Mercurial > farol > farolluz

annotate farolluz/vulnerability.py @ 28:e317097af486

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Vulnerability: remove unused functionnality
author Benoît Allard <benoit.allard@greenbone.net>
date Mon, 27 Oct 2014 11:23:33 +0100
parents 809db989cac5
children 2e36289616db
rev   line source
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
2 #
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
3 # Authors:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
4 # BenoƮt Allard <benoit.allard@greenbone.net>
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
5 #
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
6 # Copyright:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
7 # Copyright (C) 2014 Greenbone Networks GmbH
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
8 #
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
9 # This program is free software; you can redistribute it and/or
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
10 # modify it under the terms of the GNU General Public License
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
11 # as published by the Free Software Foundation; either version 2
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
12 # of the License, or (at your option) any later version.
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
13 #
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
14 # This program is distributed in the hope that it will be useful,
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
17 # GNU General Public License for more details.
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
18 #
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
19 # You should have received a copy of the GNU General Public License
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
20 # along with this program; if not, write to the Free Software
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
21 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
22
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
23 """\
26
809db989cac5 Reorganize the code in smaller mpodules
Benoît Allard <benoit.allard@greenbone.net>
parents: 22
diff changeset
24 Vulnerability Objects related to CVRF Documents
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
25 """
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
26
26
809db989cac5 Reorganize the code in smaller mpodules
Benoît Allard <benoit.allard@greenbone.net>
parents: 22
diff changeset
27 from .common import ValidationError
809db989cac5 Reorganize the code in smaller mpodules
Benoît Allard <benoit.allard@greenbone.net>
parents: 22
diff changeset
28 from .document import CVRFPublisher
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
29
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
30
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
31 class CVRFVulnerabilityID(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
32 def __init__(self, systemname, value):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
33 self._systemname = systemname
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
34 self._value = value
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
35
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
36 def validate(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
37 if not self._systemname:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
38 raise ValidationError('A Vulnerability ID must have a System Name')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
39 if not self._value:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
40 raise ValidationError('A Vulnerability ID must have a value')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
41
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
42
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
43 class CVRFVulnerability(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
44 def __init__(self, ordinal):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
45 self._ordinal = ordinal
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
46 self._title = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
47 self._id = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
48 self._notes = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
49 self._discoverydate = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
50 self._releasedate = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
51 self._involvements = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
52 self._cve = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
53 self._cwes = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
54 self._productstatuses = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
55 self._threats = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
56 self._cvsss = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
57 self._remediations = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
58 self._references = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
59 self._acknowledgments = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
60
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
61 def setTitle(self, title):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
62 self._title = title
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
63
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
64 def setID(self, _id):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
65 self._id = _id
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
66
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
67 def addNote(self, note):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
68 self._notes.append(note)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
69
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
70 def setDiscoveryDate(self, date):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
71 self._discoverydate = date
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
72
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
73 def setReleaseDate(self, date):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
74 self._releasedate = date
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
75
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
76 def addInvolvement(self, involvement):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
77 self._involvements.append(involvement)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
78
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
79 def setCVE(self, cve):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
80 self._cve = cve
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
81
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
82 def addCWE(self, cwe):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
83 self._cwes.append(cwe)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
84
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
85 def addProductStatus(self, productstatus):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
86 self._productstatuses.append(productstatus)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
87
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
88 def addThreat(self, threat):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
89 self._threats.append(threat)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
90
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
91 def addCVSSSet(self, cvss_set):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
92 self._cvsss.append(cvss_set)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
93
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
94 def addRemediation(self, remediation):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
95 self._remediations.append(remediation)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
96
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
97 def addReference(self, ref):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
98 self._references.append(ref)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
99
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
100 def addAcknowledgment(self, ack):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
101 self._acknowledgments.append(ack)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
102
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
103 def getTitle(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
104 """ return something that can be used as a title """
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
105 if self._title:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
106 if self._id:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
107 return "%s (%s)" % (self._title, self._id._value)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
108 return self._title
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
109 if self._id:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
110 return self._id._value
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
111 return "#%d" % self._ordinal
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
112
7
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
113 def getNote(self, ordinal):
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
114 for note in self._notes:
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
115 if note._ordinal == ordinal:
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
116 return note
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
117 return None
c924c15bd110 Add a method to get a Vulnerability Note per ordinal
Benoît Allard <benoit.allard@greenbone.net>
parents: 6
diff changeset
118
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
119 def mentionsProdId(self, productid):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
120 """ Returns in which sub element, self is mentioning the productid """
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
121 for category in (self._productstatuses, self._threats, self._cvsss, self._remediations):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
122 for subelem in category:
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
123 if productid in subelem._productids:
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
124 yield subelem
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
125
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
126 def isMentioningProdId(self, productid):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
127 """ Returns if self is mentioning the productid """
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
128 for e in self.mentionsProdId(productid):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
129 # We only need to know if the generator yield at least one elem.
