroupEntry).join(CVE).order_by(CVE.id)).all() if not entries: return not_found() advisory = entries[0][0] group = entries[0][1] package = entries[0][2] issues = [issue for (advisory, group, package, issue) in entries] if not advisory.content: if raw: return redirect('/{}/generate/raw'.format(advisory_id)) return redirect('/{}/generate'.format(advisory_id)) if raw: return advisory.content asa = advisory_extend_html(advisory.content, issues, package) return render_html_advisory(advisory=advisory, package=package, group=group, raw_asa=asa, generated=False)
def show_generated_advisory(advisory_id, raw=False): entries = (db.session.query(Advisory, CVEGroup, CVEGroupPackage, CVE) .filter(Advisory.id == advisory_id) .join(CVEGroupPackage).join(CVEGroup).join(CVEGroupEntry).join(CVE) .order_by(CVE.id) ).all() if not entries: return not_found() advisory = entries[0][0] group = entries[0][1] package = entries[0][2] issues = [issue for (advisory, group, package, issue) in entries] severity_sorted_issues = sorted(issues, key=lambda issue: issue.issue_type) severity_sorted_issues = sorted(severity_sorted_issues, key=lambda issue: issue.severity) remote = any([issue.remote is Remote.remote for issue in issues]) issues_listing_formatted = (('\n{}'.format(' ' * len('CVE-ID : '))) .join(list(map(' '.join, chunks([issue.id for issue in issues], 4))))) link = TRACKER_ADVISORY_URL.format(advisory.id, group.id) upstream_released = group.affected.split('-')[0].split('+')[0] != group.fixed.split('-')[0].split('+')[0] upstream_version = group.fixed.split('-')[0].split('+')[0] if ':' in upstream_version: upstream_version = upstream_version[upstream_version.index(':') + 1:] unique_issue_types = [] for issue in severity_sorted_issues: if issue.issue_type not in unique_issue_types: unique_issue_types.append(issue.issue_type) references = [] if group.bug_ticket: references.append(TRACKER_BUGTRACKER_URL.format(group.bug_ticket)) references.extend([ref for ref in multiline_to_list(group.reference) if ref not in references]) list(map(lambda issue: references.extend( [ref for ref in multiline_to_list(issue.reference) if ref not in references]), issues)) raw_asa = render_template('advisory.txt', advisory=advisory, group=group, package=package, issues=issues, remote=remote, issues_listing_formatted=issues_listing_formatted, link=link, workaround=advisory.workaround, impact=advisory.impact, upstream_released=upstream_released, upstream_version=upstream_version, unique_issue_types=unique_issue_types, references=references, TRACKER_ISSUE_URL=TRACKER_ISSUE_URL, TRACKER_GROUP_URL=TRACKER_GROUP_URL) if raw: return raw_asa raw_asa = '\n'.join(raw_asa.split('\n')[2:]) raw_asa = str(escape(raw_asa)) raw_asa = advisory_extend_html(raw_asa, issues, package) return render_html_advisory(advisory=advisory, package=package, group=group, raw_asa=raw_asa, generated=True)