Mercurial > farol > farolluz
comparison farolluz/cvrf.py @ 17:90852c11fabd
Add methods to extract Product references in a document.
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 14 Oct 2014 16:48:22 +0200 |
| parents | dcc946b30343 |
| children | 4b53e7bcff0d |
comparison
equal
deleted
inserted
replaced
| 16:858d8c0b49e2 | 17:90852c11fabd |
|---|---|
| 670 def getNote(self, ordinal): | 670 def getNote(self, ordinal): |
| 671 for note in self._notes: | 671 for note in self._notes: |
| 672 if note._ordinal == ordinal: | 672 if note._ordinal == ordinal: |
| 673 return note | 673 return note |
| 674 return None | 674 return None |
| 675 | |
| 676 def mentionsProdId(self, productid): | |
| 677 """ Returns in which sub element, self is mentioning the productid """ | |
| 678 for category in (self._productstatuses, self._threats, self._cvsss, self._remediations): | |
| 679 for subelem in category: | |
| 680 if productid in subelem._productids: | |
| 681 yield subelem | |
| 682 | |
| 683 def isMentioningProdId(self, productid): | |
| 684 """ Returns if self is mentioning the productid """ | |
| 685 for e in self.mentionsProdId(productid): | |
| 686 # We only need to know if the generator yield at least one elem. | |
| 687 return True | |
| 688 return False | |
| 689 | |
| 690 def mentionsGroupId(self, groupid): | |
| 691 for category in (self._threats, self._remediations): | |
| 692 for subelem in category: | |
| 693 if groupid in subelem._groupids: | |
| 694 yield subelem | |
| 695 | |
| 696 def isMentioningGroupId(self, groupids): | |
| 697 """ Make sure you call this with a list (not a generator or a tuple) | |
| 698 when wished """ | |
| 699 if not isinstance(groupids, list): | |
| 700 groupids = [groupids] | |
| 701 for groupid in groupids: | |
| 702 print "testing GroupId: ", groupid | |
| 703 for _ in self.mentionsGroupId(groupid): | |
| 704 # We only need to know if the generator yield at least one elem. | |
| 705 print 'True' | |
| 706 return True | |
| 707 print 'False' | |
| 708 return False | |
| 675 | 709 |
| 676 def validate(self, productids, groupids): | 710 def validate(self, productids, groupids): |
| 677 if not self._ordinal: | 711 if not self._ordinal: |
| 678 raise ValidationError('A Vulnerability must have an ordinal') | 712 raise ValidationError('A Vulnerability must have an ordinal') |
| 679 if self._id is not None: | 713 if self._id is not None: |
| 712 reference.validate() | 746 reference.validate() |
| 713 for acknowledgment in self._acknowledgments: | 747 for acknowledgment in self._acknowledgments: |
| 714 acknowledgment.validate() | 748 acknowledgment.validate() |
| 715 | 749 |
| 716 | 750 |
| 717 | |
| 718 class CVRFInvolvement(object): | 751 class CVRFInvolvement(object): |
| 719 PARTIES = CVRFPublisher.TYPES | 752 PARTIES = CVRFPublisher.TYPES |
| 720 STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed', | 753 STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed', |
| 721 'Contact Attempted', 'Not Contacted') | 754 'Contact Attempted', 'Not Contacted') |
| 722 def __init__(self, party, status): | 755 def __init__(self, party, status): |
| 754 | 787 |
| 755 | 788 |
| 756 class CVRFProductStatus(object): | 789 class CVRFProductStatus(object): |
| 757 TYPES = ('First Affected', 'Known Affected', 'Known Not Affected', | 790 TYPES = ('First Affected', 'Known Affected', 'Known Not Affected', |
| 758 'First Fixed', 'Fixed', 'Recommended', 'Last Affected') | 791 'First Fixed', 'Fixed', 'Recommended', 'Last Affected') |
| 792 NAME = "Product Status" | |
| 759 def __init__(self, _type): | 793 def __init__(self, _type): |
| 760 self._type = _type | 794 self._type = _type |
| 761 self._productids = [] | 795 self._productids = [] |
| 762 | 796 |
| 763 def addProductID(self, productid): | 797 def addProductID(self, productid): |
