Re: [LTP] [PATCH v5 1/2] doc: Add CVE catalog to documentation

[Sachin Sant <sachinp@linux.ibm.com>]

Ignore this series. I forgot to remove old copy of patches.
Will resend.

On 07/05/26 4:10 pm, Sachin Sant wrote:
> Add a new CVE catalog page that automatically generates a comprehensive
> list of all CVE reproducers available in LTP. The catalog extracts CVE
> information from test metadata tags and presents them in a table format
> with links to corresponding test cases.
>
> Changes:
> - Add doc/users/cve_catalog.rst as new documentation page
> - Implement generate_cve_catalog() in doc/conf.py to extract CVE tags
>    from metadata/ltp.json and generate _static/cve.rst
> - Configure autosectionlabel with document prefixes to prevent duplicate
>    label warnings when same test names appear in multiple files
> - Update doc/Makefile to clean generated _static/cve.rst file
> - Add CVE catalog link to main documentation index
>
> The catalog displays CVEs in descending order (newest first) with
> cross-references to test cases in the test catalog, making it easy
> to find reproducers for specific CVEs.
>
> Closes: https://github.com/linux-test-project/ltp/issues/1254
> Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>
> Signed-off-by: Sachin Sant <sachinp@linux.ibm.com>
> ---
> V5 changes:
> - Rewrite CVE catalog logic to only use ltp.json metadata
> - Remove the dependency on runtest/cve file
> - v4 link https://lore.kernel.org/ltp/aftwmBUir04jaik4@yuki.lan/T/#t
>
> V4 changes:
> - Simplified the CVE table (id, test name)
> - Removed individual CVE pages
> - v3 link https://lore.kernel.org/ltp/69f0b046.df0a0220.3765a8.f8e4@mx.google.com/T/#u
>
> V3 changes:
> - CVEs sorted in descending order
> - append test name to CVE id : CVE (Test Name)
> - Separate page for CVE catalog
> - Link cve testcases to Test catalog entry
> - v2 link https://lore.kernel.org/ltp/0df5f75d-eb8f-428e-9888-bb7a90a6b1a4@linux.ibm.com/
>
> V2 changes:
> - Replace Fixes tag by Closes
> - V1 link https://lore.kernel.org/ltp/20260423105304.59788-1-sachinp@linux.ibm.com/T/#u
>
> ---
>   doc/Makefile              |  2 +-
>   doc/conf.py               | 84 +++++++++++++++++++++++++++++++++++++++
>   doc/index.rst             |  4 ++
>   doc/users/cve_catalog.rst |  6 +++
>   4 files changed, 95 insertions(+), 1 deletion(-)
>   create mode 100644 doc/users/cve_catalog.rst
>
> diff --git a/doc/Makefile b/doc/Makefile
> index 3123b1cd7..1da240530 100644
> --- a/doc/Makefile
> +++ b/doc/Makefile
> @@ -31,7 +31,7 @@ spelling:
>   
>   clean:
>   	rm -rf html/ build/ _static/syscalls.rst _static/tests.rst syscalls.tbl \
> -		${abs_top_builddir}/metadata/ltp.json
> +		_static/cve.rst ${abs_top_builddir}/metadata/ltp.json
>   
>   distclean: clean
>   	rm -rf $(VENV_DIR)
> diff --git a/doc/conf.py b/doc/conf.py
> index 63d09352e..9b81162c5 100644
> --- a/doc/conf.py
> +++ b/doc/conf.py
> @@ -30,6 +30,15 @@ extensions = [
>       'sphinx.ext.extlinks',
>   ]
>   
> +# Configure autosectionlabel to prefix labels with document name
> +# This prevents duplicate labels when same test name appears in multiple files
> +autosectionlabel_prefix_document = True
> +# Only create labels for sections with unique names
> +autosectionlabel_maxdepth = 2
> +
> +# Suppress duplicate label warnings for kernel-doc generated content
> +suppress_warnings = ['autosectionlabel.*']
> +
>   exclude_patterns = ["html*", '_static*', '.venv*']
>   extlinks = {
>       'repo': (f'{ltp_repo}/%s', '%s'),
> @@ -535,6 +544,80 @@ def generate_test_catalog(_):
>       with open(output, 'w+', encoding='utf-8') as new_tests:
>           new_tests.write('\n'.join(text))
>   
> +def generate_cve_catalog(_):
> +    """
> +    Generate CVE catalog in a single file by extracting CVE tags from
