Review fixes + reformated

.github/workflows/manual.yml

@@ -0,0 +1,39 @@
+# This is a basic workflow that is manually triggered
+
+name: Manual Doc build workflow
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on:
+  workflow_dispatch:
+    # Inputs the workflow accepts.
+
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "greet"
+  build_blog_site:
+    # The type of runner that the job will run on
+    runs-on: [ ubuntu-22.04-self-hosted ]
+#    runs-on: [ self-hosted ]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+    # Runs a single command using the runners shell
+    - name: Show auth
+      run: gcloud auth list
+    - name: store secrets file
+      run: |
+          cat << EOF > /tmp/key.json
+          ${{ secrets.SERVICE_ACCOUNT_KEY }}
+          EOF
+    - name: activate service account
+      run: gcloud auth activate-service-account --key-file=/tmp/key.json
+    - name: Show auth
+      run: gcloud auth list
+    - name: Trigger doc build
+      run: gcloud run jobs execute pu-cdn-build-doc-job-production --region europe-north1 --wait
+    - name: Remove service account
+      run: gcloud auth revoke
+    - name: Remove access key file
+      run: rm -f /tmp/key.json

.github/workflows/web_build.yml

@@ -0,0 +1,37 @@
+###
+name: Automatic web build
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on:
+  push:
+    branches:
+      - master
+      - automation
+jobs:
+  # This workflow contains a single job called "greet"
+  build_web_site:
+    # The type of runner that the job will run on
+    runs-on: [ ubuntu-22.04-self-hosted ]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Runs a single command using the runners shell
+      - name: Show available accounts
+        run: gcloud auth list
+      - name: Store service account key file
+        run: |
+          cat << EOF > /tmp/key.json
+          ${{ secrets.SERVICE_ACCOUNT_KEY }}
+          EOF
+      - name: Activate service account
+        run: gcloud auth activate-service-account --key-file=/tmp/key.json
+      - name: Show available accounts
+        run: gcloud auth list
+      - name: Trigger web build
+        run: gcloud run jobs execute pu-cdn-build-web-job-production --region europe-north1 --wait
+      - name: Remove service account
+        run: gcloud auth revoke
+      - name: Remove service account key file
+        run: rm -f /tmp/key.json
+

bin/cvejsontohtml.py

@@ -14,17 +14,18 @@
 parser = OptionParser()
 
 parser.add_option("-b", "--base", help="major version to filter on", dest="base")
-parser.add_option("-i", "--inputdirectory", help="directory of json files", dest="directory")
+parser.add_option(
+    "-i", "--inputdirectory", help="directory of json files", dest="directory"
+)
 (options, args) = parser.parse_args()
 
 
-def natural_sort_key(s, _nsre=re.compile('([0-9]+)')):
-    return [int(text) if text.isdigit() else text.lower()
-            for text in _nsre.split(s)]
+def natural_sort_key(s, _nsre=re.compile("([0-9]+)")):
+    return [int(text) if text.isdigit() else text.lower() for text in _nsre.split(s)]
 
 
 def getbasefor(fixedin):
-    dotparts = re.search('^(\d)\.(\d)\.(\d)', fixedin)
+    dotparts = re.search("^(\d)\.(\d)\.(\d)", fixedin)
     if not dotparts:
         return None
     if int(dotparts.group(1)) < 3:
@@ -48,14 +49,14 @@ def getbasefor(fixedin):
             print("Ignoring due to error parsing: " + options.directory + x)
             continue
 
-# Filter on version 
+# Filter on version
 # We want to sort on reverse date then cve name
 statements = ""
 disputedcve = {}
 for cve in cves:
     if "statements" in cve:
         for statement in cve["statements"]:
-            if (statement["base"] in (options.base or "none")):
+            if statement["base"] in (options.base or "none"):
                 statements += "<p>" + statement["text"].strip() + "</p>"
     if "disputed" in cve:
         for dispute in cve["disputed"]:
@@ -68,7 +69,7 @@ def getbasefor(fixedin):
             fixedbase = getbasefor(fixedin)
             if fixedbase and fixedbase not in allbase:
                 allbase.append(fixedbase)
-            if (fixedin.startswith(base)):
+            if fixedin.startswith(base):
                 datepublic = cna["datePublic"] + "-" + cveid
                 entries[datepublic] = cve
 
@@ -81,12 +82,12 @@ def getbasefor(fixedin):
 allyears = []
 allissues = ""
 for k, cve in sorted(entries.items(), reverse=True):
-    year = k.split('-')[0]
+    year = k.split("-")[0]
 
-    if (lastyear != year):
-        if (lastyear != ""):
-            allissues += "</dl>";
-        allissues += "<h3><a name=\"y%s\">%s</a></h3>\n<dl>" % (year, year)
+    if lastyear != year:
+        if lastyear != "":
+            allissues += "</dl>"
+        allissues += '<h3><a name="y%s">%s</a></h3>\n<dl>' % (year, year)
         allyears.append(year)
         lastyear = year
 
