def collect_Specific_Package_URL(cursor,
implementation_type='automatic',
comment=False,
link=False,
package_name=False,
unformatted_package_name=False):
if not sf.connected_To_Internet(): return False
if link:
version_name = search_URL_For_Version_Update(link)
if version_name:
versions = get_Matching_Ubuntu_Version(package_name, version_name)
if versions:
if perform_Package_Version_Update(versions[0], package_name,
versions[1]):
if update_Vulnerability_Information(
package_name,
sf.get_Ubuntu_Package_Version(package_name),
versions[1], implementation_type, comment):
return True
else:
return False
else:
return False
elif cursor:
for urls in cursor['references']:
version_name = search_URL_For_Version_Update(urls)
if version_name:
print(version_name)
version_list = get_Matching_Ubuntu_Version(
package_name, version_name)
if version_list:
if perform_Package_Version_Update(version_list[0],
package_name,
version_list[1]):
if update_Vulnerability_Information(
package_name,
sf.get_Ubuntu_Package_Version(package_name),
version_list[1], implementation_type, comment):
return True
else:
return False
else:
return False
else:
return False
def update_using_admin_patch(package_name, cve_id):
prev_ubuntu_vers = package_collection.find_one(
{'package_name': package_name})['ubuntu_version']
ap.handle_Patch_Update(cve_collection.find_one({'id': cve_id}),
package_name)
if prev_ubuntu_vers != sf.get_Ubuntu_Package_Version(package_name):
gv.remove_Special_Characters()
gv.collect_Checkable_Packages()
return redirect(url_for('vulnerabilities') + '/' + package_name)
def perform_Package_Version_Update(list_of_potential_versions,
package_name,
previous_version,
full_version=False):
if full_version:
full_package_install_name = package_name + "=" + full_version
print("Install name:", full_package_install_name)
try:
package_upgrade = check_call([
"sudo", "apt-get", "install", "-y", "--force-yes",
full_package_install_name
],
universal_newlines=True)
if ((package_name + "=" +
sf.get_Ubuntu_Package_Version(package_name)
) == full_package_install_name):
return full_package_install_name
else:
print("Not upgraded with:", full_package_install_name)
return False
except:
print("Could not upgrade with:", full_version)
return False
else:
for version in list_of_potential_versions:
try:
package_upgrade = check_call([
"sudo", "apt-get", "install", "-y", "--force-yes", version
],
universal_newlines=True)
if ((package_name + "=" +
sf.get_Ubuntu_Package_Version(package_name)) !=
previous_version):
print("Upgraded from:", previous_version, "to:", version)
return (package_name, version, previous_version)
else:
print("Not upgraded with:", version)
return False
except:
print("Could not upgrade with:", version)
return False
def handle_Version_Patch_By_User(package_name, version_name, link, comment):
if not determine_Package_Status(package_name): return False
if link:
return wp.collect_Specific_Package_URL(None, 'manual', comment, link,
package_name)
elif version_name:
versions = wp.get_Matching_Ubuntu_Version(package_name, version_name)
if versions:
if wp.perform_Package_Version_Update(versions[0], package_name,
versions[1]):
if wp.update_Vulnerability_Information(
package_name,
sf.get_Ubuntu_Package_Version(package_name),
versions[1], 'manual', comment):
return True
else:
return False
def check_For_Updated_Packages(package_data):
# Use this for package updates, when the squashed_name will have changed, but package is the same
print("Getting packages that have been updated")
for values in package_collection.find(
{'apt_version': {
'$nin': package_data[2]
}}):
for items in package_data[0]:
if items['package_name'] == values['package_name']:
for ids in values['matching_ids']:
cve_collection.update(
{'id': ids},
{'$unset': {
'matched_To_CVE': 1,
'matched_to': 1
}},
)
current_version = sf.get_Ubuntu_Package_Version(
values['package_name'])
try:
package_version = sf.get_Formatted_Version(current_version)
package_name_with_version = sf.get_Formatted_Name(
values['package_name']) + ''.join(
e for e in package_version if e.isalnum())
package_index = ''.join(e
for e in package_name_with_version
if e.isalnum() or e == ':')
except:
print("Couln't reformat:", package_name, current_version)
# Update current package data to match updated values
package_collection.update_one(
{'package_name': values['package_name']}, {
'$set': {
'package_index': package_index,
'ubuntu_version': current_version,
'apt_version':
values['package_name'] + '=' + current_version,
'matching_ids': []
}
})
def resolve_Admin_Version_Update(cursor, package_name):
if not sf.connected_To_Internet(): return False
if cursor['references']:
if collect_Specific_Package_URL(cursor, 'manual', cursor['summary'],
False, package_name):
cve_collection.delete_one({'_id': cursor['_id']})
return True
elif cursor['version_number']:
versions = get_Matching_Ubuntu_Version(
cursor['individual_package_name'], cursor['version_number'])
if versions:
if perform_Package_Version_Update(
versions[0], cursor['individual_package_name'],
versions[1]):
if update_Vulnerability_Information(
cursor['individual_package_name'],
sf.get_Ubuntu_Package_Version(
cursor['individual_package_name']), versions[1],
'manual', cursor['summary']):
cve_collection.delete_one({'_id': cursor['_id']})
return True
return False