From ba6c01ca6386b56af1301658b5fda9cc621048f2 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@vdwaa.nl>
Date: Mon, 11 Jun 2018 21:55:47 +0200
Subject: [PATCH 1/2] Warn if lib32- variant is missing when adding a group

When adding a new group, warn if the lib32 variant does not exists via a
flashcard.

Closes: #120
---
 test/test_group.py  | 31 +++++++++++++++++++++++++++++++
 tracker/view/add.py | 19 +++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/test/test_group.py b/test/test_group.py
index f1c2357f..9846d051 100644
--- a/test/test_group.py
+++ b/test/test_group.py
@@ -248,6 +248,37 @@ def test_add_group_with_dot_in_pkgrel(db, client):
     set_and_assert_group_data(db, client, url_for('tracker.add_group'), affected='1.2-3.4')
 
 
+@create_package(name='foo', version='1.2.3-4')
+@create_package(name='lib32-foo', version='1.2.3-4')
+@logged_in
+def test_add_group_mising_lib32(db, client):
+    pkgnames = ['foo']
+    issues = ['CVE-1234-1234', 'CVE-2222-2222']
+    data = default_group_dict(dict(
+        cve='\n'.join(issues),
+        pkgnames='\n'.join(pkgnames),
+        ))
+
+    resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
+    assert 200 == resp.status_code
+    assert 'Missing AVG for lib32-foo' in resp.data.decode()
+
+
+@create_package(name='foo', version='1.2.3-4')
+@logged_in
+def test_add_group_mising_lib32_invalid(db, client):
+    pkgnames = ['foo']
+    issues = ['CVE-1234-1234', 'CVE-2222-2222']
+    data = default_group_dict(dict(
+        cve='\n'.join(issues),
+        pkgnames='\n'.join(pkgnames),
+        ))
+
+    resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
+    assert 200 == resp.status_code
+    assert 'Missing AVG for lib32-foo' not in resp.data.decode()
+
+
 @create_package(name='foo')
 @logged_in
 def test_dont_add_group_with_dot_at_beginning_of_pkgrel(db, client):
diff --git a/tracker/view/add.py b/tracker/view/add.py
index 499992b2..8430081e 100644
--- a/tracker/view/add.py
+++ b/tracker/view/add.py
@@ -10,6 +10,7 @@
 from tracker.model import CVEGroup
 from tracker.model import CVEGroupEntry
 from tracker.model import CVEGroupPackage
+from tracker.model import Package
 from tracker.model.enum import Affected
 from tracker.model.enum import Remote
 from tracker.model.enum import Severity
@@ -199,4 +200,22 @@ def add_group():
 
     db.session.commit()
     flash('Added {}'.format(group.name))
+
+    missing_lib32_variant(pkgnames, group)
+
     return redirect('/{}'.format(group.name))
+
+
+def missing_lib32_variant(pkgnames, group):
+    for pkgname in pkgnames:
+        if 'lib32' in pkgname:
+            continue
+
+        lib32pkg = f'lib32-{pkgname}'
+        if not Package.query.filter(Package.name == lib32pkg).first():
+            continue
+
+        if CVEGroupPackage.query.filter(CVEGroupPackage.pkgname == lib32pkg, CVEGroupPackage.group == group).first():
+            continue
+
+        flash('Missing AVG for {}'.format(lib32pkg))

From e8c69214d7da3537f74ce8a747ddff16990ddbfd Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@vdwaa.nl>
Date: Sat, 23 Jun 2018 23:37:49 +0200
Subject: [PATCH 2/2] Make lib32 variant testing more general

