Mercurial > farol > farolluz
view farolluz/cvrf.py @ 0:e18b61a73a68
Initial Release
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 23 Sep 2014 15:19:14 +0200 |
| parents | |
| children | d47e1164740f |
line wrap: on
line source
# -*- coding: utf-8 -*- # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. """\ Objects related to CVRF Documents """ class ValidationError(Exception): pass class CVRFPublisher(object): TYPES = ('Vendor', 'Discoverer', 'Coordinator', 'User', 'Other') def __init__(self, _type, vendorid=None): self._type = _type self._vendorid = vendorid self._contact = None self._authority = None def setContact(self, contact): self._contact = contact def setAuthority(self, authority): self._authority = authority def validate(self): if not self._type: raise ValidationError('Document Publisher needs to have a type') if self._type not in self.TYPES: raise ValidationError('Document Publisher Type needs to be one of %s' % ', '.join(self.TYPES)) def __str__(self): s = 'CVRFPublisher: %s' % self._type if self._vendorid is not None: s += ' ID: %s' % self._vendorid if self._contact is not None: s += ' Contact: "%s"' % self._contact if self._authority is not None: s += ' Authority: "%s"' % self._authority return s class CVRFTrackingID(object): def __init__(self, _id): self._id = _id self._aliases = [] def addAlias(self, alias): self._aliases.append(alias) def validate(self): if not self._id: raise ValidationError('Document ID cannot be left empty') def __str__(self): if self._aliases: return "%s (%s)" % (self._id, ', '.join(self._aliases)) return self._id class CVRFTracking(object): STATUSES = ('Draft', 'Interim', 'Final') def __init__(self, _id, status, version, initial, current): self._identification = _id self._status = status self._version = version self._history = [] self._initialDate = initial self._currentDate = current self._generator = None def addRevision(self, revision): self._history.append(revision) def setGenerator(self, generator): self._generator = generator def validate(self): if self._identification is None: raise ValidationError('Document Tracking needs to have an Identification') self._identification.validate() if not self._status: raise ValidationError('Document status must be set') if self._status not in self.STATUSES: raise ValidationError('Document Status must be one of %s' % ', '.join(self.STATUSES)) if not self._version: raise ValidationError('Document Version must be set') if len(self._version) > 4: raise ValidationError('Document Version must be comprised between `nn` and `nn.nn.nn.nn`') if not self._history: raise ValidationError('Document must have at least a revision') if not self._initialDate: raise ValidationError('Document must have an initial Release date set') prev_date = self._initialDate if self._history[0]._date < self._initialDate: # Documents could have revisions before being released prev_date = self._history[0]._date prev = () for revision in self._history: revision.validate() if revision._number <= prev: raise ValidationError('Revision numbers must always be increasing') if revision._date < prev_date: raise ValidationError('Revision dates must always be increasing') prev = revision._number prev_date = revision._date if not self._currentDate: raise ValidationError('Document must have a Current Release Date set') if self._currentDate != self._history[-1]._date: raise ValidationError('Current Release Date must be the same as the Date from the last Revision') if self._initialDate > self._currentDate: raise ValidationError('Initial date must not be after current Date') if self._version != self._history[-1]._number: raise ValidationError('Document version must be the same as the number of the last Revision') def __str__(self): s = "ID: %s" % self._identification s += " Status: %s" % self._status s += " v%s" % '.'.join('%d' % i for i in self._version) s += " %d revisions" % len(self._history) s += " Initial release: %s" % self._initialDate.isoformat() return s class CVRFRevision(object): def __init__(self, number, date, description): self._number = number self._date = date self._description = description def validate(self): if not self._number: raise ValidationError('A Revision must have a Number') if not self._date: raise ValidationError('A Revision must have a Date') if not self._description: raise ValidationError('A Revision must have a Description') class CVRFGenerator(object): def __init__(self): self._engine = None self._date = None def setEngine(self, engine): self._engine = engine def setDate(self, date): self._date = date def validate(self): if (not self._engine) and (not self._date): raise ValidationError('The Generator must have at least an Engine or a Date') class CVRFNote(object): TYPES = ('General', 'Details', 'Description', 'Summary', 'FAQ', 'Legal Disclaimer', 'Other') def __init__(self, _type, ordinal, note, title=None, audience=None): self._type = _type self._ordinal = ordinal self._note = note self._title = title self._audience = audience def getTitle(self): """ returns something that can be used as a title """ if self._title is None: return "%s (#%d)" % (self._type, self._ordinal) return "%s (%s)" % (self._title, self._type) def validate(self): if not self._type: raise ValidationError('A Note needs to have a Type set') if self._type not in self.TYPES: raise ValidationError('A Note Type needs to be one of %s' % ', '.join(self.TYPES)) if self._ordinal < 0: raise ValidationError('A Note ordinal must be a positive integer') if not self._note: raise ValidationError('A Note must contain some text') def __str__(self): return self._note class CVRFReference(object): TYPES = ('Self', 'External') def __init__(self, url, description, _type=None): self._url = url self._description = description self._type = _type def validate(self): if (self._type is not None) and (self._type not in self.TYPES): raise ValidationError('If a Reference type is set, it mist be one of %s' % ', '.join(self.TYPES)) if not self._url: raise ValidationError('A Reference must contain an URL') if not self._description: raise ValidationError('A Reference must contain a description') class CVRFAcknowledgment(object): def __init__(self, name=None, organization=None, description=None, url=None): self._name = name self._organization = organization self._description = description self._url = url def getTitle(self): return "%s - %s" % (self._name, self._organization) def validate(self): if (not self._name) and (not self._organization) and (not self._description): raise ValidationError('An Acknowledgment must have at least a Name, an Organization or a Description') class CVRFProductTree(object): def __init__(self): # All the branches, they can be order with their `parent` attribute self._branches = [] self._groups = [] self._relationships = [] self._products = [] self._groups = [] def addBranch(self, branch): parent = self.getBranch(branch.getParent().getPath()) if parent is self: self._branches.append(branch) else: parent._childs.append(branch) def addProduct(self, product): if product not in self._products: self._products.append(product) if product._parent is not self: product._parent._product = product def addRelationship(self, rel): self._relationships.append(rel) def addGroup(self, group): self._groups.append(group) def getProductForID(self, productid): for product in self._products: if product._productid == productid: return product raise KeyError(productid) def getGroupForID(self, groupid): for group in self._groups: if group._groupid == groupid: return group raise KeyError(groupid) def decomposeProduct(self, productid): """ In case of product defined as a relationship (product X installed on OS Y), this gives us the following tuple: (OS, product). """ product = self.getProductForID(productid) parent = product._parent if parent is None: return (None, None) if not isinstance(parent, CVRFRelationship): return (None, None) relationtype = parent._relationtype.replace(' ', '').lower() if relationtype not in ('defaultcomponentof', 'installedon'): return (None, None) return ( self.getProductForID(parent._relatestoproductreference), self.getProductForID(parent._productreference) ) def getBranch(self, path): if len(path) == 0: return self branches = self._branches node = None for idx in path: node = branches[idx] branches = node._childs return node def getBranches(self): for branch in self._branches: yield branch for sub_branch in branch.getBranches(): yield sub_branch def getPath(self): return () def getNameOfRelationship(self, relationship): if relationship is None: return '' return ' '.join((self.getProductForID(relationship._productreference)._name, 'as', relationship._relationtype.lower(), self.getProductForID(relationship._relatestoproductreference)._name)) def getOrphanedBranches(self, product=None): """ The branches that could accept `product` as Product Definition """ white_list = [] if product is not None: white_list = [product._parent] for branch in self.getBranches(): if (branch in white_list) or branch.isOrphaned(): yield branch def getNotTerminalBranches(self, b2=None): """\ The branches that could accept `b2` as new sub-branches Note that b2 and all its sub-branches cannot be listed """ black_list = [] if b2 is not None: black_list = [b2] + list(b2.getBranches()) for branch in self.getBranches(): if branch in black_list: continue if branch._product is None: yield branch def getOrphanedRelationships(self, product=None): """ The relationships