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
130 return True
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
131 return False
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
132
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
133 def mentionsGroupId(self, groupid):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
134 for category in (self._threats, self._remediations):
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
135 for subelem in category:
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
136 if groupid in subelem._groupids:
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
137 yield subelem
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
138
28
e317097af486 Vulnerability: remove unused functionnality
Benoît Allard <benoit.allard@greenbone.net>
parents: 26
diff changeset
139 def isMentioningGroupId(self, groupid):
e317097af486 Vulnerability: remove unused functionnality
Benoît Allard <benoit.allard@greenbone.net>
parents: 26
diff changeset
140 for _ in self.mentionsGroupId(groupid):
e317097af486 Vulnerability: remove unused functionnality
Benoît Allard <benoit.allard@greenbone.net>
parents: 26
diff changeset
141 # We only need to know if the generator yield at least one elem.
e317097af486 Vulnerability: remove unused functionnality
Benoît Allard <benoit.allard@greenbone.net>
parents: 26
diff changeset
142 return True
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
143 return False
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
144
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
145 def validate(self, productids, groupids):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
146 if not self._ordinal:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
147 raise ValidationError('A Vulnerability must have an ordinal')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
148 if self._id is not None:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
149 self._id.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
150 ordinals = set()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
151 for note in self._notes:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
152 note.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
153 if note._ordinal in ordinals:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
154 raise ValidationError('Vulnerability Note Ordinal %d duplicated' % note._ordinal)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
155 ordinals.add(note._ordinal)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
156 for involvement in self._involvements:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
157 involvement.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
158 for cwe in self._cwes:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
159 cwe.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
160 for status in self._productstatuses:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
161 status.validate(productids)
13
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
162 pids = set()
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
163 for status in self._productstatuses:
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
164 for pid in status._productids:
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
165 if pid in pids:
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
166 raise ValidationError('ProductID %s mentionned in two different ProductStatuses for Vulnerability %d' % (pid, self._ordinal))
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
167 pids.add(pid)
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
168 for threat in self._threats:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
169 threat.validate(productids, groupids)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
170 for cvss in self._cvsss:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
171 cvss.validate(productids)
14
640b88744523 Fix issue in validation of CVSS Score Sets
Benoît Allard <benoit.allard@greenbone.net>
parents: 13
diff changeset
172 pids = set()
13
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
173 for cvss in self._cvsss:
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
174 for pid in (cvss._productids or productids):
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
175 if pid in pids:
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
176 raise ValidationError('ProductID %s mentionned in two different CVSS Score Sets for Vulnerability %d' % (pid, self._ordinal))
db2a02fff101 Improve validation
Benoît Allard <benoit.allard@greenbone.net>
parents: 8
diff changeset
177 pids.add(pid)
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
178 for remediation in self._remediations:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
179 remediation.validate(productids, groupids)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
180 for reference in self._references:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
181 reference.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
182 for acknowledgment in self._acknowledgments:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
183 acknowledgment.validate()
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
184
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
185
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
186 class CVRFInvolvement(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
187 PARTIES = CVRFPublisher.TYPES
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
188 STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed',
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
189 'Contact Attempted', 'Not Contacted')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
190 def __init__(self, party, status):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
191 self._party = party
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
192 self._status = status
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
193 self._description = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
194
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
195 def setDescription(self, description):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
196 self._description = description
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
197
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
198 def getTitle(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
199 return "From %s: %s" % (self._party, self._status)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
200
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
201 def validate(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
202 if not self._party:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
203 raise ValidationError('An Involvement must have a Party')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
204 if self._party not in self.PARTIES:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
205 raise ValidationError("An Involvement's Party must be one of %s" % ', '.join(self.PARTIES))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
206 if not self._status:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
207 raise ValidationError('An Involvement must have a Status')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
208 if self._status not in self.STATUSES:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
209 raise ValidationError("An Involvement's Status must be one of %s" % ', '.join(self.STATUSES))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
210
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
211
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