| 778 raise ValidationError('Unknown ProductID: %s' % productid) | 812 raise ValidationError('Unknown ProductID: %s' % productid) |
| 779 | 813 |
| 780 | 814 |
| 781 class CVRFThreat(object): | 815 class CVRFThreat(object): |
| 782 TYPES = ('Impact', 'Exploit Status', 'Target Set') | 816 TYPES = ('Impact', 'Exploit Status', 'Target Set') |
| 817 NAME = "Threat" | |
| 783 def __init__(self, _type, description): | 818 def __init__(self, _type, description): |
| 784 self._type = _type | 819 self._type = _type |
| 785 self._description = description | 820 self._description = description |
| 786 self._date = None | 821 self._date = None |
| 787 self._productids = [] | 822 self._productids = [] |
| 820 'AC': {'H':0.35, 'M':0.61 ,'L':0.71}, | 855 'AC': {'H':0.35, 'M':0.61 ,'L':0.71}, |
| 821 'Au': {'M':0.45, 'S':0.56, 'N':0.704}, | 856 'Au': {'M':0.45, 'S':0.56, 'N':0.704}, |
| 822 'C': {'N':0.0, 'P':0.275, 'C':0.66}, | 857 'C': {'N':0.0, 'P':0.275, 'C':0.66}, |
| 823 'I': {'N':0.0, 'P':0.275, 'C':0.66}, | 858 'I': {'N':0.0, 'P':0.275, 'C':0.66}, |
| 824 'A': {'N':0.0, 'P':0.275, 'C':0.66}} | 859 'A': {'N':0.0, 'P':0.275, 'C':0.66}} |
| 860 NAME = "CVSS Score Set" | |
| 825 def __init__(self, basescore): | 861 def __init__(self, basescore): |
| 826 self._basescore = basescore | 862 self._basescore = basescore |
| 827 self._temporalscore = None | 863 self._temporalscore = None |
| 828 self._environmentalscore = None | 864 self._environmentalscore = None |
| 829 self._vector = None | 865 self._vector = None |
| 872 | 908 |
| 873 | 909 |
| 874 class CVRFRemediation(object): | 910 class CVRFRemediation(object): |
| 875 TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available', | 911 TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available', |
| 876 'Will Not Fix') | 912 'Will Not Fix') |
| 913 NAME = "Remediation" | |
| 877 def __init__(self, _type, description): | 914 def __init__(self, _type, description): |
| 878 self._type = _type | 915 self._type = _type |
| 879 self._description = description | 916 self._description = description |
| 880 self._date = None | 917 self._date = None |
| 881 self._entitlement = None | 918 self._entitlement = None |
| 999 if status._type != type_: | 1036 if status._type != type_: |
| 1000 continue | 1037 continue |
| 1001 for productid in status._productids: | 1038 for productid in status._productids: |
| 1002 products.add(productid) | 1039 products.add(productid) |
| 1003 return set(self.getProductForID(p) for p in products) | 1040 return set(self.getProductForID(p) for p in products) |
| 1041 | |
| 1042 def isProductOrphan(self, productid): | |
| 1043 """ Returns if a productid is mentionned nowhere in the document """ | |
| 1044 # We first look at the ProductTree | |
| 1045 ptree = self._producttree | |
| 1046 for relation in ptree._relationships: | |
| 1047 if productid == relation._productreference: | |
| 1048 return False | |
| 1049 if productid == relation._relatestoproductreference: | |
| 1050 return False | |
| 1051 groupids = [g._groupid for g in ptree._groups if productid in g._productids] | |
| 1052 if len(groupids) > 0: | |
| 1053 return False | |
| 1054 # Go through all the Vulnerabilities | |
| 1055 for vulnerability in self._vulnerabilities: | |
| 1056 if vulnerability.isMentioningProdId(productid): | |
| 1057 return False | |
| 1058 for groupid in groupids: | |
| 1059 if vulnerability.isMentioningGroupId(groupid): | |
| 1060 return False | |
| 1061 return True | |
| 1004 | 1062 |
| 1005 def getNote(self, ordinal): | 1063 def getNote(self, ordinal): |
| 1006 for note in self._notes: | 1064 for note in self._notes: |
| 1007 if note._ordinal == ordinal: | 1065 if note._ordinal == ordinal: |
| 1008 return note | 1066 return note |