Mercurial > farol > farolluz
annotate farolluz/parsers/cvrf.py @ 27:934c510f8077
Fix the imports
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Fri, 24 Oct 2014 17:06:34 +0200 |
parents | dcc946b30343 |
children | 9ed24f48df01 |
rev | line source |
---|---|
0 | 1 # -*- coding: utf-8 -*- |
2 # Description: | |
3 # Methods for parsing CVRF documents | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 """\ | |
26 Methods for parsing of CVRF Documents | |
27 """ | |
28 | |
29 from __future__ import print_function | |
30 | |
31 import re | |
32 import textwrap | |
33 import xml.etree.ElementTree as ET | |
34 from datetime import datetime, timedelta | |
35 | |
36 try: | |
37 from datetime import timezone | |
38 except ImportError: | |
39 from ..py2 import FixedTimeZone as timezone | |
40 | |
27 | 41 from ..common import CVRFNote, CVRFAcknowledgment, CVRFReference |
42 from ..document import (CVRF, CVRFPublisher, CVRFTracking, CVRFRevision, | |
43 CVRFGenerator, CVRFAggregateSeverity, CVRFTrackingID) | |
44 from ..producttree import (CVRFProductBranch, CVRFFullProductName, | |
45 CVRFRelationship, CVRFGroup) | |
46 from ..vulnerability import (CVRFVulnerability, CVRFVulnerabilityID, CVRFThreat, | |
47 CVRFProductStatus, CVRFCVSSSet, CVRFRemediation, CVRFInvolvement, CVRFCWE) | |
0 | 48 |
49 NAMESPACES = { | |
50 'cvrf': "http://www.icasi.org/CVRF/schema/cvrf/1.1", | |
51 'prod': "http://www.icasi.org/CVRF/schema/prod/1.1", | |
52 'vuln': "http://www.icasi.org/CVRF/schema/vuln/1.1", | |
53 'xml': "http://www.w3.org/XML/1998/namespace", | |
54 } | |
55 | |
56 | |
57 def UN(ns, name): | |
58 """ UN for Universal Name """ | |
59 return "{%s}%s" % (NAMESPACES[ns], name) | |
60 | |
61 | |
62 def parseVersion(string): | |
63 return tuple(int(i) for i in string.split('.')) | |
64 | |
65 | |
66 def parseDate(string): | |
67 m = re.match('(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:([+-])(\d{2}):(\d{2})|(Z))?', string) | |
68 if (m.group(7) is None) or (m.group(7) == 'Z'): | |
69 tzhours = 0 | |
70 tzmin = 0 | |
71 else: | |
72 tzhours = int(m.group(8)) | |
73 if m.group(7) == '-': | |
74 tzhours = - tzhours | |
75 tzmin = int(m.group(9)) | |
76 return datetime(int(m.group(1)), int(m.group(2)), int(m.group(3)), int(m.group(4)), int(m.group(5)), int(m.group(6)), tzinfo=timezone(timedelta(hours=tzhours, minutes=tzmin))) | |
77 | |
78 | |
79 def parseNote(elem): | |
80 return CVRFNote( | |
81 elem.attrib['Type'], | |
82 int(elem.attrib['Ordinal']), | |
83 textwrap.dedent(elem.text).strip(), | |
84 elem.attrib.get('Title'), | |
85 elem.attrib.get('Audience') | |
86 ) | |
87 | |
88 | |
89 def parseReference(elem, ns='cvrf'): | |
90 """ ns is the current namespace """ | |
91 return CVRFReference( | |
92 elem.findtext(UN(ns, 'URL')).strip(), | |
93 textwrap.dedent(elem.findtext(UN(ns, 'Description'))).strip(), | |
94 elem.attrib.get('Type') | |
95 ) | |
96 | |
97 | |
98 def parseAcknowledgment(elem, ns='cvrf'): | |
9
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
99 names = [] |
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
100 for cvrfname in elem.findall(UN(ns, 'Name')): |
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
101 names.append(cvrfname.text.strip()) |
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
102 orgs = [] |
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
103 for cvrforg in elem.findall(UN(ns, 'Organization')): |
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
104 orgs.append(cvrforg.text.strip()) |
0 | 105 return CVRFAcknowledgment( |
9
4c6e15514a6d
Parse Name and Organization in a Acknowledgment as multiple elements