@@ -97,21 +98,24 @@ def getbasefor(fixedin):
     allissues += "<dt>"
     # CVE name
     if cve:
-        allissues += "<a href=\"https://www.cve.org/CVERecord?id=%s\" name=\"%s\">%s</a> " % (cveid, cveid, cveid)
+        allissues += (
+            '<a href="https://www.cve.org/CVERecord?id=%s" name="%s">%s</a> '
+            % (cveid, cveid, cveid)
+        )
 
-        # Advisory (use the title instead of openssl advisory)
+    # Advisory (use the title instead of openssl advisory)
     title = "(OpenSSL Advisory)"
     refs = ""
     if "title" in cna:
-        title = cna['title']
+        title = cna["title"]
         refs = title
     for ref in cna["references"]:
         if "tags" in ref:
             if "vendor-advisory" in ref["tags"]:
                 url = ref["url"]
                 if url.startswith("https://www.openssl.org/news/"):
                     url = url.replace("https://www.openssl.org/news/", "")
-                refs = "<a href=\"" + url + "\">" + title + "</a>"
+                refs = '<a href="' + url + '">' + title + "</a>"
     allissues += " " + refs
 
     # Impact
@@ -120,37 +124,43 @@ def getbasefor(fixedin):
             impact = metric["other"]["content"]["text"]
             if not "unknown" in impact:
                 metric_url = metric["other"]["type"]
-                if metric["other"]["type"].startswith("https://www.openssl.org/policies/"):
+                if metric["other"]["type"].startswith(
+                    "https://www.openssl.org/policies/"
+                ):
                     metric_url = metric_url.replace("https://www.openssl.org/", "../")
 
-                allissues += f" <a href=\"{metric_url}\">[{impact} severity]</a>"
+                allissues += f' <a href="{metric_url}">[{impact} severity]</a>'
 
     # Date
     datepublic = cna["datePublic"]
-    t = datetime.datetime(int(datepublic[:4]), int(datepublic[5:7]), int(datepublic[8:10]), 0, 0)
+    t = datetime.datetime(
+        int(datepublic[:4]), int(datepublic[5:7]), int(datepublic[8:10]), 0, 0
+    )
     allissues += t.strftime(" %d %B %Y: ")
 
-    allissues += "<a href=\"#toc\"><img src=\"../img/up.gif\"/></a></dt>\n<dd>"
+    allissues += '<a href="#toc"><img src="../img/up.gif"/></a></dt>\n<dd>'
 
     # Description
     for desc in cna["descriptions"]:
         # Trailing \n's are ignored, double \n are paragraph breaks
-        allissues += desc["value"].rstrip('\n').replace('\n\n', "</dd><dd>")
+        allissues += desc["value"].rstrip("\n").replace("\n\n", "</dd><dd>")
 
     # Credits
-    if ("credits" in cna):
+    if "credits" in cna:
         allissues += "</dd><dd>"
         for credit in cna["credits"]:
             creditprefix = " Found by "
             if "type" in credit and "remediation dev" in credit["type"]:
                 creditprefix = " Fix developed by "
-            elif "type" in credit and ("finder" not in credit["type"] and "reporter" not in credit["type"]):
+            elif "type" in credit and (
+                "finder" not in credit["type"] and "reporter" not in credit["type"]
+            ):
                 creditprefix = " Thanks to "
             allissues += creditprefix + credit["value"] + "."
 
     affects = []
     product = cna["affected"][0]
-    productname = product['product']
+    productname = product["product"]
     allissues += "<ul>"
     also = []
     for ver in product["versions"]:
@@ -163,18 +173,24 @@ def getbasefor(fixedin):
                     git = reference["url"]
 
             if base:
-                if (not earliest.startswith(base)):
-                    also.append("OpenSSL <a href=\"vulnerabilities-%s.html#%s\">%s</a>" % (getbasefor(earliest), cveid, fixedin))
+                if not earliest.startswith(base):
+                    also.append(
+                        'OpenSSL <a href="vulnerabilities-%s.html#%s">%s</a>'
+                        % (getbasefor(earliest), cveid, fixedin)
+                    )
                     continue
-            allissues += "<li>Affects %s up to and including OpenSSL %s " % (earliest, lastaffected)
-            if (git != ""):
-                issue = git.split('/')[-1]
+            allissues += "<li>Affects %s up to and including OpenSSL %s " % (
+                earliest,
+                lastaffected,
+            )
+            if git != "":
+                issue = git.split("/")[-1]
                 # it will process this url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=517a0e7fa0f5453c860a3aec17b678bd55d5aad7
                 # and rewrite it to https://github.com/openssl/openssl/commit/517a0e7fa0f5453c860a3aec17b678bd55d5aad7
                 if git.startswith("https://git.openssl.org/"):
                     commitId = git.split(";")[-1].split("=")[-1]
                     git = f"https://github.com/openssl/openssl/commit/{commitId}"
-                allissues += "<a href=\"%s\">(fix in git commit)</a> " % (git)
+                allissues += '<a href="%s">(fix in git commit)</a> ' % (git)
             allissues += "</li>"
         if "lessThan" in ver:
             fixedin = ver["lessThan"]
@@ -185,18 +201,26 @@ def getbasefor(fixedin):
                     git = reference["url"]
 
