Mercurial > farol > farolluz
comparison farolluz/cvrf.py @ 17:90852c11fabd
Add methods to extract Product references in a document.
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 14 Oct 2014 16:48:22 +0200 |
parents | dcc946b30343 |
children | 4b53e7bcff0d |
comparison
equal
deleted
inserted
replaced
16:858d8c0b49e2 | 17:90852c11fabd |
---|---|
670 def getNote(self, ordinal): | 670 def getNote(self, ordinal): |
671 for note in self._notes: | 671 for note in self._notes: |
672 if note._ordinal == ordinal: | 672 if note._ordinal == ordinal: |
673 return note | 673 return note |
674 return None | 674 return None |
675 | |
676 def mentionsProdId(self, productid): | |
677 """ Returns in which sub element, self is mentioning the productid """ | |
678 for category in (self._productstatuses, self._threats, self._cvsss, self._remediations): | |
679 for subelem in category: | |
680 if productid in subelem._productids: | |
681 yield subelem | |
682 | |
683 def isMentioningProdId(self, productid): | |
684 """ Returns if self is mentioning the productid """ | |
685 for e in self.mentionsProdId(productid): | |
686 # We only need to know if the generator yield at least one elem. | |
687 return True | |
688 return False | |
689 | |
690 def mentionsGroupId(self, groupid): | |
691 for category in (self._threats, self._remediations): | |
692 for subelem in category: | |
693 if groupid in subelem._groupids: | |
694 yield subelem | |
695 | |
696 def isMentioningGroupId(self, groupids): | |
697 """ Make sure you call this with a list (not a generator or a tuple) | |
698 when wished """ | |
699 if not isinstance(groupids, list): | |
700 groupids = [groupids] | |
701 for groupid in groupids: | |
702 print "testing GroupId: ", groupid | |
703 for _ in self.mentionsGroupId(groupid): | |
704 # We only need to know if the generator yield at least one elem. | |
705 print 'True' | |
706 return True | |
707 print 'False' | |
708 return False | |
675 | 709 |
676 def validate(self, productids, groupids): | 710 def validate(self, productids, groupids): |
677 if not self._ordinal: | 711 if not self._ordinal: |
678 raise ValidationError('A Vulnerability must have an ordinal') | 712 raise ValidationError('A Vulnerability must have an ordinal') |
679 if self._id is not None: | 713 if self._id is not None: |
712 reference.validate() | 746 reference.validate() |
713 for acknowledgment in self._acknowledgments: | 747 for acknowledgment in self._acknowledgments: |
714 acknowledgment.validate() | 748 acknowledgment.validate() |
715 | 749 |
716 | 750 |
717 | |
718 class CVRFInvolvement(object): | 751 class CVRFInvolvement(object): |
719 PARTIES = CVRFPublisher.TYPES | 752 PARTIES = CVRFPublisher.TYPES |
720 STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed', | 753 STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed', |
721 'Contact Attempted', 'Not Contacted') | 754 'Contact Attempted', 'Not Contacted') |
722 def __init__(self, party, status): | 755 def __init__(self, party, status): |
754 | 787 |
755 | 788 |
756 class CVRFProductStatus(object): | 789 class CVRFProductStatus(object): |
757 TYPES = ('First Affected', 'Known Affected', 'Known Not Affected', | 790 TYPES = ('First Affected', 'Known Affected', 'Known Not Affected', |
758 'First Fixed', 'Fixed', 'Recommended', 'Last Affected') | 791 'First Fixed', 'Fixed', 'Recommended', 'Last Affected') |
792 NAME = "Product Status" | |
759 def __init__(self, _type): | 793 def __init__(self, _type): |
760 self._type = _type | 794 self._type = _type |
761 self._productids = [] | 795 self._productids = [] |
762 | 796 |
763 def addProductID(self, productid): | 797 def addProductID(self, productid): |
778 raise ValidationError('Unknown ProductID: %s' % productid) | 812 raise ValidationError('Unknown ProductID: %s' % productid) |
779 | 813 |
780 | 814 |
781 class CVRFThreat(object): | 815 class CVRFThreat(object): |
782 TYPES = ('Impact', 'Exploit Status', 'Target Set') | 816 TYPES = ('Impact', 'Exploit Status', 'Target Set') |
817 NAME = "Threat" | |
783 def __init__(self, _type, description): | 818 def __init__(self, _type, description): |
784 self._type = _type | 819 self._type = _type |
785 self._description = description | 820 self._description = description |
786 self._date = None | 821 self._date = None |
787 self._productids = [] | 822 self._productids = [] |
820 'AC': {'H':0.35, 'M':0.61 ,'L':0.71}, | 855 'AC': {'H':0.35, 'M':0.61 ,'L':0.71}, |
821 'Au': {'M':0.45, 'S':0.56, 'N':0.704}, | 856 'Au': {'M':0.45, 'S':0.56, 'N':0.704}, |
822 'C': {'N':0.0, 'P':0.275, 'C':0.66}, | 857 'C': {'N':0.0, 'P':0.275, 'C':0.66}, |
823 'I': {'N':0.0, 'P':0.275, 'C':0.66}, | 858 'I': {'N':0.0, 'P':0.275, 'C':0.66}, |
824 'A': {'N':0.0, 'P':0.275, 'C':0.66}} | 859 'A': {'N':0.0, 'P':0.275, 'C':0.66}} |
860 NAME = "CVSS Score Set" | |
825 def __init__(self, basescore): | 861 def __init__(self, basescore): |
826 self._basescore = basescore | 862 self._basescore = basescore |
827 self._temporalscore = None | 863 self._temporalscore = None |
828 self._environmentalscore = None | 864 self._environmentalscore = None |
829 self._vector = None | 865 self._vector = None |
872 | 908 |
873 | 909 |
874 class CVRFRemediation(object): | 910 class CVRFRemediation(object): |
875 TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available', | 911 TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available', |
876 'Will Not Fix') | 912 'Will Not Fix') |
913 NAME = "Remediation" | |
877 def __init__(self, _type, description): | 914 def __init__(self, _type, description): |
878 self._type = _type | 915 self._type = _type |
879 self._description = description | 916 self._description = description |
880 self._date = None | 917 self._date = None |
881 self._entitlement = None | 918 self._entitlement = None |
999 if status._type != type_: | 1036 if status._type != type_: |
1000 continue | 1037 continue |
1001 for productid in status._productids: | 1038 for productid in status._productids: |
1002 products.add(productid) | 1039 products.add(productid) |
1003 return set(self.getProductForID(p) for p in products) | 1040 return set(self.getProductForID(p) for p in products) |
1041 | |
1042 def isProductOrphan(self, productid): | |
1043 """ Returns if a productid is mentionned nowhere in the document """ | |
1044 # We first look at the ProductTree | |
1045 ptree = self._producttree | |
1046 for relation in ptree._relationships: | |
1047 if productid == relation._productreference: | |
1048 return False | |
1049 if productid == relation._relatestoproductreference: | |
1050 return False | |
1051 groupids = [g._groupid for g in ptree._groups if productid in g._productids] | |
1052 if len(groupids) > 0: | |
1053 return False | |
1054 # Go through all the Vulnerabilities | |
1055 for vulnerability in self._vulnerabilities: | |
1056 if vulnerability.isMentioningProdId(productid): | |
1057 return False | |
1058 for groupid in groupids: | |
1059 if vulnerability.isMentioningGroupId(groupid): | |
1060 return False | |
1061 return True | |
1004 | 1062 |
1005 def getNote(self, ordinal): | 1063 def getNote(self, ordinal): |
1006 for note in self._notes: | 1064 for note in self._notes: |
1007 if note._ordinal == ordinal: | 1065 if note._ordinal == ordinal: |
1008 return note | 1066 return note |