From: Sachin Sant <sachinp@linux.ibm.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v5 1/2] doc: Add CVE catalog to documentation
Date: Thu, 7 May 2026 16:10:18 +0530 [thread overview]
Message-ID: <20260507104019.9764-3-sachinp@linux.ibm.com> (raw)
In-Reply-To: <20260507104019.9764-1-sachinp@linux.ibm.com>
Add a new CVE catalog page that automatically generates a comprehensive
list of all CVE reproducers available in LTP. The catalog extracts CVE
information from test metadata tags and presents them in a table format
with links to corresponding test cases.
Changes:
- Add doc/users/cve_catalog.rst as new documentation page
- Implement generate_cve_catalog() in doc/conf.py to extract CVE tags
from metadata/ltp.json and generate _static/cve.rst
- Configure autosectionlabel with document prefixes to prevent duplicate
label warnings when same test names appear in multiple files
- Update doc/Makefile to clean generated _static/cve.rst file
- Add CVE catalog link to main documentation index
The catalog displays CVEs in descending order (newest first) with
cross-references to test cases in the test catalog, making it easy
to find reproducers for specific CVEs.
Closes: https://github.com/linux-test-project/ltp/issues/1254
Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>
Signed-off-by: Sachin Sant <sachinp@linux.ibm.com>
---
V5 changes:
- Rewrite CVE catalog logic to only use ltp.json metadata
- Remove the dependency on runtest/cve file
- v4 link https://lore.kernel.org/ltp/aftwmBUir04jaik4@yuki.lan/T/#t
V4 changes:
- Simplified the CVE table (id, test name)
- Removed individual CVE pages
- v3 link https://lore.kernel.org/ltp/69f0b046.df0a0220.3765a8.f8e4@mx.google.com/T/#u
V3 changes:
- CVEs sorted in descending order
- append test name to CVE id : CVE (Test Name)
- Separate page for CVE catalog
- Link cve testcases to Test catalog entry
- v2 link https://lore.kernel.org/ltp/0df5f75d-eb8f-428e-9888-bb7a90a6b1a4@linux.ibm.com/
V2 changes:
- Replace Fixes tag by Closes
- V1 link https://lore.kernel.org/ltp/20260423105304.59788-1-sachinp@linux.ibm.com/T/#u
---
doc/Makefile | 3 +-
doc/conf.py | 84 +++++++++++++++++++++++++++++++++++++++
doc/index.rst | 4 ++
doc/users/cve_catalog.rst | 6 +++
4 files changed, 95 insertions(+), 2 deletions(-)
create mode 100644 doc/users/cve_catalog.rst
diff --git a/doc/Makefile b/doc/Makefile
index 3123b1cd7..77a0fafad 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -30,8 +30,7 @@ spelling:
$(RUN_VENV); sphinx-build -b spelling -d build/doctree . build/spelling
clean:
- rm -rf html/ build/ _static/syscalls.rst _static/tests.rst syscalls.tbl \
- ${abs_top_builddir}/metadata/ltp.json
+ rm -rf html/ build/ _static/syscalls.rst _static/tests.rst _static/cve.rst syscalls.tbl
distclean: clean
rm -rf $(VENV_DIR)
diff --git a/doc/conf.py b/doc/conf.py
index 63d09352e..a63849322 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -30,6 +30,15 @@ extensions = [
'sphinx.ext.extlinks',
]
+# Configure autosectionlabel to prefix labels with document name
+# This prevents duplicate labels when same test name appears in multiple files
+autosectionlabel_prefix_document = True
+# Only create labels for sections with unique names
+autosectionlabel_maxdepth = 2
+
+# Suppress duplicate label warnings for kernel-doc generated content
+suppress_warnings = ['autosectionlabel.*']
+
exclude_patterns = ["html*", '_static*', '.venv*']
extlinks = {
'repo': (f'{ltp_repo}/%s', '%s'),
@@ -535,6 +544,80 @@ def generate_test_catalog(_):
with open(output, 'w+', encoding='utf-8') as new_tests:
new_tests.write('\n'.join(text))
+def generate_cve_catalog(_):
+ """
+ Generate CVE catalog in a single file by extracting CVE tags from
+ metadata/ltp.json. This creates a single _static/cve.rst file with
+ all CVE information and links to test sources.
