def parse_dependency(self, name):

        temp_list = name.split('@')
        dep_name = temp_list[0]
        dep_versionrange = temp_list[1]
        # print("dep_name:",dep_name)
        # print("dep_versionrange:", dep_versionrange)

        npm_url = "https://registry.npm.taobao.org" + '/' + dep_name
        items = self.get_results(str(npm_url))
        verioninfos = items["versions"]
        str_version = ""
        true_version = ""
        for verioninfo in verioninfos:
            str_version = str(verioninfo)

            if semantic_version.Version(
                    str_version) in semantic_version.NpmSpec(dep_versionrange):
                true_version = str_version
                print("dep_name: ", dep_name, "str_version: ", str_version,
                      " dep_versionrange: ", dep_versionrange)
                break
        if true_version != "":
            dep_map = {"dep_name": dep_name, "dep_version": true_version}
            return dep_map
        else:
            print(name + " 未匹配到有效版本!")
            exit()
Ejemplo n.º 2
0
def extract_versions(package_name, aff_version_range, fixed_version_range):
    """
    Seperate list of affected versions and fixed versions from all versions
    using the ranges specified
    """
    # FIXME This skips unfixed vulnerabilities
    if aff_version_range == '' or fixed_version_range == '':
        return ([], [])

    aff_spec = semantic_version.NpmSpec(remove_spaces(aff_version_range))
    fix_spec = semantic_version.NpmSpec(remove_spaces(fixed_version_range))
    all_ver = get_all_versions(package_name)
    aff_ver = []
    fix_ver = []
    for ver in all_ver:
        cur_version = semantic_version.Version(ver)
        if cur_version in aff_spec:
            aff_ver.append(ver)
        else:
            if cur_version in fix_spec:
                fix_ver.append(ver)

    return (aff_ver, fix_ver)
Ejemplo n.º 3
0
def main():

    # list=[]
    # listb=['d','e']
    # b=['b',listb]
    #
    # lista=[b,'c']
    # list=['a',lista]
    # print(list)
    # buildtree(list)
    # #['a', [['b', ['d', 'e']], 'c']]
    version="5.6.0"
    strversionRange="2 || 3 || 4 || 5"


    print(semantic_version.Version(version) in semantic_version.NpmSpec(strversionRange))
Ejemplo n.º 4
0
def check_version_range(version, versionrange):
    try:
        return semantic_version.Version(version) in semantic_version.NpmSpec(
            versionrange)
    except:
        return False
Ejemplo n.º 5
0
def getSpec(string):
    return semantic_version.NpmSpec(string)
import argparse
import os

import semantic_version
import yaml

parser = argparse.ArgumentParser()
parser.add_argument("--kube-version", required=True)
args = parser.parse_args()

kube_version = args.kube_version.removeprefix("v")
version = semantic_version.Version(kube_version)

excluded_charts = []

charts = os.listdir("charts")

for chart in charts:
    with open(f"charts/{chart}/Chart.yaml", "r") as stream:
        chart_yaml = yaml.safe_load(stream)
        chart_kube_version = chart_yaml.get("kubeVersion")

        if chart_kube_version is not None:
            spec = semantic_version.NpmSpec(chart_kube_version)

            if version not in spec:
                excluded_charts.append(chart)

separator = ","
print(separator.join(excluded_charts))
Ejemplo n.º 7
0
    # Find current installed version
    try:
        cur_ver = semver.Version.coerce(inPack[package])
    except ValueError:
        if re.search("^v[0-9].*$", inPack[package]):
            cur_ver = semver.Version.coerce(inPack[package][1:])
        else:
            finalPackageResult['msg'] = 'current installed version ' + inPack[
                package] + ' unreadable'
            finalPackageResult['status'] = 'failed'
            finalRes.append(finalPackageResult)
            continue

    # Get version constraints
    try:
        versionSpec = semver.NpmSpec(reqPack[package])
    except ValueError:
        finalPackageResult[
            'msg'] = 'cannot understand constraint ' + reqPack[package]
        finalPackageResult['status'] = 'failed'
        finalRes.append(finalPackageResult)
        continue

    # Try to get info from packagist
    url = 'https://repo.packagist.org/packages/' + package + '.json'
    jsonMetaRes = requests.get(url)
    if jsonMetaRes.status_code != 200:
        finalPackageResult['msg'] = 'packagist error for url: ' + url
        finalPackageResult['status'] = 'failed'
        finalRes.append(finalPackageResult)
        continue
Ejemplo n.º 8
0
def validate(report_path):

    is_valid_yaml, report_data = get_report_data(report_path)

    if not is_valid_yaml:
        return False, f"Report is not valid yaml: {report_path}"

    if not report_is_valid(report_data):
        return False, f"Report is incomplete and cannot be processed: {report_path}"

