Send weekly list with security bugs that need to be un-hidden (#1856)

bugbot/rules/security_unhide_dups.py

@@ -0,0 +1,74 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+
+from libmozdata.bugzilla import Bugzilla
+
+from bugbot import utils
+from bugbot.bzcleaner import BzCleaner
+
+
+class SecurityUnhideDups(BzCleaner):
+    """Security bugs that could be un-hidden"""
+
+    def description(self):
+        return "Security bugs that are marked as duplicates of already-public bugs"
+
+    def filter_no_nag_keyword(self):
+        return False
+
+    def get_summary(self, bug):
+        # This will prevent the default behavior of hiding the summary of
+        # security bugs.
+        return bug["summary"]
+
+    def handle_bug(self, bug, data):
+        data[str(bug["id"])] = bug
+
+        return bug
+
+    def get_bz_params(self, date):
+        params = {
+            "include_fields": ["dupe_of"],
+            "resolution": "DUPLICATE",
+            "f1": "bug_group",
+            "o1": "substring",
+            "v1": "core-security",
+        }
+
+        return params
+
+    def get_bugs(self, date="today", bug_ids=[], chunk_size=None):
+        bugs = super().get_bugs(date, bug_ids, chunk_size)
+
+        # Filter out bugs that are not marked as duplicates of open security bugs
+        public_sec_bugs = set()
+
+        def bug_handler(bug):
+            if (
+                bug["resolution"] != "---"
+                and not bug["groups"]
+                and any(keyword.startswith("sec-") for keyword in bug["keywords"])
+            ):
+                public_sec_bugs.add(bug["id"])
+
+        bugs_to_query = {bug["dupe_of"] for bug in bugs.values()}
+        Bugzilla(
+            bugs_to_query,
+            include_fields=["id", "resolution", "keywords", "groups"],
+            bughandler=bug_handler,
+        ).wait()
+
+        bugs = {
+            bug_id: bug
+            for bug_id, bug in bugs.items()
+            if bug["dupe_of"] in public_sec_bugs
+        }
+
+        self.query_url = utils.get_bz_search_url({"bug_id": ",".join(bugs.keys())})
+
+        return bugs
+
+
+if __name__ == "__main__":
+    SecurityUnhideDups().run()

configs/rules.json

@@ -440,6 +440,10 @@
     ],
     "additional_receivers": ["fbraun@mozilla.com", "tritter@mozilla.com"]
   },
+  "security_unhide_dups": {
+    "must_run": ["Mon"],
+    "additional_receivers": ["dveditz@mozilla.com", "fbraun@mozilla.com"]
+  },
   "close_intermittents": {
     "must_run": ["Mon", "Wed", "Fri"],
     "sec": false

scripts/cron_run_weekdays.sh

@@ -175,6 +175,9 @@ python -m bugbot.rules.severity_migration --production
 # Detect bugs with small crash volume
 python -m bugbot.rules.crash_small_volume --production
 
+# Send a list with security bugs that could be un-hidden
+python -m bugbot.rules.security_unhide_dups --production
+
 # Suggest increasing the severity when duplicate bugs have higher severity
 python -m bugbot.rules.severity_higher_dups --production
 

templates/security_unhide_dups.html

@@ -0,0 +1,21 @@
+<p>
+    The following security {{ plural('bug is', data, pword='bugs are') }} marked as duplicates of already-public {{ plural('bug', data) }}:
+</p>
+<table {{ table_attrs }}>
+    <thead>
+        <tr>
+            <th>Bug</th>
+            <th>Summary</th>
+        </tr>
+    </thead>
+    <tbody>
+        {% for i, (bugid, summary) in enumerate(data) -%}
+            <tr {% if i % 2 == 0 -%}bgcolor="#E0E0E0"{%- endif %}>
+                <td>
+                    <a href="https://bugzilla.mozilla.org/show_bug.cgi?id={{ bugid }}">{{ bugid }}</a>
+                </td>
+                <td>{{ summary | e }}</td>
+            </tr>
+        {% endfor -%}
+    </tbody>
+</table>