Benoît Allard <benoit.allard@greenbone.net>
parents:
5
diff
changeset
|
106 names, orgs, |
0 | 107 elem.findtext(UN(ns, 'Description')), |
108 elem.findtext(UN(ns, 'URL')), | |
109 ) | |
110 | |
111 | |
112 def parseFullProductName(elem, parent): | |
113 return CVRFFullProductName( | |
114 elem.attrib['ProductID'], | |
115 elem.text.strip(), | |
116 parent, | |
117 cpe=elem.attrib.get('CPE') | |
118 ) | |
119 | |
120 | |
121 def parseProdBranch(elem, ptree, parentbranch=None): | |
122 """ Recursively parses the branches and the terminal productnames """ | |
123 fpncvrf = elem.find(UN('prod', 'FullProductName')) | |
124 if (parentbranch is not None) and (fpncvrf is not None): | |
125 # Don't process the products at the root of the tree | |
126 prod = parseFullProductName(fpncvrf, parentbranch) | |
127 ptree.addProduct(prod) | |
128 | |
129 if parentbranch is None: | |
130 parentbranch = ptree | |
131 for brcvrf in elem.findall(UN('prod', 'Branch')): | |
132 br = CVRFProductBranch(brcvrf.attrib['Type'], brcvrf.attrib['Name'], parentbranch) | |
133 # And go into recursion ... | |
134 br._childs = list(parseProdBranch(brcvrf, ptree, br)) | |
135 yield br | |
136 | |
137 | |
138 def parseVulnerability(elem): | |
139 vuln = CVRFVulnerability(int(elem.attrib['Ordinal'])) | |
140 | |
141 xmltitle = elem.findtext(UN('vuln', 'Title')) | |
142 if xmltitle is not None: | |
143 vuln.setTitle(xmltitle.strip()) | |
144 | |
145 xmlID = elem.find(UN('vuln', 'ID')) | |
146 if xmlID is not None: | |
147 vuln.setID(CVRFVulnerabilityID(xmlID.attrib['SystemName'], xmlID.text.strip())) | |
148 | |
149 for xmlnote in elem.findall('/'.join([UN('vuln', 'Notes'), UN('vuln', 'Note')])): | |
150 vuln.addNote(parseNote(xmlnote)) | |
151 | |
152 xmldiscoverydate = elem.findtext(UN('vuln', 'DiscoveryDate')) | |
153 if xmldiscoverydate is not None: | |
154 vuln.setDiscoveryDate(parseDate(xmldiscoverydate)) | |
155 xmlreleasedate = elem.findtext(UN('vuln', 'ReleaseDate')) | |
156 if xmlreleasedate is not None: | |
157 vuln.setReleaseDate(parseDate(xmlreleasedate)) | |
158 | |
159 for xmlinv in elem.findall('/'.join([UN('vuln', 'Involvements'), UN('vuln', 'Involvement')])): | |
160 involvement = CVRFInvolvement( | |
161 xmlinv.attrib['Party'], | |
162 xmlinv.attrib['Status'] | |
163 ) | |
164 xmldescr = xmlinv.findtext(UN('vuln', 'Description')) | |
165 if xmldescr is not None: | |
166 involvement.setDescription(textwrap.dedent(xmldescr).strip()) | |
167 vuln.addInvolvement(involvement) | |
168 | |
169 xmlcve = elem.findtext(UN('vuln', 'CVE')) | |
170 if xmlcve is not None: | |
171 vuln.setCVE(xmlcve.strip()) | |
172 | |
173 for xmlcwe in elem.findall(UN('vuln', 'CWE')): | |
174 vuln.addCWE(CVRFCWE( | |
175 xmlcwe.attrib['ID'], | |
176 xmlcwe.text.strip() | |
177 )) | |
178 | |
179 for xmlstatus in elem.findall('/'.join([UN('vuln', 'ProductStatuses'), UN('vuln', 'Status')])): | |
180 status = CVRFProductStatus(xmlstatus.attrib['Type']) | |
181 for xmlproductid in xmlstatus.findall(UN('vuln', 'ProductID')): | |
182 status.addProductID(xmlproductid.text.strip()) | |
183 | |
184 vuln.addProductStatus(status) | |
185 | |
186 for xmlthreat in elem.findall('/'.join([UN('vuln', 'Threats'), UN('vuln', 'Threat')])): | |
187 threat = CVRFThreat( | |
188 xmlthreat.attrib['Type'], | |
189 textwrap.dedent(xmlthreat.findtext(UN('vuln', 'Description'))).strip() | |
190 ) | |
191 xmldate = xmlthreat.findtext(UN('vuln', 'Date')) | |
192 if xmldate is not None: | |
193 threat.setDate(parseDate(xmldate)) | |
194 for xmlpid in xmlthreat.findall(UN('vuln', 'ProductID')): | |
195 threat.addProductID(xmlpid.text.strip()) | |
196 for xmlgid in xmlthreat.findall(UN('vuln', 'GroupID')): | |
197 threat.addGroupID(xmlgid.text.strip()) | |
198 | |
199 vuln.addThreat(threat) | |
200 | |
201 for xmlcvss in elem.findall('/'.join([UN('vuln', 'CVSSScoreSets'), UN('vuln', 'ScoreSet')])): | |
202 cvss_set = CVRFCVSSSet(float(xmlcvss.findtext(UN('vuln', 'BaseScore')).strip())) | |
203 xmltempscore = xmlcvss.findtext(UN('vuln', 'TemporalScore')) | |
204 if xmltempscore is not None: | |
205 cvss_set.setTemporalScore(float(xmltempscore.strip())) | |
206 xmlenvscore = xmlcvss.findtext(UN('vuln', 'EnvironmentalScore')) | |
207 if xmlenvscore is not None: | |
208 cvss_set.setEnvironmentalScore(float(xmlenvscore.strip())) | |
209 xmlvector = xmlcvss.findtext(UN('vuln', 'Vector')) | |
210 if xmlvector is not None: | |
211 cvss_set.setVector(xmlvector.strip()) | |
212 for xmlprodid in xmlcvss.findall(UN('vuln', 'ProductID')): | |
213 cvss_set.addProductID(xmlprodid.text.strip()) | |
214 | |
215 vuln.addCVSSSet(cvss_set) | |
216 | |
217 for xmlremediation in elem.findall('/'.join([UN('vuln', 'Remediations'), UN('vuln', 'Remediation')])): | |
218 remediation = CVRFRemediation( | |
219 xmlremediation.attrib['Type'], | |
220 textwrap.dedent(xmlremediation.findtext(UN('vuln', 'Description'))).strip() | |
221 ) | |
222 xmldate = xmlremediation.findtext(UN('vuln', 'Date')) | |
223 if xmldate is not None: | |
224 remediation.setDate(parseDate(xmldate)) | |
225 xmlentitlement = xmlremediation.findtext(UN('vuln', 'Entitlement')) | |
226 if xmlentitlement is not None: | |
227 remediation.setEntitlement(textwrap.dedent(xmlentitlement).strip()) | |
228 xmlurl = xmlremediation.findtext(UN('vuln', 'URL')) | |
229 if xmlurl is not None: | |
230 remediation.setURL(xmlurl.strip()) | |
231 for xmlpid in xmlremediation.findall(UN('vuln', 'ProductID')): | |
232 remediation.addProductID(xmlpid.text.strip()) | |
233 for xmlgid in xmlremediation.findall(UN('vuln', 'GroupID')): | |
234 remediation.addGroupID(xmlgid.text.strip()) | |
235 | |
236 vuln.addRemediation(remediation) | |
237 | |
238 for xmlref in elem.findall('/'.join([UN('vuln', 'References'), UN('vuln', 'Reference')])): | |
239 vuln.addReference(parseReference(xmlref, 'vuln')) | |
240 | |
241 for xmlack in elem.findall('/'.join([UN('vuln', 'Acknowledgments'), UN('vuln', 'Acknowledgment')])): | |
242 vuln.addAcknowledgment(parseAcknowledgment(xmlack, 'vuln')) | |
243 | |
244 return vuln | |
245 | |
246 | |
247 def parse(xml): | |
248 if hasattr(xml, 'read'): | |
249 xml = xml.read() | |
250 cvrfdoc = ET.fromstring(xml) | |
251 if cvrfdoc.tag != UN('cvrf', 'cvrfdoc'): | |
252 raise ValueError('Not a CVRF document !') | |
253 doc = CVRF( | |
254 cvrfdoc.findtext(UN('cvrf', 'DocumentTitle')).strip(), | |
255 cvrfdoc.findtext(UN('cvrf', 'DocumentType')).strip() | |
256 ) | |
5
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
257 |
0 | 258 cvrfpub = cvrfdoc.find(UN('cvrf', 'DocumentPublisher')) |
5
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
259 if cvrfpub is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
260 pub = CVRFPublisher(cvrfpub.attrib['Type'], cvrfpub.attrib.get('VendorID')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
261 doc.setPublisher(pub) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
262 contact = cvrfpub.find(UN('cvrf', 'ContactDetails')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
263 if contact is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
264 pub.setContact(contact.text.strip()) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