    ## No value in checking if chart testing failed
    if get_chart_testing_result(report_data):

        profile_version_string = get_profile_version(report_data)

        try:
            profile_version = semantic_version.Version.coerce(
                profile_version_string)
            v1_0_profile = False
            if profile_version.major == 1 and profile_version.minor == 0:
                v1_0_profile = True
        except Exception:
            message = f"Invalid profile version in report : {profile_version_string}"
            print(message)
            return False, message

        annotations = report_info.get_report_annotations(report_path)

        if v1_0_profile:
            tested_version_annotation = CERTIFIED_VERSION_ANNOTATION
        else:
            tested_version_annotation = TESTED_VERSION_ANNOTATION

        if tested_version_annotation in annotations:
            tested_version_string = annotations[tested_version_annotation]
        else:
            return False, f"No annotation provided for {tested_version_annotation}"

        try:
            tested_version = semantic_version.Version.coerce(
                tested_version_string)
            if tested_version not in MIN_SUPPORTED_OPENSHIFT_VERSION:
                return False, f"{tested_version_annotation} {tested_version_string} is not a supported OpenShift version."
        except ValueError:
            return False, f"{tested_version_annotation} {tested_version_string} is not a valid semantic version."

        if get_has_kubeversion_result:

            chart = report_info.get_report_chart(report_path)
            if KUBE_VERSION_ATTRIBUTE in chart:
                kube_supported_ocp_versions_string = indexannotations.getOCPVersions(
                    chart[KUBE_VERSION_ATTRIBUTE])
                try:
                    kube_supported_versions = semantic_version.NpmSpec(
                        kube_supported_ocp_versions_string)
                except ValueError:
                    if v1_0_profile:
                        return True, ""
                    else:
                        return False, f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} translates to an invalid OCP version range {kube_supported_ocp_versions_string}'
            else:
                if v1_0_profile:
                    return True, ""
                else:
                    return False, f'{KUBE_VERSION_ATTRIBUTE} missing from chart!'

            if tested_version not in kube_supported_versions:
                return False, f"Tested OpenShift version {str(tested_version)} not within specified kube-versions : {kube_supported_ocp_versions_string}"

            if not v1_0_profile:

                if SUPPORTED_VERSIONS_ANNOTATION in annotations:
                    supported_versions_string = annotations[
                        SUPPORTED_VERSIONS_ANNOTATION]
                    try:
                        supported_versions = semantic_version.NpmSpec(
                            supported_versions_string)
                    except ValueError:
                        return False, f"{SUPPORTED_VERSIONS_ANNOTATION}: {supported_versions_string} is not a valid semantic version."
                else:
                    return False, f"Missing annotation in report: {SUPPORTED_VERSIONS_ANNOTATION}"

                if tested_version not in supported_versions:
                    return False, f"Tested OpenShift version {str(tested_version)} not within supported versions : {supported_versions_string}"

                if supported_versions_string and supported_versions_string != str(
                        kube_supported_versions):
                    return False, f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} -> {str(kube_supported_versions)} does not match supportedOpenShiftVersions: {supported_versions_string}'
    else:
        print("[INFO] Chart testing failed so skip report checking")

    return True, ""
Ejemplo n.º 9
0
def getOCPVersions(kubeVersion):

    if kubeVersion == "":
        return "N/A"

    checkKubeVersion = kubeVersion

    try:
        semantic_version.NpmSpec(kubeVersion)
    except ValueError:
        print(
            f"Value error with kubeVersion -  NpmSpec : {kubeVersion}, see if it fixable"
        )

        try:
            # Kubversion is bad, see if we can fix it
            separator = checkKubeVersion.find(" - ")
            if separator != -1:
                lowVersion = checkKubeVersion[:separator].strip()
                highVersion = checkKubeVersion[separator + 3:].strip()
                checkKubeVersion = f"{semantic_version.Version.coerce(lowVersion)} - {semantic_version.Version.coerce(highVersion)}"
            else:
                firstDigit = -1
                for i, c in enumerate(checkKubeVersion):
                    if c.isdigit():
                        firstDigit = i
                        break
                if firstDigit != -1:
                    versionInRange = checkKubeVersion[firstDigit:].strip()
                    preVersion = checkKubeVersion[:firstDigit].strip()
                    checkKubeVersion = f"{preVersion}{semantic_version.Version.coerce(versionInRange)}"

            # see if the updates have helped
            semantic_version.NpmSpec(checkKubeVersion)
            print(f"Fixed value error in kubeVersion : {checkKubeVersion}")

        except ValueError:
            print(f"Unable to fix value error in kubeVersion : {kubeVersion}")
            return "N/A"

    minOCP = ""
    maxOCP = ""
    for kubeVersionKey in kubeOpenShiftVersionMap:
        coercedKubeVersionKey = semantic_version.Version.coerce(kubeVersionKey)
        if minOCP == "" and coercedKubeVersionKey in semantic_version.NpmSpec(
                checkKubeVersion):
            minOCP = kubeOpenShiftVersionMap[kubeVersionKey]
            print(f"   Found min : {kubeVersion}: {minOCP}")
        elif coercedKubeVersionKey in semantic_version.NpmSpec(
                checkKubeVersion):
            maxOCP = kubeOpenShiftVersionMap[kubeVersionKey]
            print(f"   Found new Max : {kubeVersion}: {maxOCP}")

    # check if minOCP is open ended
    if minOCP != "" and semantic_version.Version(
            "1.999.999") in semantic_version.NpmSpec(checkKubeVersion):
        ocp_versions = f">={minOCP}"
    elif minOCP == "":
        ocp_versions = "N/A"
    elif maxOCP == "":
        ocp_versions = minOCP
    else:
        ocp_versions = f"{minOCP} - {maxOCP}"

    return ocp_versions