def collect_Specific_Package_URL(cursor, implementation_type='automatic', comment=False, link=False, package_name=False, unformatted_package_name=False): if not sf.connected_To_Internet(): return False if link: version_name = search_URL_For_Version_Update(link) if version_name: versions = get_Matching_Ubuntu_Version(package_name, version_name) if versions: if perform_Package_Version_Update(versions[0], package_name, versions[1]): if update_Vulnerability_Information( package_name, sf.get_Ubuntu_Package_Version(package_name), versions[1], implementation_type, comment): return True else: return False else: return False elif cursor: for urls in cursor['references']: version_name = search_URL_For_Version_Update(urls) if version_name: print(version_name) version_list = get_Matching_Ubuntu_Version( package_name, version_name) if version_list: if perform_Package_Version_Update(version_list[0], package_name, version_list[1]): if update_Vulnerability_Information( package_name, sf.get_Ubuntu_Package_Version(package_name), version_list[1], implementation_type, comment): return True else: return False else: return False else: return False
def update_using_admin_patch(package_name, cve_id): prev_ubuntu_vers = package_collection.find_one( {'package_name': package_name})['ubuntu_version'] ap.handle_Patch_Update(cve_collection.find_one({'id': cve_id}), package_name) if prev_ubuntu_vers != sf.get_Ubuntu_Package_Version(package_name): gv.remove_Special_Characters() gv.collect_Checkable_Packages() return redirect(url_for('vulnerabilities') + '/' + package_name)
def perform_Package_Version_Update(list_of_potential_versions, package_name, previous_version, full_version=False): if full_version: full_package_install_name = package_name + "=" + full_version print("Install name:", full_package_install_name) try: package_upgrade = check_call([ "sudo", "apt-get", "install", "-y", "--force-yes", full_package_install_name ], universal_newlines=True) if ((package_name + "=" + sf.get_Ubuntu_Package_Version(package_name) ) == full_package_install_name): return full_package_install_name else: print("Not upgraded with:", full_package_install_name) return False except: print("Could not upgrade with:", full_version) return False else: for version in list_of_potential_versions: try: package_upgrade = check_call([ "sudo", "apt-get", "install", "-y", "--force-yes", version ], universal_newlines=True) if ((package_name + "=" + sf.get_Ubuntu_Package_Version(package_name)) != previous_version): print("Upgraded from:", previous_version, "to:", version) return (package_name, version, previous_version) else: print("Not upgraded with:", version) return False except: print("Could not upgrade with:", version) return False
def handle_Version_Patch_By_User(package_name, version_name, link, comment): if not determine_Package_Status(package_name): return False if link: return wp.collect_Specific_Package_URL(None, 'manual', comment, link, package_name) elif version_name: versions = wp.get_Matching_Ubuntu_Version(package_name, version_name) if versions: if wp.perform_Package_Version_Update(versions[0], package_name, versions[1]): if wp.update_Vulnerability_Information( package_name, sf.get_Ubuntu_Package_Version(package_name), versions[1], 'manual', comment): return True else: return False
def check_For_Updated_Packages(package_data): # Use this for package updates, when the squashed_name will have changed, but package is the same print("Getting packages that have been updated") for values in package_collection.find( {'apt_version': { '$nin': package_data[2] }}): for items in package_data[0]: if items['package_name'] == values['package_name']: for ids in values['matching_ids']: cve_collection.update( {'id': ids}, {'$unset': { 'matched_To_CVE': 1, 'matched_to': 1 }}, ) current_version = sf.get_Ubuntu_Package_Version( values['package_name']) try: package_version = sf.get_Formatted_Version(current_version) package_name_with_version = sf.get_Formatted_Name( values['package_name']) + ''.join( e for e in package_version if e.isalnum()) package_index = ''.join(e for e in package_name_with_version if e.isalnum() or e == ':') except: print("Couln't reformat:", package_name, current_version) # Update current package data to match updated values package_collection.update_one( {'package_name': values['package_name']}, { '$set': { 'package_index': package_index, 'ubuntu_version': current_version, 'apt_version': values['package_name'] + '=' + current_version, 'matching_ids': [] } })
def resolve_Admin_Version_Update(cursor, package_name): if not sf.connected_To_Internet(): return False if cursor['references']: if collect_Specific_Package_URL(cursor, 'manual', cursor['summary'], False, package_name): cve_collection.delete_one({'_id': cursor['_id']}) return True elif cursor['version_number']: versions = get_Matching_Ubuntu_Version( cursor['individual_package_name'], cursor['version_number']) if versions: if perform_Package_Version_Update( versions[0], cursor['individual_package_name'], versions[1]): if update_Vulnerability_Information( cursor['individual_package_name'], sf.get_Ubuntu_Package_Version( cursor['individual_package_name']), versions[1], 'manual', cursor['summary']): cve_collection.delete_one({'_id': cursor['_id']}) return True return False