Send weekly list with security bugs that need to be un-hidden

auto_nag/scripts/configs/tools.json

@@ -440,6 +440,10 @@
     ],
     "additional_receivers": ["fbraun@mozilla.com", "tritter@mozilla.com"]
   },
+  "security_unhide_dups": {
+    "must_run": ["Mon"],
+    "additional_receivers": ["dveditz@mozilla.com"]
+  },
   "close_intermittents": {
     "sec": false
   },

auto_nag/scripts/security_unhide_dups.py

@@ -0,0 +1,75 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+
+from libmozdata.bugzilla import Bugzilla
+
+from auto_nag import utils
+from auto_nag.bzcleaner import BzCleaner
+
+
+class SecurityUnhideDups(BzCleaner):
+    """Security bugs that could be un-hidden"""
+
+    def description(self):
+        return "Security bugs that are marked as duplicates of already-open bugs"
+
+    def filter_no_nag_keyword(self):
+        return False
+
+    def get_summary(self, bug):
+        # This will prevent hiding the summary
+        return bug["summary"]
+
+    def handle_bug(self, bug, data):
+        bugid = str(bug["id"])
+        data[bugid] = bug
+
+        return bug
+
+    def get_bz_params(self, date):
+        params = {
+            "include_fields": ["dupe_of"],
+            "resolution": "DUPLICATE",
+            "f1": "bug_group",
+            "o1": "equals",
+            "v1": "core-security",
+        }
+
+        return params
+
+    def get_bugs(self, date="today", bug_ids=[], chunk_size=None):
+        bugs = super().get_bugs(date, bug_ids, chunk_size)
+
+        # Filter out bugs that are not marked as duplicates of open security bugs
+        bugs_to_query = {bug["dupe_of"] for bug in bugs.values()}
+        public_sec_bugs = set()
+
+        def bug_handler(bug):
+            bugs_to_query.remove(bug["id"])
+            if (
+                bug["resolution"] in ("FIXED", "DUPLICATE")
+                and "core-security" not in bug["groups"]
+                and any(keyword.startswith("sec-") for keyword in bug["keywords"])
+            ):
+                public_sec_bugs.add(bug["id"])
+
+        Bugzilla(
+            bugs_to_query,
+            include_fields=["id", "resolution", "keywords", "groups"],
+            bughandler=bug_handler,
+        ).wait()
+
+        bugs = {
+            bug_id: bug
+            for bug_id, bug in bugs.items()
+            if bug["dupe_of"] in public_sec_bugs
+        }
+
+        self.query_url = utils.get_bz_search_url({"bug_id": ",".join(bugs.keys())})
+
+        return bugs
+
+
+if __name__ == "__main__":
+    SecurityUnhideDups().run()

runauto_nag_weekdays.sh

@@ -189,6 +189,9 @@ python -m auto_nag.scripts.severity_migration --production
 # Detect bugs with small crash volume
 python -m auto_nag.scripts.crash_small_volume --production
 
+# Send a list with security bugs that could be un-hidden
+python -m auto_nag.scripts.security_unhide_dups --production
+
 # Suggest increasing the severity when duplicate bugs have higher severity
 python -m auto_nag.scripts.severity_higher_dups --production
 

templates/security_unhide_dups.html

@@ -0,0 +1,21 @@
+<p>The following security {{ plural('bug is', data, pword='bugs are') }} marked as duplicates of already-open {{ plural('bug', data) }}:
+    <table {{ table_attrs }}>
+      <thead>
+        <tr>
+          <th>Bug</th><th>Summary</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for i, (bugid, summary) in enumerate(data) -%}
+        <tr {% if i % 2 == 0 %}bgcolor="#E0E0E0"{% endif -%}>
+          <td>
+            <a href="https://bugzilla.mozilla.org/show_bug.cgi?id={{ bugid }}">{{ bugid }}</a>
+          </td>
+          <td>
+            {{ summary | e }}
+          </td>
+        </tr>
+        {% endfor -%}
+      </tbody>
+    </table>
+  </p>