[LTP] [PATCH v4 1/2] doc: generate CVE catalog documentation
Sachin Sant
sachinp@linux.ibm.com
Tue Apr 28 16:36:13 CEST 2026
Add a Sphinx builder hook to parse runtest/cve and generate a
comprehensive CVE catalog in a single documentation file.
The implementation:
- Parses runtest/cve to extract CVE IDs, test names, and options
- Generates a single CVE catalog file (_static/cve.rst) containing:
* Total CVE count
* All CVEs sorted in descending order (newest first)
* Table of CVEs:
- CVE ID
- Test name (Cross-references to test catalog entries)
- Integrates CVE catalog into main documentation index
Closes: https://github.com/linux-test-project/ltp/issues/1254
Cc: Andrea Cervesato <andrea.cervesato@suse.com>
Cc: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Sachin Sant <sachinp@linux.ibm.com>
---
V4 changes:
- Simplified the CVE table (id, test name)
- Removed individual CVE pages
- v3 link https://lore.kernel.org/ltp/69f0b046.df0a0220.3765a8.f8e4@mx.google.com/T/#u
V3 changes:
- CVEs sorted in descending order
- append test name to CVE id : CVE (Test Name)
- Separate page for CVE catalog
- Link cve testcases to Test catalog entry
- v2 link https://lore.kernel.org/ltp/0df5f75d-eb8f-428e-9888-bb7a90a6b1a4@linux.ibm.com/
V2 changes:
- Replace Fixes tag by Closes
- V1 link https://lore.kernel.org/ltp/20260423105304.59788-1-sachinp@linux.ibm.com/T/#u
---
doc/Makefile | 2 +-
doc/conf.py | 91 +++++++++++++++++++++++++++++++++++++++
doc/index.rst | 4 ++
doc/users/cve_catalog.rst | 6 +++
4 files changed, 102 insertions(+), 1 deletion(-)
create mode 100644 doc/users/cve_catalog.rst
diff --git a/doc/Makefile b/doc/Makefile
index 3123b1cd7..e99cbe666 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -30,7 +30,7 @@ spelling:
$(RUN_VENV); sphinx-build -b spelling -d build/doctree . build/spelling
clean:
- rm -rf html/ build/ _static/syscalls.rst _static/tests.rst syscalls.tbl \
+ rm -rf html/ build/ _static/syscalls.rst _static/tests.rst _static/cve.rst syscalls.tbl \
${abs_top_builddir}/metadata/ltp.json
distclean: clean
diff --git a/doc/conf.py b/doc/conf.py
index 63d09352e..d692638a0 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -30,6 +30,15 @@ extensions = [
'sphinx.ext.extlinks',
]
+# Configure autosectionlabel to prefix labels with document name
+# This prevents duplicate labels when same test name appears in multiple files
+autosectionlabel_prefix_document = True
+# Only create labels for sections with unique names
+autosectionlabel_maxdepth = 2
+
+# Suppress duplicate label warnings for kernel-doc generated content
+suppress_warnings = ['autosectionlabel.*']
+
exclude_patterns = ["html*", '_static*', '.venv*']
extlinks = {
'repo': (f'{ltp_repo}/%s', '%s'),
@@ -535,6 +544,87 @@ def generate_test_catalog(_):
with open(output, 'w+', encoding='utf-8') as new_tests:
new_tests.write('\n'.join(text))
+def generate_cve_catalog(_):
+ """
+ Generate CVE catalog in a single file. Parse runtest/cve file and
+ generate documentation with links to CVE databases and test sources.
+ Similar to test_catalog, creates a single _static/cve.rst file with
+ all CVE information.
+ """
+ output = '_static/cve.rst'
+ runtest_cve = '../runtest/cve'
+ metadata_file = '../metadata/ltp.json'
+
+ # Load metadata to check which tests exist in the catalog
+ metadata = None
+ try:
+ with open(metadata_file, 'r', encoding='utf-8') as data:
+ metadata = json.load(data)
+ except FileNotFoundError:
+ logger = sphinx.util.logging.getLogger(__name__)
+ msg = f"Can't find metadata file ({metadata_file})"
+ logger.warning(msg)
+
+ # Parse runtest/cve file
+ cve_data = {}
+
+ try:
+ with open(runtest_cve, 'r', encoding='utf-8') as f:
+ for line in f:
+ line = line.strip()
+ if not line or line.startswith('#'):
+ continue
+
+ parts = line.split(None, 2)
+ if len(parts) >= 2:
+ cve_id = parts[0].upper()
+ test_name = parts[1]
+
+ cve_data[cve_id] = {
+ 'cve_id': cve_id,
+ 'test_name': test_name,
+ }
+ except FileNotFoundError:
+ logger = sphinx.util.logging.getLogger(__name__)
+ msg = f"Can't find runtest/cve file ({runtest_cve})"
+ logger.warning(msg)
+ return
+
+ # Generate single CVE catalog file
+ total_cves = len(cve_data)
+ text = [
+ '.. warning::',
+ ' The following CVE catalog has been generated from the',
+ ' runtest/cve file and includes all CVE reproducers in LTP.',
+ '',
+ f'LTP includes reproducers for {total_cves} known CVEs.',
+ '',
+ '.. list-table::',
+ ' :header-rows: 1',
+ ' :widths: 40 60',
+ '',
+ ' * - CVE ID',
+ ' - Test Name',
+ ]
+
+ # Add CVEs in descending order (newest first)
+ for cve_id, cve_info in sorted(cve_data.items(), reverse=True):
+ test_name = cve_info["test_name"]
+
+ # Only create cross-reference if test exists in metadata
+ if metadata and test_name in metadata.get('tests', {}):
+ test_anchor = f"users/test_catalog:{test_name}"
+ test_link = f":ref:`{test_name} <{test_anchor}>`"
+ else:
+ test_link = f"``{test_name}``"
+
+ text.extend([
+ f' * - {cve_id}',
+ f' - {test_link}',
+ ])
+
+ with open(output, 'w+', encoding='utf-8') as cve_catalog:
+ cve_catalog.write('\n'.join(text))
def setup(app):
"""
@@ -543,4 +633,5 @@ def setup(app):
"""
app.add_css_file('custom.css')
app.connect('builder-inited', generate_syscalls_stats)
+ app.connect('builder-inited', generate_cve_catalog)
app.connect('builder-inited', generate_test_catalog)
diff --git a/doc/index.rst b/doc/index.rst
index 496a12f80..733495f51 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -12,6 +12,7 @@
users/testers_guide
users/supported_systems
users/stats
+ users/cve_catalog
users/test_catalog
.. toctree::
@@ -58,6 +59,9 @@ For users
:doc:`users/stats`
Some LTP statistics
+:doc:`users/cve_catalog`
+ LTP reproducers for known CVEs
+
:doc:`users/test_catalog`
The LTP test catalog
diff --git a/doc/users/cve_catalog.rst b/doc/users/cve_catalog.rst
new file mode 100644
index 000000000..5a5b9b54a
--- /dev/null
+++ b/doc/users/cve_catalog.rst
@@ -0,0 +1,6 @@
+.. SPDX-License-Identifier: GPL-2.0-or-later
+
+CVE catalog
+===========
+
+.. include:: ../_static/cve.rst
--
2.39.1
More information about the ltp
mailing list