265 authority = cvrfpub.find(UN('cvrf', 'IssuingAuthority')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
266 if authority is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
267 pub.setAuthority(authority.text.strip()) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
268 |
0 | 269 cvrftracking = cvrfdoc.find(UN('cvrf', 'DocumentTracking')) |
5
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
270 if cvrftracking is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
271 identification = CVRFTrackingID( |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
272 cvrftracking.findtext('/'.join([UN('cvrf', 'Identification'), UN('cvrf', 'ID')])).strip() |
0 | 273 ) |
5
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
274 for cvrfalias in cvrftracking.findall('/'.join([UN('cvrf', 'Identification'), UN('cvrf', 'Alias')])): |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
275 identification.addAlias(cvrfalias.text.strip()) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
276 tracking = CVRFTracking( |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
277 identification, |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
278 cvrftracking.findtext(UN('cvrf', 'Status')).strip(), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
279 parseVersion(cvrftracking.findtext(UN('cvrf', 'Version')).strip()), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
280 parseDate(cvrftracking.findtext(UN('cvrf', 'InitialReleaseDate')).strip()), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
281 parseDate(cvrftracking.findtext(UN('cvrf', 'CurrentReleaseDate')).strip()) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
282 ) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
283 doc.setTracking(tracking) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
284 for cvrfrev in cvrftracking.findall('/'.join([UN('cvrf', 'RevisionHistory'), UN('cvrf', 'Revision')])): |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
285 rev = CVRFRevision( |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
286 parseVersion(cvrfrev.findtext(UN('cvrf', 'Number')).strip()), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
287 parseDate(cvrfrev.findtext(UN('cvrf', 'Date')).strip()), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
288 cvrfrev.findtext(UN('cvrf', 'Description')).strip(), |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
289 ) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
290 tracking.addRevision(rev) |
0 | 291 |
5
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
292 xmlgenerator = cvrftracking.find(UN('cvrf', 'Generator')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
293 if xmlgenerator is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
294 generator = CVRFGenerator() |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
295 xmlengine = xmlgenerator.findtext(UN('cvrf', 'Engine')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
296 if xmlengine is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
297 generator.setEngine(xmlengine.strip()) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
298 xmldate = xmlgenerator.findtext(UN('cvrf', 'Date')) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
299 if xmldate is not None: |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
300 generator.setDate(parseDate(xmldate.strip())) |
d62264a643fb
Allow parsing of incomplete documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
301 tracking.setGenerator(generator) |
0 | 302 |
303 for cvrfnote in cvrfdoc.findall('/'.join([UN('cvrf', 'DocumentNotes'), UN('cvrf', 'Note')])): | |
