changeset 24:4b2579d55469

merged
author Benoît Allard <benoit.allard@greenbone.net>
date Fri, 24 Oct 2014 16:42:27 +0200
parents 2ee8fcfc99bc (diff) 769c6f46f7b2 (current diff)
children 3cab052872f4
files
diffstat 4 files changed, 80 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/farolluz/cvrf.py	Fri Oct 17 15:09:06 2014 +0200
+++ b/farolluz/cvrf.py	Fri Oct 24 16:42:27 2014 +0200
@@ -897,7 +897,7 @@
             raise ValidationError('A CVSS Score Set must have a Base Score')
         if self._vector and not self.vector:
             raise ValidationError('Syntax Error in CVSS Vector')
-        if abs(self._basescore - self.baseScore()) >= 0.05:
+        if self.vector and (abs(self._basescore - self.baseScore()) >= 0.05):
             raise ValidationError('Inconsistency in CVSS Score Set between Vector (%f) and Base Score (%f)' % (self.baseScore(), self._basescore))
         for productid in self._productids:
             if productid not in productids:
@@ -949,6 +949,7 @@
             if groupid not in groupids:
                 raise ValidationError('Unknown GroupID: %s' % groupid)
 
+
 class CVRF(object):
     def __init__(self, title, _type):
         self._title = title
@@ -1036,27 +1037,39 @@
                         products.add(productid)
         return set(self.getProductForID(p) for p in products)
 
-    def isProductOrphan(self, productid):
-        """ Returns if a productid is mentioned nowhere in the document """
+    def mentionsProductId(self, productid):
         # We first look at the ProductTree
         ptree = self._producttree
         for relation in ptree._relationships:
             if productid == relation._productreference:
-                return False
-            if productid == relation._relatestoproductreference:
-                return False
-        groupids = [g._groupid for g in ptree._groups if productid in g._productids]
-        if len(groupids) > 0:
-            return False
-        # Go through all the Vulnerabilities
+                yield relation
+            elif productid == relation._relatestoproductreference:
+                yield relation
+        # Then go through the groups
+        for group in ptree._groups:
+            if productid in group._productids:
+                yield group
+        # Finally, go through all the Vulnerabilities
         for vulnerability in self._vulnerabilities:
-            if vulnerability.isMentioningProdId(productid):
-                return False
-            for groupid in groupids:
-                # This will never be executed as we bail out on len(groups) > 0
-                if vulnerability.isMentioningGroupId(groupid):
-                    return False
-        return True
+            for item in vulnerability.mentionsProdId(productid):
+                yield item
+
+    def isProductOrphan(self, productid):
+        """ Returns if a productid is mentioned nowhere in the document """
+        for item in self.mentionsProductId(productid):
+            return True
+        return False
+
+    def changeProductID(self, old, new):
+        for item in self.mentionsProductId(old):
+            if isinstance(item, CVRFRelationship):
+                if old == item._productreference:
+                    item._productreference = new
+                elif old == item._relatestoproductreference:
+                    item._relatestoproductreference = new
+            else:
+                item._productids.remove(old)
+                item._productids.append(new)
 
     def isGroupOrphan(self, groupid):
         """ Returns if a group can be safely deleted """
--- a/farolluz/templates/oval.j2	Fri Oct 17 15:09:06 2014 +0200
+++ b/farolluz/templates/oval.j2	Fri Oct 24 16:42:27 2014 +0200
@@ -27,7 +27,7 @@
 {% import "oval_core.j2" as oval_core -%}
 <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#esx esx-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#hpux hpux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#aix aix-definitions-schema.xsd">
   <generator>
-    <oval:product_name>SecPod SCAP Repository</oval:product_name>
+    <oval:product_name>Farol SCAP Repository</oval:product_name>
     <oval:schema_version>5.10</oval:schema_version>
     <oval:timestamp>{{ now.isoformat() }}</oval:timestamp>
   </generator>
--- a/setup.py	Fri Oct 17 15:09:06 2014 +0200
+++ b/setup.py	Fri Oct 24 16:42:27 2014 +0200
@@ -40,4 +40,5 @@
     include_package_data=True,
     scripts=['parse_cvrf', 'render'],
     install_requires=['Jinja2'],
+    test_suite='tests',
 )
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/testProductIdRename.py	Fri Oct 24 16:42:27 2014 +0200
@@ -0,0 +1,48 @@
+import unittest
+
+from datetime import datetime
+
+from farolluz.cvrf import CVRF, CVRFPublisher, CVRFTracking, CVRFTrackingID, CVRFRevision, CVRFFullProductName, CVRFVulnerability, CVRFProductStatus, CVRFRelationship
+
+class TestProductIdRename(unittest.TestCase):
+
+    def setUp(self):
+        self.doc = CVRF('title', 'type')
+        self.doc.setPublisher(CVRFPublisher('Other'))
+        initial = datetime.now()
+        current = datetime.now()
+        track = CVRFTracking(CVRFTrackingID('1234'), 'Draft', (0,0), initial, current)
+        track.addRevision(CVRFRevision((0,0), current, '1st'))
+        self.doc.setTracking(track)
+        self.doc.validate()
+
+
+    def testChangeProductId(self):
+        ptree = self.doc.createProductTree()
+        prod = CVRFFullProductName('1', 'a', ptree)
+        ptree.addProduct(prod)
+        vuln = CVRFVulnerability(1)
+        st = CVRFProductStatus('Fixed')
+        st.addProductID('1')
+        vuln.addProductStatus(st)
+        self.doc.addVulnerability(vuln)
+        self.doc.validate()
+        prod._productid = '2'
+        self.doc.changeProductID('1', '2')
+        self.doc.validate()
+
+    def testChangeProductIdRelation(self):
+        ptree = self.doc.createProductTree()
+        prod1 = CVRFFullProductName('1', 'a', ptree)
+        ptree.addProduct(prod1)
+        prod2 = CVRFFullProductName('2', 'b', ptree)
+        ptree.addProduct(prod2)
+        rel = CVRFRelationship('1', 'Installed On', '2')
+        ptree.addRelationship(rel)
+        self.doc.validate()
+        prod1._productid = '3'
+        self.doc.changeProductID('1', '3')
+        self.doc.validate()
+        prod2._productid = '1'
+        self.doc.changeProductID('2', '1')
+        self.doc.validate()
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)