Re: CVE details page

On Sat, Mar 27, 2021 at 8:35 PM Jonathan S. Katz <jkatz@postgresql.org> wrote:
>
> On 3/25/21 8:20 AM, Magnus Hagander wrote:
> > On Wed, Mar 24, 2021 at 8:57 PM Jonathan S. Katz <jkatz@postgresql.org> wrote:
> >>
> >> I've modified the URL matching to be all uppercase, but keeping our
> >> matching logic case insensitive.
> >
> > I do still prefer lowercase, but not enough to insist on it :)
> >
> > But do consider the redirect, that might help some ppl.
>
> OK, so I did:
>
> - matching cve/CVE
> - added a redirect to rewrite to CVE

Wouldn't:
+    if request.path.find('cve') != -1:
+        return redirect('/support/security/CVE-{}/'.format(cve),
permanent=True)

you captured the "cve" vs "CVE" part already in urls.py as a separate
parameter? And then just "if blah != 'CVE' return redirect"?

Either works, but looking for cve anywhere in the URL seems to set up
for a future bug should we ever for example want to move the cve's
into a subdir..


> >>> * The query for "versions" needs a .elect_related('version')
> >>
> >> That I do agree with and somehow missed that. Thanks!
> >
> > Thinking more, we should also have a struct.py in this directory, so
> > it goes ni the sitemap and becomes searchable. We should *already*
> > have had that, but it becomes more importantn ow that we have >1 page.
> > But already today you won't actually get search hits in our security
> > listing, which is a problem in itself... But let's fix them both at
> > once.
>
> OK, I believe I have handled that. I included it in 0003.


Rest LGTM.


-- 
 Magnus Hagander
 Me: https://www.hagander.net/
 Work: https://www.redpill-linpro.com/