Check if lib32-curl misses curl and if adding curl misses lib32-curl.
---
 test/test_group.py  | 36 ++++++++++++++++++++++++++++++++++--
 tracker/view/add.py | 30 +++++++++++++++++-------------
 2 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/test/test_group.py b/test/test_group.py
index 9846d051..1f5290db 100644
--- a/test/test_group.py
+++ b/test/test_group.py
@@ -251,7 +251,23 @@ def test_add_group_with_dot_in_pkgrel(db, client):
 @create_package(name='foo', version='1.2.3-4')
 @create_package(name='lib32-foo', version='1.2.3-4')
 @logged_in
-def test_add_group_mising_lib32(db, client):
+def test_add_group_missing_foo(db, client):
+    pkgnames = ['lib32-foo']
+    issues = ['CVE-1234-1234', 'CVE-2222-2222']
+    data = default_group_dict(dict(
+        cve='\n'.join(issues),
+        pkgnames='\n'.join(pkgnames),
+        ))
+
+    resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
+    assert 200 == resp.status_code
+    assert 'Missing AVG for foo' in resp.data.decode()
+
+
+@create_package(name='foo', version='1.2.3-4')
+@create_package(name='lib32-foo', version='1.2.3-4')
+@logged_in
+def test_add_group_missing_lib32(db, client):
     pkgnames = ['foo']
     issues = ['CVE-1234-1234', 'CVE-2222-2222']
     data = default_group_dict(dict(
@@ -264,9 +280,25 @@ def test_add_group_mising_lib32(db, client):
     assert 'Missing AVG for lib32-foo' in resp.data.decode()
 
 
+@create_package(name='foo', version='1.2.3-4')
+@create_package(name='lib32-foo', version='1.2.3-4')
+@logged_in
+def test_add_group_missing_lib32_included(db, client):
+    pkgnames = ['foo', 'lib32-foo']
+    issues = ['CVE-1234-1234', 'CVE-2222-2222']
+    data = default_group_dict(dict(
+        cve='\n'.join(issues),
+        pkgnames='\n'.join(pkgnames),
+        ))
+
+    resp = client.post(url_for('tracker.add_group'), follow_redirects=True, data=data)
+    assert 200 == resp.status_code
+    assert 'Missing AVG for lib32-foo' not in resp.data.decode()
+
+
 @create_package(name='foo', version='1.2.3-4')
 @logged_in
-def test_add_group_mising_lib32_invalid(db, client):
+def test_add_group_missing_lib32_invalid(db, client):
     pkgnames = ['foo']
     issues = ['CVE-1234-1234', 'CVE-2222-2222']
     data = default_group_dict(dict(
diff --git a/tracker/view/add.py b/tracker/view/add.py
index 8430081e..9add0561 100644
--- a/tracker/view/add.py
+++ b/tracker/view/add.py
@@ -201,21 +201,25 @@ def add_group():
     db.session.commit()
     flash('Added {}'.format(group.name))
 
-    missing_lib32_variant(pkgnames, group)
+    missing_variants(pkgnames, group)
 
     return redirect('/{}'.format(group.name))
 
 
-def missing_lib32_variant(pkgnames, group):
+def missing_variants(pkgnames, group, variants=['lib32']):
+    testpkgs = []
     for pkgname in pkgnames:
-        if 'lib32' in pkgname:
-            continue
-
-        lib32pkg = f'lib32-{pkgname}'
-        if not Package.query.filter(Package.name == lib32pkg).first():
-            continue
-
-        if CVEGroupPackage.query.filter(CVEGroupPackage.pkgname == lib32pkg, CVEGroupPackage.group == group).first():
-            continue
-
-        flash('Missing AVG for {}'.format(lib32pkg))
+        for variant in variants:
+            if variant in pkgname:
+                pkg = pkgname.replace(f'{variant}-', '')
+                if pkg not in pkgnames:
+                    testpkgs.append(pkg)
+            else:
+                pkg = f'{variant}-{pkgname}'
+                if pkg not in pkgnames:
+                    testpkgs.append(pkg)
+
+    package_data = Package.query.filter(Package.name.in_(testpkgs)).all()
+    for pkg in package_data:
+        if pkg not in group.packages:
+            flash('Missing AVG for {}'.format(pkg.name))