def search_pkgs(db, pkg_list):
"""
Method to search packages in our vulnerability database
:param db: DB instance
:param pkg_list: List of packages to search
"""
expanded_list = []
pkg_aliases = {}
for pkg in pkg_list:
variations = normalize.create_pkg_variations(pkg)
expanded_list += variations
vendor = pkg.get("vendor")
if not vendor:
purl = pkg.get("purl")
if purl:
purl_parts = purl.split("/")
if purl_parts:
vendor = purl_parts[0].replace("pkg:", "")
else:
vendor = ""
name = pkg.get("name")
pkg_aliases[vendor + ":" + name] = [
"{}:{}".format(vari.get("vendor"), vari.get("name"))
for vari in variations
]
quick_res = dbLib.bulk_index_search(expanded_list)
raw_results = dbLib.pkg_bulk_search(db, quick_res)
pkg_aliases = normalize.dealias_packages(raw_results,
pkg_aliases=pkg_aliases)
return raw_results, pkg_aliases
def search_pkgs(db, project_type, pkg_list):
"""
Method to search packages in our vulnerability database
:param db: DB instance
:param project_type: Project type
:param pkg_list: List of packages to search
"""
expanded_list = []
pkg_aliases = {}
for pkg in pkg_list:
variations = normalize.create_pkg_variations(pkg)
expanded_list += variations
vendor, name = get_pkg_vendor_name(pkg)
# TODO: Use purl here
pkg_aliases[vendor + ":" + name] = [
"{}:{}".format(vari.get("vendor"), vari.get("name"))
for vari in variations
]
quick_res = dbLib.bulk_index_search(expanded_list)
raw_results = dbLib.pkg_bulk_search(db, quick_res)
raw_results = normalize.dedup(project_type,
raw_results,
pkg_aliases=pkg_aliases)
pkg_aliases = normalize.dealias_packages(project_type,
raw_results,
pkg_aliases=pkg_aliases)
return raw_results, pkg_aliases
def test_pkg_variations():
pkg_list = create_pkg_variations({
"vendor": "fasterxml",
"name": "jackson-databind",
"version": "1.0.0"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "com.fasterxml.jackson.core",
"name": "jackson-databind",
"version": "1.0.0",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "commons-io",
"name": "commons-io",
"version": "1.0.0"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "org.eclipse.foo",
"name": "bar",
"version": "1.0.0"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "com.fasterxml.jackson.core",
"name": "jackson-annotations",
"version": "1.0.0",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "io.undertow",
"name": "undertow-core",
"version": "2.0.27.Final"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "io.undertow",
"name": "undertow-core",
"version": "2.0.27.Final"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "org.apache.logging.log4j",
"name": "log4j-api",
"version": "2.12.1"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "org.springframework.batch",
"name": "spring-batch",
"version": "2.0.27.Final",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "commons-fileupload",
"name": "commons-fileupload",
"version": "1.3.2",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "github.com/go-sql-driver",
"name": "mysql",
"version": "v1.4.1"
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor":
"golang.org/x/crypto",
"name":
"ssh",
"version":
"0.0.0-20200220183623-bac4c82f6975",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "github.com/mitchellh",
"name": "cli",
"version": "6.14.1",
})
assert len(pkg_list) > 1
pkg_list = create_pkg_variations({
"vendor": "github.com/jacobsa",
"name": "crypto",
"version": "6.14.1",
})
assert len(pkg_list) > 1