- more work on the security interface, now list tool can be trusted

- implemented some new API functions to ease third party implementation


git-svn-id: http://svn.sabayonlinux.org/projects/entropy/trunk@1162 cd1c1023-2f26-0410-ae45-c471fc1f0318
This commit is contained in:
(no author)
2008-02-07 11:05:22 +00:00
parent a4bfd0eddf
commit 866b1c827d
2 changed files with 72 additions and 14 deletions
+6 -1
View File
@@ -49,7 +49,12 @@ def security(options):
def list_advisories(only_affected = False, only_unaffected = False):
adv_metadata = Equo.Security.get_advisories_metadata()
if (not only_affected and not only_unaffected) or (only_affected and only_unaffected):
adv_metadata = Equo.Security.get_advisories_metadata()
elif only_affected:
adv_metadata = Equo.Security.get_vulnerabilities()
else:
adv_metadata = Equo.Security.get_fixed_vulnerabilities()
if not adv_metadata:
print_info(brown(" :: ")+darkgreen("No advisories available. Try running the 'update' tool."))
return 0
+66 -13
View File
@@ -6209,10 +6209,10 @@ class SecurityInterface:
"eq": "=",
"gt": ">",
"ge": ">=",
"rge": ">=~",
"rle": "<=~",
"rgt": " >~",
"rlt": " <~"
"rge": ">=", # >=~
"rle": "<=", # <=~
"rgt": " >", # >~
"rlt": "<" # <~
}
self.unpackdir = os.path.join(etpConst['entropyunpackdir'],"security-"+str(self.Entropy.entropyTools.getRandomNumber()))
@@ -6263,10 +6263,9 @@ class SecurityInterface:
fetchConn.progress = self.Entropy.progress
rc = fetchConn.download()
del fetchConn
status = True
if rc in ("-1","-2","-3"):
status = False
return status
return False
return True
def __verify_checksum(self):
@@ -6415,27 +6414,42 @@ class SecurityInterface:
affected = adv_metadata[key]['affected']
affected_keys = affected.keys()
valid = False
skipping_keys = set()
for a_key in affected_keys:
match = self.Entropy.atomMatch(a_key)
if match[0] != -1:
# it's in tree, it's valid
# it's in the repos, it's valid
valid = True
break
else:
skipping_keys.add(a_key)
if not valid:
del adv_metadata[key]
for a_key in skipping_keys:
try:
del adv_metadata[key]['affected'][a_key]
except KeyError:
pass
try:
if not adv_metadata[key]['affected']:
del adv_metadata[key]
except KeyError:
pass
return adv_metadata
def is_affected(self, adv_key):
adv_data = self.get_advisories_metadata()
def is_affected(self, adv_key, adv_data = {}):
if not adv_data:
adv_data = self.get_advisories_metadata()
if adv_key not in adv_data:
return False
mydata = adv_data[adv_key].copy()
del adv_data
# get packages
if not mydata['affected']:
return False
for key in mydata['affected']:
vul_atoms = mydata['affected'][key][0]['vul_atoms']
unaff_atoms = mydata['affected'][key][0]['unaff_atoms']
unaffected_atoms = set()
@@ -6447,17 +6461,56 @@ class SecurityInterface:
return False
for atom in vul_atoms:
match = self.Entropy.clientDbconn.atomMatch(atom)
if match[0] != -1 and match not in unaffected_atoms:
if (match[0] != -1) and (match not in unaffected_atoms):
if self.affected_atoms == None:
self.affected_atoms = set()
self.affected_atoms.add(atom)
return True
return False
def get_vulnerabilities(self):
return self.get_affection()
def get_fixed_vulnerabilities(self):
return self.get_affection(affected = False)
# if not affected: not affected packages will be returned
# if affected: affected packages will be returned
def get_affection(self, affected = True):
adv_data = self.get_advisories_metadata()
adv_data_keys = adv_data.keys()
valid_keys = set()
for adv in adv_data_keys:
is_affected = self.is_affected(adv,adv_data)
if affected == is_affected:
valid_keys.add(adv)
# we need to filter our adv_data and return
for key in adv_data_keys:
if key not in valid_keys:
try:
del adv_data[key]
except KeyError:
pass
# now we need to filter packages in adv_dat
for adv in adv_data:
for key in adv_data[adv]['affected'].keys():
#print key
atoms = adv_data[adv]['affected'][key][0]['vul_atoms']
#print atoms
applicable = True
for atom in atoms:
if atom in self.affected_atoms:
applicable = False
break
if applicable == affected:
del adv_data[adv]['affected'][key]
return adv_data
def get_affected_atoms(self):
adv_data = self.get_advisories_metadata()
adv_data_keys = adv_data.keys()
del adv_data
self.affected_atoms = set()
for key in adv_data_keys:
self.is_affected(key)
return self.affected_atoms