Re: [LTP] [PATCH v2] doc: generate CVE reproducer statistics

[Petr Vorel <pvorel@suse.cz>]

Hi Sachin,

[ Cc Andrea ]

> Add a Sphinx builder hook to parse runtest/cve, collect CVE
> reproducer metadata, and generate a documentation page with
> per-year counts and links to CVE entries and test sources.

> Also include the generated CVE reproducer statistics page from
> doc/users/stats.rst.

Thanks for implementing this.

I'd prefer this to be on a separate page named "CVE Reproducers"
(OT: I'd also prefer to rename "Statistics" to "Supported syscalls", but that's
separate thing.)


More notes:

* I suppose it shouldn't be too hard to do it similarly as what we do in the test
  catalog [1], have each CVE id + optional binary name in parenthesis in the menu
  on the left:

	CVE-2025-38236
	...
	CVE-2016-5195 (dirtyc0w)
	...

  Or, we could have tables by years (i.e. left menu only years with counted
  number of tests in parenthesis)

	2025 (2)
	2023 (3)

  I don't have a strong preference, which one is better.

* Sort by CVE ID descending (newest CVE on the top, people are mostly
  interested at current problems than about history).
* Maybe link to the file should be linked to the test catalog page (which has
  also link to the test source?), e.g. [2] (link could be relative).
* The description is mostly useless (often just CVE ID or "CVE reproducer
  test"), link to the test catalog would help.
* Year is useless (visible from CVE ID)
* Some of the tests don't have link now, e.g. dirtyc0w, snd_timer01.

Kind regards,
Petr

[1] https://linux-test-project.readthedocs.io/en/latest/users/test_catalog.html
[2] https://linux-test-project.readthedocs.io/en/latest/users/test_catalog.html#cve-2016-7042

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp