def test_schedule_multiple_pkgs_advisory(db, client):
resp = client.post(url_for('schedule_advisory', avg=DEFAULT_GROUP_NAME),
follow_redirects=True,
data={'advisory_type': issue_types[1]})
assert 200 == resp.status_code
assert_advisory_data(advisory_get_label(number=1))
assert_advisory_data(advisory_get_label(number=2))
assert 2 == advisory_count()
def test_cant_schedule_already_existing_advisory(db, client):
resp = client.post(url_for('schedule_advisory', avg=DEFAULT_GROUP_NAME),
follow_redirects=True,
data={'advisory_type': issue_types[1]})
assert 200 == resp.status_code
assert ERROR_ADVISORY_ALREADY_EXISTS in resp.data.decode()
assert None is get_advisory(advisory_get_label(number=2))
assert 1 == advisory_count()
def schedule_advisory(avg):
avg_id = avg.replace('AVG-', '')
form = AdvisoryForm()
if not form.validate_on_submit():
flash('Form validation failed', 'error')
return redirect('/{}'.format(avg))
entries = (db.session.query(
CVEGroup, CVE, CVEGroupPackage,
Advisory).filter(CVEGroup.id == avg_id).join(CVEGroupEntry).join(
CVE).join(CVEGroupPackage).outerjoin(
Advisory,
and_(Advisory.group_package_id == CVEGroupPackage.id))).all()
if not entries:
return not_found()
pkgs = set()
advisories = set()
for group_entry, cve, pkg, advisory in entries:
pkgs.add(pkg)
if advisory:
advisories.add(advisory)
if Status.fixed != group_entry.status:
flash(ERROR_ADVISORY_GROUP_NOT_FIXED, 'error')
return redirect('/{}'.format(avg))
if 0 < len(advisories):
flash(ERROR_ADVISORY_ALREADY_EXISTS, 'error')
return redirect('/{}'.format(avg))
last_advisory_date = advisory_get_date_label()
last_advisory_num = 0
last_advisory = (db.session.query(Advisory).order_by(
Advisory.created.desc()).limit(1)).first()
if last_advisory:
m = match(advisory_regex, last_advisory.id)
if last_advisory_date == m.group(2):
last_advisory_num = int(m.group(3))
for pkg in pkgs:
last_advisory_num += 1
asa = advisory_get_label(last_advisory_date, last_advisory_num)
db.create(Advisory,
id=asa,
advisory_type=form.advisory_type.data,
publication=Publication.scheduled,
group_package=pkg)
db.session.commit()
flash('Scheduled {}'.format(asa))
return redirect('/{}'.format(asa))
db.session.add(group)
db.session.commit()
for issue in issue_objs:
db.get_or_create(CVEGroupEntry, group=group, cve=issue)
for pkgname in packages:
db.get_or_create(CVEGroupPackage, pkgname=pkgname, group=group)
db.session.commit()
func(db=db, *args, **kwargs)
return wrapper
if not func:
return decorator
return decorator(func)
DEFAULT_ADVISORY_ID = advisory_get_label()
DEFAULT_ADVISORY_CONTENT = """\nImpact\n======\n\nRobots will take over\n\nReferences\n'
\nWorkaround\n==========\n\nUpdate your machine\n\nDescription\n"""
def create_advisory(func=None, id=DEFAULT_ADVISORY_ID, group_package_id=DEFAULT_GROUP_ID, advisory_type=None,
publication=Publication.scheduled, workaround=None, impact=None, content=None, created=datetime.utcnow(),
reference=None, count=1):
def decorator(func):
@wraps(func)
def wrapper(db, *args, **kwargs):
group_package = CVEGroupPackage.query.filter_by(id=group_package_id).first()
issues = group_package.group.issues
issue_types = list(set([issue.cve.issue_type for issue in issues]))
issue_type = issue_types[0] if len(issue_types) == 1 else 'multiple issues'