[libvirt] [security-notice PATCH 6/9] scripts: optimize tag to branch mapping

[Daniel P. Berrangé]

The tags have a well defined naming scheme, letting us identify the
branch by simply stripping the last digit and appending '-maint'. This
eliminates the need to run a query per branch.
---
 scripts/report-vulnerable-tags.pl | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl
index 59859b1..43f344a 100644
--- a/scripts/report-vulnerable-tags.pl
+++ b/scripts/report-vulnerable-tags.pl
@@ -174,34 +174,31 @@ if (defined $broken) {
 	add_broken_tag("master", $tag);
     }
 
+    for my $branch (get_branches($broken)) {
+	add_branch($branch);
+    }
+
     # Now we need slower work to find branches for
     # few remaining tags
     for my $tag (get_tags("--contains", $broken)) {
-
 	next if exists $tags{$tag};
 
-	my @tagbranches = get_branches($tag);
-	if (int(@tagbranches) == 0) {
-	    if ($tag eq "v2.1.0") {
-		@tagbranches = ("master")
-	    } else {
-		print "Tag $tag doesn't appear in any branch\n";
-		next;
-	    }
+	# Hack as tag was mistakenly not on master branch
+	if ($tag eq "v2.1.0") {
+	    $branches{"master"}->{"brokentags"}->{$tag} = 1;
+	    next;
 	}
 
-	if (int(@tagbranches) > 1) {
-	    print "Tag $tag appears in multiple branches\n";
+	die "malformed tag $tag" unless $tag =~ /(v.*)\.(\d+)$/;
+	my $branch = "$1-maint";
+
+	if (!exists $branches{$branch}) {
+	    print "Tag $tag mapped to branch $branch which doesn't exist\n";
+	    next;
 	}
-	my $branch = $tagbranches[0];
 
-	add_branch($branch);
 	add_broken_tag($branch, $tag);
     }
-
-    for my $branch (get_branches($broken)) {
-	add_branch($branch);
-    }
 }
 
 if (defined $fixed) {
-- 
2.21.0