def re_evaluate_systems(self):
"""Schedule re-evaluation for all systems in DB."""
LOGGER.info("Re-evaluating all systems")
conn = DatabaseHandler.get_connection()
with NamedCursor(conn) as cur:
cur.execute("select inventory_id from system_platform")
# reevaluate updates for every system in the DB
for inventory_id, in cur:
self.evaluator_queue.send({
"type": "re-evaluate_system",
"system_id": inventory_id
})
conn.commit()
DatabaseHandler.close_connection()
def sync_cve_md(page_size=5000):
"""Sync all CVE metadata from VMaaS"""
LOGGER.info('Syncing CVE metadata')
conn = DatabaseHandler.get_connection()
cur = conn.cursor()
impact_id_map = {}
cur.execute("select name, id from cve_impact")
for impact_name, impact_id in cur.fetchall():
impact_id_map[impact_name] = impact_id
cur.execute('select cve from cve_metadata')
cves_in_db = []
for cve_tuple in cur.fetchall():
cves_in_db.append(cve_tuple[0])
cve_list = [".*"]
success = True
page = 1
session = requests.Session()
while True:
cve_request = {
'cve_list': cve_list,
'page_size': page_size,
'page': page,
'rh_only': True
}
LOGGER.info('Downloading CVE metadata (page: %s, page_size: %s)', page,
page_size)
r_json = vmaas_post_request(VMAAS_CVES_ENDPOINT,
cve_request,
session=session)
if r_json is None:
success = False
break
LOGGER.info(
'Importing CVE metadata (page: %s, page_size: %s, pages: %s)',
page, page_size, r_json['pages'])
cves = r_json['cve_list']
to_insert = []
to_update = []
for cve in cves:
description = cves[cve]['description']
impact_id = impact_id_map[cves[cve]['impact']]
public_date = cves[cve]['public_date'] or None
modified_date = cves[cve]['modified_date'] or None
cvss3_score = float(cves[cve]['cvss3_score']) if cves[cve].get(
'cvss3_score') else None
cvss3_metrics = cves[cve].get('cvss3_metrics')
cvss2_score = float(cves[cve]['cvss2_score']) if cves[cve].get(
'cvss2_score') else None
cvss2_metrics = cves[cve].get('cvss2_metrics')
row = (cve, description, impact_id, public_date, modified_date,
cvss3_score, cvss3_metrics, cvss2_score, cvss2_metrics)
if cve not in cves_in_db:
to_insert.append(row)
else:
to_update.append(row)
if to_insert:
execute_values(cur,
"""insert into cve_metadata
(cve, description, impact_id, public_date, modified_date,
cvss3_score, cvss3_metrics, cvss2_score, cvss2_metrics)
values %s""",
to_insert,
page_size=len(to_insert))
if to_update:
execute_values(
cur,
"""update cve_metadata set description = data.description,
impact_id = data.impact_id,
public_date = cast(data.public_date as timestamp with time zone),
modified_date = cast(data.modified_date as timestamp with time zone),
cvss3_score = cast(data.cvss3_score as numeric),
cvss3_metrics = data.cvss3_metrics,
cvss2_score = cast(data.cvss2_score as numeric),
cvss2_metrics = data.cvss2_metrics
from (values %s) as data (cve, description, impact_id, public_date, modified_date,
cvss3_score, cvss3_metrics, cvss2_score, cvss2_metrics)
where cve_metadata.cve = data.cve""",
to_update,
page_size=len(to_update))
LOGGER.info(
'Finished importing CVE metadata (page: %s, page_size: %s, pages: %s)',
page, page_size, r_json['pages'])
if page >= r_json['pages']:
break
page += 1
cur.close()
conn.commit()
session.close()
DatabaseHandler.close_connection()
LOGGER.info('Finished syncing CVE metadata')
return success