212 class CVRFCWE(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
213 def __init__(self, _id, value):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
214 self._id = _id
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
215 self._value = value
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
216
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
217 def validate(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
218 if not self._id:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
219 raise ValidationError('A CWE must have an ID')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
220 if not self._value:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
221 raise ValidationError('A CWE must have a description')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
222
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
223
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
224 class CVRFProductStatus(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
225 TYPES = ('First Affected', 'Known Affected', 'Known Not Affected',
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
226 'First Fixed', 'Fixed', 'Recommended', 'Last Affected')
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
227 NAME = "Product Status"
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
228 def __init__(self, _type):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
229 self._type = _type
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
230 self._productids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
231
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
232 def addProductID(self, productid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
233 self._productids.append(productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
234
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
235 def getTitle(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
236 return "%s: %d products" % (self._type, len(self._productids))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
237
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
238 def validate(self, productids):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
239 if not self._type:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
240 raise ValidationError('A Product Status must have a Type')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
241 if self._type not in self.TYPES:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
242 raise ValidationError("A Product Status' Type must be one of %s" % ', '.join(self.TYPES))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
243 if len(self._productids) < 1:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
244 raise ValidationError('A Product Status must mention at least one Product')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
245 for productid in self._productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
246 if productid not in productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
247 raise ValidationError('Unknown ProductID: %s' % productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
248
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
249
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
250 class CVRFThreat(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
251 TYPES = ('Impact', 'Exploit Status', 'Target Set')
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
252 NAME = "Threat"
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
253 def __init__(self, _type, description):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
254 self._type = _type
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
255 self._description = description
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
256 self._date = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
257 self._productids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
258 self._groupids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
259
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
260 def setDate(self, date):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
261 self._date = date
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
262
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
263 def addProductID(self, productid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
264 self._productids.append(productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
265
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
266 def addGroupID(self, groupid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
267 self._groupids.append(groupid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
268
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
269 def getTitle(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
270 return self._type
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
271
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
272 def validate(self, productids, groupids):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
273 if not self._type:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
274 raise ValidationError('A Threat must have a Type')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
275 if self._type not in self.TYPES:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
276 raise ValidationError("A Threat's Type must be one of %s" % ', '.join(self.TYPES))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
277 if not self._description:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
278 raise ValidationError('A Threat must have a Description')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
279 for productid in self._productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
280 if productid not in productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
281 raise ValidationError('Unknown ProductID: %s' % productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
282 for groupid in self._groupids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
283 if groupid not in groupids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
284 raise ValidationError('Unknown GroupID: %s' % groupid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
285
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
286
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
287 class CVRFCVSSSet(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
288 # To determine the base Score
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
289 VALUES = {'AV': {'L':0.395, 'A':0.646, 'N':1.0},
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
290 'AC': {'H':0.35, 'M':0.61 ,'L':0.71},
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
291 'Au': {'M':0.45, 'S':0.56, 'N':0.704},
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
292 'C': {'N':0.0, 'P':0.275, 'C':0.66},
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
293 'I': {'N':0.0, 'P':0.275, 'C':0.66},
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
294 'A': {'N':0.0, 'P':0.275, 'C':0.66}}
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
295 NAME = "CVSS Score Set"
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
296 def __init__(self, basescore):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
297 self._basescore = basescore
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
298 self._temporalscore = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
299 self._environmentalscore = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
300 self._vector = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
301 self.vector = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
302 self._productids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
303
