def show_cve(cve, path=None):
data = get_cve_data(cve)
if not data:
return not_found()
packages = list(
set(
sorted([
item for sublist in data['group_packages'].values()
for item in sublist
])))
title = '{} - {}'.format(data['issue'].id, ' '.join(packages)) \
if len(packages) else \
'{}'.format(data['issue'].id)
advisories = data['advisories']
if not current_user.role.is_reporter:
advisories = list(
filter(
lambda advisory: advisory.publication == Publication.published,
advisories))
return render_template('cve.html',
title=title,
issue=data['issue'],
groups=data['groups'],
group_packages=data['group_packages'],
advisories=advisories,
can_edit=user_can_edit_issue(advisories),
can_delete=user_can_delete_issue(advisories))
def delete_issue(issue):
entries = (db.session.query(CVE, CVEGroup, CVEGroupPackage, Advisory)
.filter(CVE.id == issue)
.outerjoin(CVEGroupEntry).outerjoin(CVEGroup).outerjoin(CVEGroupPackage)
.outerjoin(Advisory, Advisory.group_package_id == CVEGroupPackage.id)
.order_by(CVEGroup.created.desc()).order_by(CVEGroupPackage.pkgname)).all()
if not entries:
return not_found()
issue = entries[0][0]
advisories = set()
groups = set()
group_packages = defaultdict(set)
for cve, group, pkg, advisory in entries:
if group:
groups.add(group)
group_packages[group].add(pkg.pkgname)
if advisory:
advisories.add(advisory)
if not user_can_delete_issue(advisories):
return forbidden()
group_ids = [group.id for group in groups]
group_entries = (db.session.query(CVEGroup, CVE)
.join(CVEGroupEntry).join(CVE)
.order_by(CVE.id.desc()))
if group_ids:
group_entries = group_entries.filter(CVEGroup.id.in_(group_ids))
group_entries = group_entries.all()
group_issues = defaultdict(set)
for group, cve in group_entries:
group_issues[group].add(cve)
groups = sorted(groups, key=lambda item: item.created, reverse=True)
groups = sorted(groups, key=lambda item: item.status)
group_packages = dict(map(lambda item: (item[0], sorted(item[1])), group_packages.items()))
form = ConfirmForm()
title = 'Delete {}'.format(issue)
if not form.validate_on_submit():
return render_template('form/delete_cve.html',
title=title,
heading=title,
form=form,
issue=issue,
groups=groups,
group_packages=group_packages,
group_issues=group_issues)
if not form.confirm.data:
return redirect('/{}'.format(issue))
# delete groups that only contain this issue
for group, issues in group_issues.items():
if 0 == len(list(filter(lambda e: e.id != issue.id, issues))):
flash('Deleted {}'.format(group))
db.session.delete(group)
db.session.delete(issue)
db.session.commit()
flash('Deleted {}'.format(issue))
return redirect('/')