> +    metadata/ltp.json. This creates a single _static/cve.rst file with
> +    all CVE information and links to test sources.
> +    """
> +    output = '_static/cve.rst'
> +    metadata_file = '../metadata/ltp.json'
> +
> +    # Load metadata
> +    metadata = None
> +    try:
> +        with open(metadata_file, 'r', encoding='utf-8') as data:
> +            metadata = json.load(data)
> +    except FileNotFoundError:
> +        logger = sphinx.util.logging.getLogger(__name__)
> +        msg = f"Can't find metadata file ({metadata_file})"
> +        logger.warning(msg)
> +        return
> +
> +    # Extract CVE information from test tags
> +    cve_data = {}
> +    tests = metadata.get('tests', {})
> +
> +    for test_name, test_info in tests.items():
> +        tags = test_info.get('tags', [])
> +        for tag in tags:
> +            if len(tag) >= 2 and tag[0] == 'CVE':
> +                cve_id = tag[1].upper()
> +                # Normalize CVE ID format: ensure it starts with "CVE-"
> +                if not cve_id.startswith('CVE-'):
> +                    cve_id = 'CVE-' + cve_id
> +                if cve_id not in cve_data:
> +                    cve_data[cve_id] = []
> +                cve_data[cve_id].append(test_name)
> +
> +    # Generate single CVE catalog file
> +    total_cves = len(cve_data)
> +    text = [
> +        '.. warning::',
> +        '    The following CVE catalog has been generated from test',
> +        '    metadata and includes all CVE reproducers in LTP.',
> +        '',
> +        f'LTP includes reproducers for {total_cves} known CVEs.',
> +        '',
> +        '.. list-table::',
> +        '   :header-rows: 1',
> +        '   :widths: 40 60',
> +        '',
> +        '   * - CVE ID',
> +        '     - Test Name(s)',
> +    ]
> +
> +    # Add CVEs in descending order (newest first)
> +    for cve_id in sorted(cve_data.keys(), reverse=True):
> +        test_names = cve_data[cve_id]
> +
> +        # Create cross-references for all tests
> +        test_links = []
> +        for test_name in sorted(test_names):
> +            test_anchor = f"users/test_catalog:{test_name}"
> +            test_link = f":ref:`{test_name} <{test_anchor}>`"
> +            test_links.append(test_link)
> +
> +        # Join multiple tests with commas
> +        tests_str = ', '.join(test_links)
> +
> +        text.extend([
> +            f'   * - {cve_id}',
> +            f'     - {tests_str}',
> +        ])
> +
> +    with open(output, 'w+', encoding='utf-8') as cve_catalog:
> +        cve_catalog.write('\n'.join(text))
>   
>   def setup(app):
>       """
> @@ -543,4 +626,5 @@ def setup(app):
>       """
>       app.add_css_file('custom.css')
>       app.connect('builder-inited', generate_syscalls_stats)
> +    app.connect('builder-inited', generate_cve_catalog)
>       app.connect('builder-inited', generate_test_catalog)
> diff --git a/doc/index.rst b/doc/index.rst
> index 496a12f80..733495f51 100644
> --- a/doc/index.rst
> +++ b/doc/index.rst
> @@ -12,6 +12,7 @@
>      users/testers_guide
>      users/supported_systems
>      users/stats
> +   users/cve_catalog
>      users/test_catalog
>   
>   .. toctree::
> @@ -58,6 +59,9 @@ For users
>   :doc:`users/stats`
>      Some LTP statistics
>   
> +:doc:`users/cve_catalog`
> +   LTP reproducers for known CVEs
> +
>   :doc:`users/test_catalog`
>      The LTP test catalog
>   
> diff --git a/doc/users/cve_catalog.rst b/doc/users/cve_catalog.rst
> new file mode 100644
> index 000000000..5a5b9b54a
> --- /dev/null
> +++ b/doc/users/cve_catalog.rst
> @@ -0,0 +1,6 @@
> +.. SPDX-License-Identifier: GPL-2.0-or-later
> +
> +CVE catalog
> +===========
> +
> +.. include:: ../_static/cve.rst

-- 
Thanks
- Sachin



-- 
Mailing list info: https://lists.linux.it/listinfo/ltp