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
304 def setTemporalScore(self, tempscore):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
305 self._temporalscore = tempscore
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
306
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
307 def setEnvironmentalScore(self, envscore):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
308 self._environmentalscore = envscore
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
309
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
310 def setVector(self, vector):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
311 self._vector = vector
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
312 if vector is None:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
313 self.vector = vector
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
314 return
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
315 try:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
316 self.vector = {}
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
317 for component in vector[:26].split('/'):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
318 name, value = component.split(':')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
319 self.vector[name] = self.VALUES[name][value]
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
320 except (KeyError, ValueError):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
321 self.vector = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
322
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
323 def addProductID(self, productid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
324 self._productids.append(productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
325
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
326 def baseScore(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
327 v = self.vector # make an alias for shorter lines
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
328 exploitability = 20 * v['AV'] * v['AC'] * v['Au']
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
329 impact = 10.41 * (1 - (1 - v['C']) * (1 - v['I']) * (1 - v['A']))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
330 def f(i): return 0 if i == 0 else 1.176
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
331 return ((0.6 * impact) + (0.4 * exploitability) - 1.5) * f(impact)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
332
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
333 def validate(self, productids):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
334 if not self._basescore:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
335 raise ValidationError('A CVSS Score Set must have a Base Score')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
336 if self._vector and not self.vector:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
337 raise ValidationError('Syntax Error in CVSS Vector')
22
4004b67216a9 Add tests + method to change a ProductID
Benoît Allard <benoit.allard@greenbone.net>
parents: 19
diff changeset
338 if self.vector and (abs(self._basescore - self.baseScore()) >= 0.05):
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
339 raise ValidationError('Inconsistency in CVSS Score Set between Vector (%f) and Base Score (%f)' % (self.baseScore(), self._basescore))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
340 for productid in self._productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
341 if productid not in productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
342 raise ValidationError('Unknown ProductID: %s' % productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
343
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
344
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
345 class CVRFRemediation(object):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
346 TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available',
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
347 'Will Not Fix')
17
90852c11fabd Add methods to extract Product references in a document.
Benoît Allard <benoit.allard@greenbone.net>
parents: 15
diff changeset
348 NAME = "Remediation"
0
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
349 def __init__(self, _type, description):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
350 self._type = _type
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
351 self._description = description
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
352 self._date = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
353 self._entitlement = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
354 self._url = None
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
355 self._productids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
356 self._groupids = []
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
357
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
358 def setDate(self, date):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
359 self._date = date
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
360
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
361 def setEntitlement(self, entitlement):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
362 self._entitlement = entitlement
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
363
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
364 def setURL(self, url):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
365 self._url = url
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
366
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
367 def addProductID(self, productid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
368 self._productids.append(productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
369
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
370 def addGroupID(self, groupid):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
371 self._groupids.append(groupid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
372
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
373 def getTitle(self):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
374 return self._type
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
375
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
376 def validate(self, productids, groupids):
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
377 if not self._type:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
378 raise ValidationError('A Remediation must have a Type')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
379 if self._type not in self.TYPES:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
380 raise ValidationError("A Remediation's Type must be one of %s" % ', '.join(self.TYPES))
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
381 if not self._description:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
382 raise ValidationError('A Remediation must have a Description')
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
383 for productid in self._productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
384 if productid not in productids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
385 raise ValidationError('Unknown ProductID: %s' % productid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
386 for groupid in self._groupids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
387 if groupid not in groupids:
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
388 raise ValidationError('Unknown GroupID: %s' % groupid)
e18b61a73a68 Initial Release
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
389
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)