+ """
+ output = '_static/cve.rst'
+ metadata_file = '../metadata/ltp.json'
+
+ # Load metadata
+ metadata = None
+ try:
+ with open(metadata_file, 'r', encoding='utf-8') as data:
+ metadata = json.load(data)
+ except FileNotFoundError:
+ logger = sphinx.util.logging.getLogger(__name__)
+ msg = f"Can't find metadata file ({metadata_file})"
+ logger.warning(msg)
+ return
+
+ # Extract CVE information from test tags
+ cve_data = {}
+ tests = metadata.get('tests', {})
+
+ for test_name, test_info in tests.items():
+ tags = test_info.get('tags', [])
+ for tag in tags:
+ if len(tag) >= 2 and tag[0] == 'CVE':
+ cve_id = tag[1].upper()
+ # Normalize CVE ID format: ensure it starts with "CVE-"
+ if not cve_id.startswith('CVE-'):
+ cve_id = 'CVE-' + cve_id
+ if cve_id not in cve_data:
+ cve_data[cve_id] = []
+ cve_data[cve_id].append(test_name)
+
+ # Generate single CVE catalog file
+ total_cves = len(cve_data)
+ text = [
+ '.. warning::',
+ ' The following CVE catalog has been generated from test',
+ ' metadata and includes all CVE reproducers in LTP.',
+ '',
+ f'LTP includes reproducers for {total_cves} known CVEs.',
+ '',
+ '.. list-table::',
+ ' :header-rows: 1',
+ ' :widths: 40 60',
+ '',
+ ' * - CVE ID',
+ ' - Test Name(s)',
+ ]
+
+ # Add CVEs in descending order (newest first)
+ for cve_id in sorted(cve_data.keys(), reverse=True):
+ test_names = cve_data[cve_id]
+
+ # Create cross-references for all tests
+ test_links = []
+ for test_name in sorted(test_names):
+ test_anchor = f"users/test_catalog:{test_name}"
+ test_link = f":ref:`{test_name} <{test_anchor}>`"
+ test_links.append(test_link)
+
+ # Join multiple tests with commas
+ tests_str = ', '.join(test_links)
+
+ text.extend([
+ f' * - {cve_id}',
+ f' - {tests_str}',
+ ])
+
+ with open(output, 'w+', encoding='utf-8') as cve_catalog:
+ cve_catalog.write('\n'.join(text))
def setup(app):
"""
@@ -543,4 +626,5 @@ def setup(app):
"""
app.add_css_file('custom.css')
app.connect('builder-inited', generate_syscalls_stats)
+ app.connect('builder-inited', generate_cve_catalog)
app.connect('builder-inited', generate_test_catalog)
diff --git a/doc/index.rst b/doc/index.rst
index 496a12f80..733495f51 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -12,6 +12,7 @@
users/testers_guide
users/supported_systems
users/stats
+ users/cve_catalog
users/test_catalog
.. toctree::
@@ -58,6 +59,9 @@ For users
:doc:`users/stats`
Some LTP statistics
+:doc:`users/cve_catalog`
+ LTP reproducers for known CVEs
+
:doc:`users/test_catalog`
The LTP test catalog
diff --git a/doc/users/cve_catalog.rst b/doc/users/cve_catalog.rst
new file mode 100644
index 000000000..5a5b9b54a
--- /dev/null
+++ b/doc/users/cve_catalog.rst
@@ -0,0 +1,6 @@
+.. SPDX-License-Identifier: GPL-2.0-or-later
+
+CVE catalog
+===========
+
+.. include:: ../_static/cve.rst
--
2.39.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2026-05-07 10:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 10:40 [LTP] [PATCH v5 1/2] doc: Add CVE catalog to documentation Sachin Sant
2026-05-07 10:40 ` [LTP] [PATCH 2/2] doc: Rename statistics page to 'Supported syscalls' Sachin Sant
2026-05-07 10:40 ` Sachin Sant [this message]
2026-05-07 10:40 ` Sachin Sant
2026-05-07 10:42 ` [LTP] [PATCH v5 1/2] doc: Add CVE catalog to documentation Sachin Sant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507104019.9764-3-sachinp@linux.ibm.com \
--to=sachinp@linux.ibm.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.