304 doc.addNote(parseNote(cvrfnote)) | |
305 | |
306 distr = cvrfdoc.findtext(UN('cvrf', 'DocumentDistribution')) | |
307 if distr is not None: | |
308 doc.setDistribution(textwrap.dedent(distr).strip()) | |
309 | |
310 # This is in a quite free format, not sure how to do something with it ... | |
311 xmlaggsev = cvrfdoc.find(UN('cvrf', 'AggregateSeverity')) | |
1
d47e1164740f
Add support for AggregateSeverity
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
312 if xmlaggsev is not None: |
d47e1164740f
Add support for AggregateSeverity
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
313 aggsev = CVRFAggregateSeverity(xmlaggsev.text.strip()) |
d47e1164740f
Add support for AggregateSeverity
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
314 if 'Namespace' in xmlaggsev.attrib: |
d47e1164740f
Add support for AggregateSeverity
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
315 aggsev.setNamespace(xmlaggsev.attrib['Namespace']) |
d47e1164740f
Add support for AggregateSeverity
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
316 doc.setAggregateSeverity(aggsev) |
0 | 317 |
318 for xmlref in cvrfdoc.findall('/'.join([UN('cvrf', 'DocumentReferences'), UN('cvrf', 'Reference')])): | |
319 doc.addReference(parseReference(xmlref)) | |
320 | |
321 for cvrfack in cvrfdoc.findall('/'.join([UN('cvrf', 'Acknowledgments'), UN('cvrf', 'Acknowledgment')])): | |
322 doc.addAcknowledgment(parseAcknowledgment(cvrfack)) | |
323 | |
324 # --- The ProductTree | |
325 | |
326 cvrfptree = cvrfdoc.find(UN('prod', 'ProductTree')) | |
327 if cvrfptree is not None: | |
328 producttree = doc.createProductTree() | |
15
dcc946b30343
Consolidate productTree edition
Benoît Allard <benoit.allard@greenbone.net>
parents:
9
diff
changeset
|
329 # We need to exhaust our generator ... |
dcc946b30343
Consolidate productTree edition
Benoît Allard <benoit.allard@greenbone.net>
parents:
9
diff
changeset
|
330 for _ in parseProdBranch(cvrfptree, producttree): pass |
0 | 331 |
332 for product in cvrfptree.findall(UN('prod', 'FullProductName')): | |
333 producttree.addProduct(parseFullProductName(product, producttree)) | |
334 | |
335 for cvrfrel in cvrfptree.findall(UN('prod', 'Relationship')): | |
336 rel = CVRFRelationship( | |
337 cvrfrel.attrib['ProductReference'], | |
338 cvrfrel.attrib['RelationType'], | |
339 cvrfrel.attrib['RelatesToProductReference'] | |
340 ) | |
341 producttree.addRelationship(rel) | |
342 producttree.addProduct(parseFullProductName(cvrfrel.find(UN('prod', 'FullProductName')), rel)) | |
343 | |
344 for xmlgroup in cvrfptree.findall('/'.join([UN('prod', 'ProductGroups'), UN('prod', 'Group')])): | |
345 group = CVRFGroup(xmlgroup.attrib['GroupID']) | |
346 xmldescr = xmlgroup.findtext(UN('prod', 'Description')) | |
347 if xmldescr is not None: | |
348 group.setDescription(textwrap.dedent(xmldescr).strip()) | |
349 for xmlpid in xmlgroup.findall(UN('prod', 'ProductID')): | |
350 group.addProductID(xmlpid.text.strip()) | |
351 producttree.addGroup(group) | |
352 | |
353 # --- The Vulnerabilities | |
354 | |
355 for cvrfvuln in cvrfdoc.findall(UN('vuln', 'Vulnerability')): | |
356 doc.addVulnerability(parseVulnerability(cvrfvuln)) | |
357 | |
358 return doc | |
359 | |
360 | |
361 if __name__ == "__main__": | |
362 import sys | |
363 with open(sys.argv[1], 'rt') as f: | |
364 cvrf = parse(f) | |
365 cvrf.validate() | |
366 print(cvrf) | |
367 print(cvrf.getHighestCVSS()._vector) | |
368 print(cvrf.getProductList()) | |
369 print(cvrf._producttree._branches) | |
370 # print(cvrf._producttree._branches[0]._childs) |