# HG changeset patch # User BenoƮt Allard # Date 1414161747 -7200 # Node ID 4b2579d5546977cf5cd305e8fd3c5b79fb7a09a1 # Parent 2ee8fcfc99bcac0d13cdc4b4e73dcdef346dc9cd# Parent 769c6f46f7b25c54e79791acfd6dbed918d7f78e merged diff -r 769c6f46f7b2 -r 4b2579d55469 farolluz/cvrf.py --- a/farolluz/cvrf.py Fri Oct 17 15:09:06 2014 +0200 +++ b/farolluz/cvrf.py Fri Oct 24 16:42:27 2014 +0200 @@ -897,7 +897,7 @@ raise ValidationError('A CVSS Score Set must have a Base Score') if self._vector and not self.vector: raise ValidationError('Syntax Error in CVSS Vector') - if abs(self._basescore - self.baseScore()) >= 0.05: + if self.vector and (abs(self._basescore - self.baseScore()) >= 0.05): raise ValidationError('Inconsistency in CVSS Score Set between Vector (%f) and Base Score (%f)' % (self.baseScore(), self._basescore)) for productid in self._productids: if productid not in productids: @@ -949,6 +949,7 @@ if groupid not in groupids: raise ValidationError('Unknown GroupID: %s' % groupid) + class CVRF(object): def __init__(self, title, _type): self._title = title @@ -1036,27 +1037,39 @@ products.add(productid) return set(self.getProductForID(p) for p in products) - def isProductOrphan(self, productid): - """ Returns if a productid is mentioned nowhere in the document """ + def mentionsProductId(self, productid): # We first look at the ProductTree ptree = self._producttree for relation in ptree._relationships: if productid == relation._productreference: - return False - if productid == relation._relatestoproductreference: - return False - groupids = [g._groupid for g in ptree._groups if productid in g._productids] - if len(groupids) > 0: - return False - # Go through all the Vulnerabilities + yield relation + elif productid == relation._relatestoproductreference: + yield relation + # Then go through the groups + for group in ptree._groups: + if productid in group._productids: + yield group + # Finally, go through all the Vulnerabilities for vulnerability in self._vulnerabilities: - if vulnerability.isMentioningProdId(productid): - return False - for groupid in groupids: - # This will never be executed as we bail out on len(groups) > 0 - if vulnerability.isMentioningGroupId(groupid): - return False - return True + for item in vulnerability.mentionsProdId(productid): + yield item + + def isProductOrphan(self, productid): + """ Returns if a productid is mentioned nowhere in the document """ + for item in self.mentionsProductId(productid): + return True + return False + + def changeProductID(self, old, new): + for item in self.mentionsProductId(old): + if isinstance(item, CVRFRelationship): + if old == item._productreference: + item._productreference = new + elif old == item._relatestoproductreference: + item._relatestoproductreference = new + else: + item._productids.remove(old) + item._productids.append(new) def isGroupOrphan(self, groupid): """ Returns if a group can be safely deleted """ diff -r 769c6f46f7b2 -r 4b2579d55469 farolluz/templates/oval.j2 --- a/farolluz/templates/oval.j2 Fri Oct 17 15:09:06 2014 +0200 +++ b/farolluz/templates/oval.j2 Fri Oct 24 16:42:27 2014 +0200 @@ -27,7 +27,7 @@ {% import "oval_core.j2" as oval_core -%} - SecPod SCAP Repository + Farol SCAP Repository 5.10 {{ now.isoformat() }} diff -r 769c6f46f7b2 -r 4b2579d55469 setup.py --- a/setup.py Fri Oct 17 15:09:06 2014 +0200 +++ b/setup.py Fri Oct 24 16:42:27 2014 +0200 @@ -40,4 +40,5 @@ include_package_data=True, scripts=['parse_cvrf', 'render'], install_requires=['Jinja2'], + test_suite='tests', ) diff -r 769c6f46f7b2 -r 4b2579d55469 tests/testProductIdRename.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/testProductIdRename.py Fri Oct 24 16:42:27 2014 +0200 @@ -0,0 +1,48 @@ +import unittest + +from datetime import datetime + +from farolluz.cvrf import CVRF, CVRFPublisher, CVRFTracking, CVRFTrackingID, CVRFRevision, CVRFFullProductName, CVRFVulnerability, CVRFProductStatus, CVRFRelationship + +class TestProductIdRename(unittest.TestCase): + + def setUp(self): + self.doc = CVRF('title', 'type') + self.doc.setPublisher(CVRFPublisher('Other')) + initial = datetime.now() + current = datetime.now() + track = CVRFTracking(CVRFTrackingID('1234'), 'Draft', (0,0), initial, current) + track.addRevision(CVRFRevision((0,0), current, '1st')) + self.doc.setTracking(track) + self.doc.validate() + + + def testChangeProductId(self): + ptree = self.doc.createProductTree() + prod = CVRFFullProductName('1', 'a', ptree) + ptree.addProduct(prod) + vuln = CVRFVulnerability(1) + st = CVRFProductStatus('Fixed') + st.addProductID('1') + vuln.addProductStatus(st) + self.doc.addVulnerability(vuln) + self.doc.validate() + prod._productid = '2' + self.doc.changeProductID('1', '2') + self.doc.validate() + + def testChangeProductIdRelation(self): + ptree = self.doc.createProductTree() + prod1 = CVRFFullProductName('1', 'a', ptree) + ptree.addProduct(prod1) + prod2 = CVRFFullProductName('2', 'b', ptree) + ptree.addProduct(prod2) + rel = CVRFRelationship('1', 'Installed On', '2') + ptree.addRelationship(rel) + self.doc.validate() + prod1._productid = '3' + self.doc.changeProductID('1', '3') + self.doc.validate() + prod2._productid = '1' + self.doc.changeProductID('2', '1') + self.doc.validate()