From d71107b9b632dcb6c06a7bc9b10d7d4d44632abe Mon Sep 17 00:00:00 2001 From: Suhaib Mujahid Date: Fri, 27 Jan 2023 23:13:39 -0500 Subject: [PATCH] Send weekly list with security bugs that need to be un-hidden --- bugbot/rules/security_unhide_dups.py | 75 ++++++++++++++++++++++++++++ configs/rules.json | 4 ++ scripts/cron_run_weekdays.sh | 3 ++ templates/security_unhide_dups.html | 21 ++++++++ 4 files changed, 103 insertions(+) create mode 100644 bugbot/rules/security_unhide_dups.py create mode 100644 templates/security_unhide_dups.html diff --git a/bugbot/rules/security_unhide_dups.py b/bugbot/rules/security_unhide_dups.py new file mode 100644 index 000000000..a08654c03 --- /dev/null +++ b/bugbot/rules/security_unhide_dups.py @@ -0,0 +1,75 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +from libmozdata.bugzilla import Bugzilla + +from bugbot import utils +from bugbot.bzcleaner import BzCleaner + + +class SecurityUnhideDups(BzCleaner): + """Security bugs that could be un-hidden""" + + def description(self): + return "Security bugs that are marked as duplicates of already-open bugs" + + def filter_no_nag_keyword(self): + return False + + def get_summary(self, bug): + # This will prevent hiding the summary + return bug["summary"] + + def handle_bug(self, bug, data): + bugid = str(bug["id"]) + data[bugid] = bug + + return bug + + def get_bz_params(self, date): + params = { + "include_fields": ["dupe_of"], + "resolution": "DUPLICATE", + "f1": "bug_group", + "o1": "equals", + "v1": "core-security", + } + + return params + + def get_bugs(self, date="today", bug_ids=[], chunk_size=None): + bugs = super().get_bugs(date, bug_ids, chunk_size) + + # Filter out bugs that are not marked as duplicates of open security bugs + bugs_to_query = {bug["dupe_of"] for bug in bugs.values()} + public_sec_bugs = set() + + def bug_handler(bug): + bugs_to_query.remove(bug["id"]) + if ( + bug["resolution"] in ("FIXED", "DUPLICATE") + and "core-security" not in bug["groups"] + and any(keyword.startswith("sec-") for keyword in bug["keywords"]) + ): + public_sec_bugs.add(bug["id"]) + + Bugzilla( + bugs_to_query, + include_fields=["id", "resolution", "keywords", "groups"], + bughandler=bug_handler, + ).wait() + + bugs = { + bug_id: bug + for bug_id, bug in bugs.items() + if bug["dupe_of"] in public_sec_bugs + } + + self.query_url = utils.get_bz_search_url({"bug_id": ",".join(bugs.keys())}) + + return bugs + + +if __name__ == "__main__": + SecurityUnhideDups().run() diff --git a/configs/rules.json b/configs/rules.json index c74d38695..6311f3ab8 100644 --- a/configs/rules.json +++ b/configs/rules.json @@ -440,6 +440,10 @@ ], "additional_receivers": ["fbraun@mozilla.com", "tritter@mozilla.com"] }, + "security_unhide_dups": { + "must_run": ["Mon"], + "additional_receivers": ["dveditz@mozilla.com"] + }, "close_intermittents": { "must_run": ["Mon", "Wed", "Fri"], "sec": false diff --git a/scripts/cron_run_weekdays.sh b/scripts/cron_run_weekdays.sh index a7e4b6e9d..a88c2fb78 100755 --- a/scripts/cron_run_weekdays.sh +++ b/scripts/cron_run_weekdays.sh @@ -175,6 +175,9 @@ python -m bugbot.rules.severity_migration --production # Detect bugs with small crash volume python -m bugbot.rules.crash_small_volume --production +# Send a list with security bugs that could be un-hidden +python -m auto_nag.scripts.security_unhide_dups --production + # Suggest increasing the severity when duplicate bugs have higher severity python -m bugbot.rules.severity_higher_dups --production diff --git a/templates/security_unhide_dups.html b/templates/security_unhide_dups.html new file mode 100644 index 000000000..8354b7c10 --- /dev/null +++ b/templates/security_unhide_dups.html @@ -0,0 +1,21 @@ +

+ The following security {{ plural('bug is', data, pword='bugs are') }} marked as duplicates of already-open {{ plural('bug', data) }}: +

+ + + + + + + + + {% for i, (bugid, summary) in enumerate(data) -%} + + + + + {% endfor -%} + +
BugSummary
+ {{ bugid }} + {{ summary | e }}