             if base:
-                if (not earliest.startswith(base)):
-                    also.append("OpenSSL <a href=\"vulnerabilities-%s.html#%s\">%s</a>" % (getbasefor(earliest), cveid, fixedin))
+                if not earliest.startswith(base):
+                    also.append(
+                        'OpenSSL <a href="vulnerabilities-%s.html#%s">%s</a>'
+                        % (getbasefor(earliest), cveid, fixedin)
+                    )
                     continue
             allissues += "<li>Fixed in OpenSSL %s " % (fixedin)
-            if (git != ""):
+            if git != "":
                 if git.startswith("https://git.openssl.org/"):
                     commitId = git.split(";")[-1].split("=")[-1]
                     git = f"https://github.com/openssl/openssl/commit/{commitId}"
-                if (fixedin.startswith("1.0.2") and fixedin[5] >= 'w'):  # 1.0.2w and above hack
-                    allissues += "<a href=\"/support/contracts.html?giturl=%s\">(premium support)</a> " % (git)
+                if (
+                    fixedin.startswith("1.0.2") and fixedin[5] >= "w"
+                ):  # 1.0.2w and above hack
+                    allissues += (
+                        '<a href="/support/contracts.html?giturl=%s">(premium support)</a> '
+                        % (git)
+                    )
                 else:
-                    allissues += "<a href=\"%s\">(git commit)</a> " % (git)
+                    allissues += '<a href="%s">(git commit)</a> ' % (git)
             allissues += "(Affected since " + earliest + ")"
             allissues += "</li>"
     if also:
@@ -206,19 +230,22 @@ def getbasefor(fixedin):
 preface = "<!-- do not edit this file it is autogenerated, edit vulnerabilities.xml -->"
 bases = []
 for base in allbase:
-    if (options.base and base in options.base):
+    if options.base and base in options.base:
         bases.append("%s" % (base))
     else:
-        bases.append("<a href=\"vulnerabilities-%s.html\">%s</a>" % (base, base))
+        bases.append('<a href="vulnerabilities-%s.html">%s</a>' % (base, base))
 preface += "<p>Show issues fixed only in OpenSSL " + ", ".join(bases)
 if options.base:
-    preface += ", or <a href=\"vulnerabilities.html\">all versions</a></p>"
+    preface += ', or <a href="vulnerabilities.html">all versions</a></p>'
     preface += "<h2>Fixed in OpenSSL %s</h2>" % (options.base)
 else:
     preface += "</p>"
 preface += statements
-if len(allyears) > 1:  # If only vulns in this year no need for the year table of contents
-    preface += "<p><a name=\"toc\">Jump to year: </a>" + ", ".join("<a href=\"#y%s\">%s</a>" % (year, year) for year in allyears)
+if len(allyears) > 1:
+    # If only vulns in this year no need for the year table of contents
+    preface += '<p><a name="toc">Jump to year: </a>' + ", ".join(
+        '<a href="#y%s">%s</a>' % (year, year) for year in allyears
+    )
 preface += "</p>"
 if allissues != "":
     preface += allissues + "</dl>"
@@ -227,12 +254,15 @@ def getbasefor(fixedin):
 
 nonissues = ""
 for nonissue in disputedcve:
-    if (not options.base or disputedcve[nonissue]["base"] in (options.base or "none")):
-        nonissues += "<li><a href=\"https://www.cve.org/CVERecord?id=%s\" name=\"%s\">%s</a>: " % (nonissue, nonissue, nonissue)
+    if not options.base or disputedcve[nonissue]["base"] in (options.base or "none"):
+        nonissues += (
+            '<li><a href="https://www.cve.org/CVERecord?id=%s" name="%s">%s</a>: '
+            % (nonissue, nonissue, nonissue)
+        )
         nonissues += disputedcve[nonissue]["text"]
         nonissues += "</li>"
-if (nonissues != ""):
+if nonissues != "":
     preface += "<h3>Not Vulnerabilities</h3><ul>" + nonissues + "</ul>"
 
-sys.stdout.reconfigure(encoding='utf-8')
+sys.stdout.reconfigure(encoding="utf-8")
 sys.stdout.write(preface)