that need a product defninition """ white_list = [] if product is not None: white_list = [product.getCurrentRelationship()] for i, relationship in enumerate(self._relationships): if (relationship in white_list) or relationship.isOrphaned(): yield (i, relationship) def nbProducts(self): """ Amount of 'raw' Products """ return len([p for p in self._products if p._parent is self]) def validate(self): for branch in self._branches: branch.validate() productids = set() for product in self._products: product.validate() if product._productid in productids: raise ValidationError('Each ProductID must be unique (%s)' % product._productid) productids.add(product._productid) for relationship in self._relationships: relationship.validate() for productid in (relationship._productreference, relationship._relatestoproductreference): if productid not in productids: raise ValidationError('ProductID %s is unknown' % productid) groupids = set() for group in self._groups: group.validate() if group._groupid in groupids: raise ValidationError('Duplicated GroupID: %s' % group._groupid) groupids.add(group._groupid) for productid in group._productids: if productid not in productids: raise ValidationError('ProductID %s is unknown' % productid) return productids, groupids def __str__(self): return 'Products: %s' % '\n'.join(str(p) for p in self._products) class CVRFProductBranch(object): TYPES = ('Vendor', 'Product Family', 'Product Name', 'Product Version', 'Patch Level', 'Service Pack', 'Architecture', 'Language', 'Legacy', 'Specification') def __init__(self, _type, name, parentbranch): self._type = _type self._name = name self._parentbranch = parentbranch self._childs = [] self._product = None def getParent(self): return self._parentbranch def getPath(self, string=False): """ return the path to that branch element as a tuple """ if self.isRoot(): for i, b in enumerate(self._parentbranch._branches): if b is self: if string: return '%d' % i return (i, ) else: for i, b in enumerate(self._parentbranch._childs): if b is self: if string: return '/'.join([self._parentbranch.getPath(string), '%d' % i]) return self._parentbranch.getPath(string) + (i,) if string: return '' return () def getTree(self): """ this returns a list of tuples (type, name) leading to here""" if self.isRoot(): return [(self._type, self._name)] return self._parentbranch.getTree() + [(self._type, self._name)] def getName(self): return ' / '.join("%s: %s" % (type_, name) for type_, name in self.getTree()) def getParentPath(self): """ return as string the path to the parent """ return '/'.join('%s' % p for p in self.getPath()[:-1]) def isRoot(self): return isinstance(self._parentbranch, CVRFProductTree) def isOrphaned(self): """ Has no childs and no product """ return len(self._childs) == 0 and (self._product is None) def getBranches(self): for branch in self._childs: yield branch for sub_branch in branch.getBranches(): yield sub_branch def unlink(self): """ Unset our _parent, and remove us from the _parent._childs """ if self.isRoot(): self.getParent()._branches.remove(self) else: self.getParent()._childs.remove(self) self._parentbranch = None def validate(self): if not self._type: raise ValidationError('A Branch must have a Type') if self._type not in self.TYPES: raise ValidationError('A Branch Type must be one of %s' % ', '.join(self.TYPES)) if not self._name: raise ValidationError('A Branch must have a Name') for branch in self._childs: branch.validate() if self.isOrphaned(): raise ValidationError('A Branch must have at least a sub-product or sub-branches') def __str__(self): return "%s: %s" % (self._type, self._name) class CVRFFullProductName(object): def __init__(self, productid, name, parent, cpe=None): self._productid = productid self._name = name # Can be None (directly under the tree), a ProductBranch, or a # Relationship self._parent = parent self._cpe = cpe def isRoot(self): return isinstance(self._parent, CVRFProductTree) def isRelationship(self): return isinstance(self._parent, CVRFRelationship) def getTree(self): if not isinstance(self._parent, CVRFProductBranch): return [] return self._parent.getTree() def getParentPath(self): if self.isRoot() or self.isRelationship(): return '' return self._parent.getPath(True) def getCurrentRelationship(self): if self.isRelationship(): return self._parent return None def unlink(self): """ Unset our _parent, and remove us from the _parent._childs """ if self.isRoot(): self._parent._products.remove(self) else: self._parent._product = None self._parent = None def validate(self): if not self._productid: raise ValidationError('A Product must have a ProductID') if not self._name: raise ValidationError('A Product must have a Name') def __str__(self): return "%s (%s)" % (self._productid, self._name) class CVRFRelationship(object): TYPES = ('Default Component Of', 'Optional Component Of', 'External Component Of', 'Installed On', 'Installed With') def __init__(self, productref, reltype, relatestoproductref): self._productreference = productref self._relationtype = reltype self._relatestoproductreference = relatestoproductref self._product = None def getParent(self): """ All parent element of a FullProductName should implement that method """ return None def isOrphaned(self): return self._product is None def validate(self): if not self._productreference: raise ValidationError('A Relationship must have a Product Reference') if not self._relationtype: raise ValidationError('A Relationship must have a Relation Type') if self._relationtype not in self.TYPES: raise ValidationError('Relation Type must be one of %s' % ', '.join(self.TYPES)) if not self._relatestoproductreference: raise ValidationError('A Relationship must have a "Relates To product Reference"') if self._productreference == self._relatestoproductreference: raise ValidationError('A Relationship cannot reference twice the same Product') class CVRFGroup(object): def __init__(self, groupid): self._groupid = groupid self._description = None self._productids = [] def setDescription(self, description): self._description = description def addProductID(self, productid): self._productids.append(productid) def getTitle(self): if self._description: return "%s (%d products)" % (self._description, len(self._productids)) return "#%s (%d products)" % (self._groupid, len(self._productids)) def validate(self): if not self._groupid: raise ValidationError('A Group must have a GroupID') if not self._productids or len(self._productids) < 2: raise ValidationError('A Group must contain at least two products') class CVRFVulnerabilityID(object): def __init__(self, systemname, value): self._systemname = systemname self._value = value def validate(self): if not self._systemname: raise ValidationError('A Vulnerability ID must have a System Name') if not self._value: raise ValidationError('A Vulnerability ID must have a value') class CVRFVulnerability(object): def __init__(self, ordinal): self._ordinal = ordinal self._title = None self._id = None self._notes = [] self._discoverydate = None self._releasedate = None self._involvements = [] self._cve = None self._cwes = [] self._productstatuses = [] self._threats = [] self._cvsss = [] self._remediations = [] self._references = [] self._acknowledgments = [] def setTitle(self, title): self._title = title def setID(self, _id): self._id = _id def addNote(self, note): self._notes.append(note) def setDiscoveryDate(self, date): self._discoverydate = date def setReleaseDate(self, date): self._releasedate = date def addInvolvement(self, involvement): self._involvements.append(involvement) def setCVE(self, cve): self._cve = cve def addCWE(self, cwe): self._cwes.append(cwe) def addProductStatus(self, productstatus): self._productstatuses.append(productstatus) def addThreat(self, threat): self._threats.append(threat) def addCVSSSet(self, cvss_set): self._cvsss.append(cvss_set) def addRemediation(self, remediation): self._remediations.append(remediation) def addReference(self, ref): self._references.append(ref) def addAcknowledgment(self, ack): self._acknowledgments.append(ack) def getTitle(self): """ return something that can be used as a title """ if self._title: if self._id: return "%s (%s)" % (self._title, self._id._value) return self._title if self._id: return self._id._value return "#%d" % self._ordinal def validate(self, productids, groupids): if not self._ordinal: raise ValidationError('A Vulnerability must have an ordinal') if self._id is not None: self._id.validate() ordinals = set() for note in self._notes: note.validate() if note._ordinal in ordinals: raise ValidationError('Vulnerability Note Ordinal %d duplicated' % note._ordinal) ordinals.add(note._ordinal) for involvement in self._involvements: involvement.validate() for cwe in self._cwes: cwe.validate() for status in self._productstatuses: status.validate(productids) for threat in self._threats: threat.validate(productids, groupids) for cvss in self._cvsss: cvss.validate(productids) for remediation in self._remediations: remediation.validate(productids, groupids) for reference in self._references: reference.validate() for acknowledgment in self._acknowledgments: acknowledgment.validate() class CVRFInvolvement(object): PARTIES = CVRFPublisher.TYPES STATUSES = ('Open', 'Disputed', 'In Progress', 'Completed', 'Contact Attempted', 'Not Contacted') def __init__(self, party, status): self._party = party self._status = status self._description = None def