From 866b1c827d2c5533d1be5856eb593cfe39ea36ee Mon Sep 17 00:00:00 2001 From: "(no author)" <(no author)@cd1c1023-2f26-0410-ae45-c471fc1f0318> Date: Thu, 7 Feb 2008 11:05:22 +0000 Subject: [PATCH] - more work on the security interface, now list tool can be trusted - implemented some new API functions to ease third party implementation git-svn-id: http://svn.sabayonlinux.org/projects/entropy/trunk@1162 cd1c1023-2f26-0410-ae45-c471fc1f0318 --- client/text_security.py | 7 +++- libraries/entropy.py | 79 ++++++++++++++++++++++++++++++++++------- 2 files changed, 72 insertions(+), 14 deletions(-) diff --git a/client/text_security.py b/client/text_security.py index 680564cd2..f81f926ab 100644 --- a/client/text_security.py +++ b/client/text_security.py @@ -49,7 +49,12 @@ def security(options): def list_advisories(only_affected = False, only_unaffected = False): - adv_metadata = Equo.Security.get_advisories_metadata() + if (not only_affected and not only_unaffected) or (only_affected and only_unaffected): + adv_metadata = Equo.Security.get_advisories_metadata() + elif only_affected: + adv_metadata = Equo.Security.get_vulnerabilities() + else: + adv_metadata = Equo.Security.get_fixed_vulnerabilities() if not adv_metadata: print_info(brown(" :: ")+darkgreen("No advisories available. Try running the 'update' tool.")) return 0 diff --git a/libraries/entropy.py b/libraries/entropy.py index 073571091..ebb9e3812 100644 --- a/libraries/entropy.py +++ b/libraries/entropy.py @@ -6209,10 +6209,10 @@ class SecurityInterface: "eq": "=", "gt": ">", "ge": ">=", - "rge": ">=~", - "rle": "<=~", - "rgt": " >~", - "rlt": " <~" + "rge": ">=", # >=~ + "rle": "<=", # <=~ + "rgt": " >", # >~ + "rlt": "<" # <~ } self.unpackdir = os.path.join(etpConst['entropyunpackdir'],"security-"+str(self.Entropy.entropyTools.getRandomNumber())) @@ -6263,10 +6263,9 @@ class SecurityInterface: fetchConn.progress = self.Entropy.progress rc = fetchConn.download() del fetchConn - status = True if rc in ("-1","-2","-3"): - status = False - return status + return False + return True def __verify_checksum(self): @@ -6415,27 +6414,42 @@ class SecurityInterface: affected = adv_metadata[key]['affected'] affected_keys = affected.keys() valid = False + skipping_keys = set() for a_key in affected_keys: match = self.Entropy.atomMatch(a_key) if match[0] != -1: - # it's in tree, it's valid + # it's in the repos, it's valid valid = True - break + else: + skipping_keys.add(a_key) if not valid: del adv_metadata[key] + for a_key in skipping_keys: + try: + del adv_metadata[key]['affected'][a_key] + except KeyError: + pass + try: + if not adv_metadata[key]['affected']: + del adv_metadata[key] + except KeyError: + pass return adv_metadata - def is_affected(self, adv_key): - adv_data = self.get_advisories_metadata() + def is_affected(self, adv_key, adv_data = {}): + if not adv_data: + adv_data = self.get_advisories_metadata() if adv_key not in adv_data: return False mydata = adv_data[adv_key].copy() del adv_data - # get packages + if not mydata['affected']: return False + for key in mydata['affected']: + vul_atoms = mydata['affected'][key][0]['vul_atoms'] unaff_atoms = mydata['affected'][key][0]['unaff_atoms'] unaffected_atoms = set() @@ -6447,17 +6461,56 @@ class SecurityInterface: return False for atom in vul_atoms: match = self.Entropy.clientDbconn.atomMatch(atom) - if match[0] != -1 and match not in unaffected_atoms: + if (match[0] != -1) and (match not in unaffected_atoms): if self.affected_atoms == None: self.affected_atoms = set() self.affected_atoms.add(atom) return True return False + def get_vulnerabilities(self): + return self.get_affection() + + def get_fixed_vulnerabilities(self): + return self.get_affection(affected = False) + + # if not affected: not affected packages will be returned + # if affected: affected packages will be returned + def get_affection(self, affected = True): + adv_data = self.get_advisories_metadata() + adv_data_keys = adv_data.keys() + valid_keys = set() + for adv in adv_data_keys: + is_affected = self.is_affected(adv,adv_data) + if affected == is_affected: + valid_keys.add(adv) + # we need to filter our adv_data and return + for key in adv_data_keys: + if key not in valid_keys: + try: + del adv_data[key] + except KeyError: + pass + # now we need to filter packages in adv_dat + for adv in adv_data: + for key in adv_data[adv]['affected'].keys(): + #print key + atoms = adv_data[adv]['affected'][key][0]['vul_atoms'] + #print atoms + applicable = True + for atom in atoms: + if atom in self.affected_atoms: + applicable = False + break + if applicable == affected: + del adv_data[adv]['affected'][key] + return adv_data + def get_affected_atoms(self): adv_data = self.get_advisories_metadata() adv_data_keys = adv_data.keys() del adv_data + self.affected_atoms = set() for key in adv_data_keys: self.is_affected(key) return self.affected_atoms