def parse_dependency(self, name): temp_list = name.split('@') dep_name = temp_list[0] dep_versionrange = temp_list[1] # print("dep_name:",dep_name) # print("dep_versionrange:", dep_versionrange) npm_url = "https://registry.npm.taobao.org" + '/' + dep_name items = self.get_results(str(npm_url)) verioninfos = items["versions"] str_version = "" true_version = "" for verioninfo in verioninfos: str_version = str(verioninfo) if semantic_version.Version( str_version) in semantic_version.NpmSpec(dep_versionrange): true_version = str_version print("dep_name: ", dep_name, "str_version: ", str_version, " dep_versionrange: ", dep_versionrange) break if true_version != "": dep_map = {"dep_name": dep_name, "dep_version": true_version} return dep_map else: print(name + " 未匹配到有效版本!") exit()
def extract_versions(package_name, aff_version_range, fixed_version_range): """ Seperate list of affected versions and fixed versions from all versions using the ranges specified """ # FIXME This skips unfixed vulnerabilities if aff_version_range == '' or fixed_version_range == '': return ([], []) aff_spec = semantic_version.NpmSpec(remove_spaces(aff_version_range)) fix_spec = semantic_version.NpmSpec(remove_spaces(fixed_version_range)) all_ver = get_all_versions(package_name) aff_ver = [] fix_ver = [] for ver in all_ver: cur_version = semantic_version.Version(ver) if cur_version in aff_spec: aff_ver.append(ver) else: if cur_version in fix_spec: fix_ver.append(ver) return (aff_ver, fix_ver)
def main(): # list=[] # listb=['d','e'] # b=['b',listb] # # lista=[b,'c'] # list=['a',lista] # print(list) # buildtree(list) # #['a', [['b', ['d', 'e']], 'c']] version="5.6.0" strversionRange="2 || 3 || 4 || 5" print(semantic_version.Version(version) in semantic_version.NpmSpec(strversionRange))
def check_version_range(version, versionrange): try: return semantic_version.Version(version) in semantic_version.NpmSpec( versionrange) except: return False
def getSpec(string): return semantic_version.NpmSpec(string)
import argparse import os import semantic_version import yaml parser = argparse.ArgumentParser() parser.add_argument("--kube-version", required=True) args = parser.parse_args() kube_version = args.kube_version.removeprefix("v") version = semantic_version.Version(kube_version) excluded_charts = [] charts = os.listdir("charts") for chart in charts: with open(f"charts/{chart}/Chart.yaml", "r") as stream: chart_yaml = yaml.safe_load(stream) chart_kube_version = chart_yaml.get("kubeVersion") if chart_kube_version is not None: spec = semantic_version.NpmSpec(chart_kube_version) if version not in spec: excluded_charts.append(chart) separator = "," print(separator.join(excluded_charts))
# Find current installed version try: cur_ver = semver.Version.coerce(inPack[package]) except ValueError: if re.search("^v[0-9].*$", inPack[package]): cur_ver = semver.Version.coerce(inPack[package][1:]) else: finalPackageResult['msg'] = 'current installed version ' + inPack[ package] + ' unreadable' finalPackageResult['status'] = 'failed' finalRes.append(finalPackageResult) continue # Get version constraints try: versionSpec = semver.NpmSpec(reqPack[package]) except ValueError: finalPackageResult[ 'msg'] = 'cannot understand constraint ' + reqPack[package] finalPackageResult['status'] = 'failed' finalRes.append(finalPackageResult) continue # Try to get info from packagist url = 'https://repo.packagist.org/packages/' + package + '.json' jsonMetaRes = requests.get(url) if jsonMetaRes.status_code != 200: finalPackageResult['msg'] = 'packagist error for url: ' + url finalPackageResult['status'] = 'failed' finalRes.append(finalPackageResult) continue
def validate(report_path): is_valid_yaml, report_data = get_report_data(report_path) if not is_valid_yaml: return False, f"Report is not valid yaml: {report_path}" if not report_is_valid(report_data): return False, f"Report is incomplete and cannot be processed: {report_path}" ## No value in checking if chart testing failed if get_chart_testing_result(report_data): profile_version_string = get_profile_version(report_data) try: profile_version = semantic_version.Version.coerce( profile_version_string) v1_0_profile = False if profile_version.major == 1 and profile_version.minor == 0: v1_0_profile = True except Exception: message = f"Invalid profile version in report : {profile_version_string}" print(message) return False, message annotations = report_info.get_report_annotations(report_path) if v1_0_profile: tested_version_annotation = CERTIFIED_VERSION_ANNOTATION else: tested_version_annotation = TESTED_VERSION_ANNOTATION if tested_version_annotation in annotations: tested_version_string = annotations[tested_version_annotation] else: return False, f"No annotation provided for {tested_version_annotation}" try: tested_version = semantic_version.Version.coerce( tested_version_string) if tested_version not in MIN_SUPPORTED_OPENSHIFT_VERSION: return False, f"{tested_version_annotation} {tested_version_string} is not a supported OpenShift version." except ValueError: return False, f"{tested_version_annotation} {tested_version_string} is not a valid semantic version." if get_has_kubeversion_result: chart = report_info.get_report_chart(report_path) if KUBE_VERSION_ATTRIBUTE in chart: kube_supported_ocp_versions_string = indexannotations.getOCPVersions( chart[KUBE_VERSION_ATTRIBUTE]) try: kube_supported_versions = semantic_version.NpmSpec( kube_supported_ocp_versions_string) except ValueError: if v1_0_profile: return True, "" else: return False, f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} translates to an invalid OCP version range {kube_supported_ocp_versions_string}' else: if v1_0_profile: return True, "" else: return False, f'{KUBE_VERSION_ATTRIBUTE} missing from chart!' if tested_version not in kube_supported_versions: return False, f"Tested OpenShift version {str(tested_version)} not within specified kube-versions : {kube_supported_ocp_versions_string}" if not v1_0_profile: if SUPPORTED_VERSIONS_ANNOTATION in annotations: supported_versions_string = annotations[ SUPPORTED_VERSIONS_ANNOTATION] try: supported_versions = semantic_version.NpmSpec( supported_versions_string) except ValueError: return False, f"{SUPPORTED_VERSIONS_ANNOTATION}: {supported_versions_string} is not a valid semantic version." else: return False, f"Missing annotation in report: {SUPPORTED_VERSIONS_ANNOTATION}" if tested_version not in supported_versions: return False, f"Tested OpenShift version {str(tested_version)} not within supported versions : {supported_versions_string}" if supported_versions_string and supported_versions_string != str( kube_supported_versions): return False, f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} -> {str(kube_supported_versions)} does not match supportedOpenShiftVersions: {supported_versions_string}' else: print("[INFO] Chart testing failed so skip report checking") return True, ""
def getOCPVersions(kubeVersion): if kubeVersion == "": return "N/A" checkKubeVersion = kubeVersion try: semantic_version.NpmSpec(kubeVersion) except ValueError: print( f"Value error with kubeVersion - NpmSpec : {kubeVersion}, see if it fixable" ) try: # Kubversion is bad, see if we can fix it separator = checkKubeVersion.find(" - ") if separator != -1: lowVersion = checkKubeVersion[:separator].strip() highVersion = checkKubeVersion[separator + 3:].strip() checkKubeVersion = f"{semantic_version.Version.coerce(lowVersion)} - {semantic_version.Version.coerce(highVersion)}" else: firstDigit = -1 for i, c in enumerate(checkKubeVersion): if c.isdigit(): firstDigit = i break if firstDigit != -1: versionInRange = checkKubeVersion[firstDigit:].strip() preVersion = checkKubeVersion[:firstDigit].strip() checkKubeVersion = f"{preVersion}{semantic_version.Version.coerce(versionInRange)}" # see if the updates have helped semantic_version.NpmSpec(checkKubeVersion) print(f"Fixed value error in kubeVersion : {checkKubeVersion}") except ValueError: print(f"Unable to fix value error in kubeVersion : {kubeVersion}") return "N/A" minOCP = "" maxOCP = "" for kubeVersionKey in kubeOpenShiftVersionMap: coercedKubeVersionKey = semantic_version.Version.coerce(kubeVersionKey) if minOCP == "" and coercedKubeVersionKey in semantic_version.NpmSpec( checkKubeVersion): minOCP = kubeOpenShiftVersionMap[kubeVersionKey] print(f" Found min : {kubeVersion}: {minOCP}") elif coercedKubeVersionKey in semantic_version.NpmSpec( checkKubeVersion): maxOCP = kubeOpenShiftVersionMap[kubeVersionKey] print(f" Found new Max : {kubeVersion}: {maxOCP}") # check if minOCP is open ended if minOCP != "" and semantic_version.Version( "1.999.999") in semantic_version.NpmSpec(checkKubeVersion): ocp_versions = f">={minOCP}" elif minOCP == "": ocp_versions = "N/A" elif maxOCP == "": ocp_versions = minOCP else: ocp_versions = f"{minOCP} - {maxOCP}" return ocp_versions