setDescription(self, description): self._description = description def getTitle(self): return "From %s: %s" % (self._party, self._status) def validate(self): if not self._party: raise ValidationError('An Involvement must have a Party') if self._party not in self.PARTIES: raise ValidationError("An Involvement's Party must be one of %s" % ', '.join(self.PARTIES)) if not self._status: raise ValidationError('An Involvement must have a Status') if self._status not in self.STATUSES: raise ValidationError("An Involvement's Status must be one of %s" % ', '.join(self.STATUSES)) class CVRFCWE(object): def __init__(self, _id, value): self._id = _id self._value = value def validate(self): if not self._id: raise ValidationError('A CWE must have an ID') if not self._value: raise ValidationError('A CWE must have a description') class CVRFProductStatus(object): TYPES = ('First Affected', 'Known Affected', 'Known Not Affected', 'First Fixed', 'Fixed', 'Recommended', 'Last Affected') def __init__(self, _type): self._type = _type self._productids = [] def addProductID(self, productid): self._productids.append(productid) def getTitle(self): return "%s: %d products" % (self._type, len(self._productids)) def validate(self, productids): if not self._type: raise ValidationError('A Product Status must have a Type') if self._type not in self.TYPES: raise ValidationError("A Product Status' Type must be one of %s" % ', '.join(self.TYPES)) if len(self._productids) < 1: raise ValidationError('A Product Status must mention at least one Product') for productid in self._productids: if productid not in productids: raise ValidationError('Unknown ProductID: %s' % productid) class CVRFThreat(object): TYPES = ('Impact', 'Exploit Status', 'Target Set') def __init__(self, _type, description): self._type = _type self._description = description self._date = None self._productids = [] self._groupids = [] def setDate(self, date): self._date = date def addProductID(self, productid): self._productids.append(productid) def addGroupID(self, groupid): self._groupids.append(groupid) def getTitle(self): return self._type def validate(self, productids, groupids): if not self._type: raise ValidationError('A Threat must have a Type') if self._type not in self.TYPES: raise ValidationError("A Threat's Type must be one of %s" % ', '.join(self.TYPES)) if not self._description: raise ValidationError('A Threat must have a Description') for productid in self._productids: if productid not in productids: raise ValidationError('Unknown ProductID: %s' % productid) for groupid in self._groupids: if groupid not in groupids: raise ValidationError('Unknown GroupID: %s' % groupid) class CVRFCVSSSet(object): # To determine the base Score VALUES = {'AV': {'L':0.395, 'A':0.646, 'N':1.0}, 'AC': {'H':0.35, 'M':0.61 ,'L':0.71}, 'Au': {'M':0.45, 'S':0.56, 'N':0.704}, 'C': {'N':0.0, 'P':0.275, 'C':0.66}, 'I': {'N':0.0, 'P':0.275, 'C':0.66}, 'A': {'N':0.0, 'P':0.275, 'C':0.66}} def __init__(self, basescore): self._basescore = basescore self._temporalscore = None self._environmentalscore = None self._vector = None self.vector = None self._productids = [] def setTemporalScore(self, tempscore): self._temporalscore = tempscore def setEnvironmentalScore(self, envscore): self._environmentalscore = envscore def setVector(self, vector): self._vector = vector if vector is None: self.vector = vector return try: self.vector = {} for component in vector[:26].split('/'): name, value = component.split(':') self.vector[name] = self.VALUES[name][value] except (KeyError, ValueError): self.vector = None def addProductID(self, productid): self._productids.append(productid) def baseScore(self): v = self.vector # make an alias for shorter lines exploitability = 20 * v['AV'] * v['AC'] * v['Au'] impact = 10.41 * (1 - (1 - v['C']) * (1 - v['I']) * (1 - v['A'])) def f(i): return 0 if i == 0 else 1.176 return ((0.6 * impact) + (0.4 * exploitability) - 1.5) * f(impact) def validate(self, productids): if not self._basescore: raise ValidationError('A CVSS Score Set must have a Base Score') if self._vector and not self.vector: raise ValidationError('Syntax Error in CVSS Vector') if abs(self._basescore - self.baseScore()) >= 0.05: raise ValidationError('Inconsistency in CVSS Score Set between Vector (%f) and Base Score (%f)' % (self.baseScore(), self._basescore)) for productid in self._productids: if productid not in productids: raise ValidationError('Unknown ProductID: %s' % productid) class CVRFRemediation(object): TYPES = ('Workaround', 'Mitigation', 'Vendor Fix', 'None Available', 'Will Not Fix') def __init__(self, _type, description): self._type = _type self._description = description self._date = None self._entitlement = None self._url = None self._productids = [] self._groupids = [] def setDate(self, date): self._date = date def setEntitlement(self, entitlement): self._entitlement = entitlement def setURL(self, url): self._url = url def addProductID(self, productid): self._productids.append(productid) def addGroupID(self, groupid): self._groupids.append(groupid) def getTitle(self): return self._type def validate(self, productids, groupids): if not self._type: raise ValidationError('A Remediation must have a Type') if self._type not in self.TYPES: raise ValidationError("A Remediation's Type must be one of %s" % ', '.join(self.TYPES)) if not self._description: raise ValidationError('A Remediation must have a Description') for productid in self._productids: if productid not in productids: raise ValidationError('Unknown ProductID: %s' % productid) for groupid in self._groupids: if groupid not in groupids: raise ValidationError('Unknown GroupID: %s' % groupid) class CVRF(object): def __init__(self, title, _type): self._title = title self._type = _type self._publisher = None self._tracking = None self._notes = [] self._distribution = None self._references = [] self._acknowledgments = [] self._producttree = None self._vulnerabilities = [] def setPublisher(self, publisher): self._publisher = publisher def setTracking(self, tracking): self._tracking = tracking def addNote(self, note): self._notes.append(note) def setDistribution(self, distribution): self._distribution = distribution def addReference(self, ref): self._references.append(ref) def addAcknowledgment(self, ack): self._acknowledgments.append(ack) def createProductTree(self): """ only done if the element is there """ self._producttree = CVRFProductTree() return self._producttree def addVulnerability(self, vuln): self._vulnerabilities.append(vuln) def getProductForID(self, productid): if self._producttree is None: raise ValueError('No ProductTree') return self._producttree.getProductForID(productid) def getGroupForID(self, groupid): if self._producttree is None: raise ValueError('No ProductTree') return self._producttree.getGroupForID(groupid) def getHighestCVSS(self): highestBaseScore = 0 highest = None for vulnerability in self._vulnerabilities: for cvss in vulnerability._cvsss: if cvss._basescore <= highestBaseScore: continue highestBaseScore = cvss._basescore highest = cvss return highest def getProductList(self, type_='Fixed'): products = set() if type_ == 'Fixed': # First try through the Remediation for vulnerability in self._vulnerabilities: for remediation in vulnerability._remediations: if remediation._type != 'Vendor Fix': continue for productid in remediation._productids: products.add(productid) for groupid in remediation._groupids: for productid in self.getGroupForID(groupid)._productids: products.add(productid) if not products: # If nothing there, try through the productstatuses for vulnerability in self._vulnerabilities: for status in vulnerability._productstatuses: if status._type != type_: continue for productid in status._productids: products.add(productid) return set(self.getProductForID(p) for p in products) def getNote(self, ordinal): for note in self._notes: if note._ordinal == ordinal: return note return None def validate(self): if not self._title: raise ValidationError('Document Title cannot be empty') if not self._type: raise ValidationError('Document Type cannot be empty') if self._publisher is None: raise ValidationError('Document Publisher needs to be set') self._publisher.validate() if self._tracking is None: raise ValidationError('Document Tracking needs to be set') self._tracking.validate() ordinals = set() for note in self._notes: note.validate() if note._ordinal in ordinals: raise ValidationError('Document Note ordinal %d is issued twice' % note._ordinal) ordinals.add(note._ordinal) for reference in self._references: reference.validate() for acknowledgment in self._acknowledgments: acknowledgment.validate() productids = set() groupids = set() if self._producttree: productids, groupids = self._producttree.validate() ordinals = set() for vulnerability in self._vulnerabilities: vulnerability.validate(productids, groupids) if vulnerability._ordinal in ordinals: raise ValidationError('Vulnerability ordinal %d is issued twice' % vulnerability._ordinal) ordinals.add(vulnerability._ordinal) def __str__(self): s = [ 'Title: %s' % self._title, 'Type: %s' % self._type, 'Publisher: %s' % self._publisher, 'tracking: %s' % self._tracking, '%d Notes: %s' % (len(self._notes), ', '.join( str(n) for n in self._notes)) ] if self._distribution is not None: s.append('Distribution: %s' % self._distribution) s.extend([ '%d Acknowledgments' % len(self._acknowledgments), 'Products: %s' % self._producttree, ]) return '\n'.join(s)