Fix bug 1310736: Add ability to have overall description in yml secur…

…ity advisory New key is "description" in the root of the YAML.
mozilla · Oct 17, 2016 · c4f03a0 · c4f03a0
1 parent d6de7cc
commit c4f03a0
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 8 deletions.
diff --git a/bedrock/security/tests/test_utils.py b/bedrock/security/tests/test_utils.py
@@ -4,7 +4,6 @@
 from textwrap import dedent
 from cStringIO import StringIO
 
-import yaml
 from mock import patch, call
 from nose.tools import eq_
 
@@ -13,6 +12,7 @@
     mfsa_id_from_filename,
     parse_bug_url,
     parse_md_front_matter,
+    yaml_ordered_safe_load,
 )
 
 
@@ -71,8 +71,10 @@ def test_parse_bug_url():
 @patch('bedrock.security.utils.render_to_string')
 def test_generate_yml_advisories_html(rts_mock):
     rts_mock.return_value = 'html'
-    data = yaml.safe_load(YML_ADVISORY)
-    generate_yml_advisories_html(data['advisories'])
+    data = yaml_ordered_safe_load(StringIO(YML_ADVISORY))
+    html = generate_yml_advisories_html(data)
+    assert html.startswith('<p>Some <strong>HTML</strong> that relates '
+                           'to the whole lot of em.</p>')
     rts_mock.assert_has_calls([
         call('security/partials/cve.html', {
             'id': 'CVE-2016-2827',
@@ -104,11 +106,12 @@ def test_generate_yml_advisories_html(rts_mock):
     ])
 
 
-YML_ADVISORY = StringIO(dedent("""\
+YML_ADVISORY = dedent("""\
     announced: September 13, 2016
     fixed_in:
       - Firefox 49
     title: Security vulnerabilities fixed in Firefox 49
+    description: Some **HTML** that relates to the whole lot of em.
     advisories:
       CVE-2016-2827:
         title: A sample title for a CVE here
@@ -131,4 +134,4 @@ def test_generate_yml_advisories_html(rts_mock):
         bugs:
           - url: https://example.com/warning.html
             desc: A different site that is totally not bugzilla
-    """))
+    """)
diff --git a/bedrock/security/utils.py b/bedrock/security/utils.py
@@ -72,12 +72,15 @@ def parse_yml_file(file_name):
         if mfsa_id:
             data['mfsa_id'] = mfsa_id
 
-    return data, generate_yml_advisories_html(data['advisories'])
+    return data, generate_yml_advisories_html(data)
 
 
-def generate_yml_advisories_html(advisories):
+def generate_yml_advisories_html(data):
     html = []
-    for cve, advisory in advisories.items():
+    if 'description' in data:
+        html.append(markdown(data['description']))
+
+    for cve, advisory in data['advisories'].iteritems():
         advisory['id'] = cve
         advisory['impact_class'] = advisory['impact'].lower().split(None, 1)[0]
         for bug in advisory['bugs']: