def __init__(self, filename):
tree = eT.parse(filename)
root = tree.getroot()
revision = root.find("repo:revision", NS)
if revision is not None:
revision = int(text_strip(revision))
else:
revision = 0
self.revision = datetime.fromtimestamp(revision, tz=UTC)
self.data = {}
for child in root.findall("repo:data", NS):
data_type = child.get("type")
location = child.find("repo:location", NS).get("href")
checksum_type = child.find("repo:checksum", NS).get("type")
checksum = text_strip(child.find("repo:checksum", NS))
size = child.find("repo:size", NS)
open_size = child.find("repo:open-size", NS)
self.data[data_type] = {
"location": location,
"checksum_type": checksum_type,
"checksum": checksum,
}
if size is not None:
self.data[data_type]["size"] = int(size.text)
if open_size is not None:
self.data[data_type]["open-size"] = int(open_size.text)
def __init__(self, filename, lastmodified):
self.lastmodified = lastmodified
self.cves = {}
root = None
updated = None
for event, elem in eT.iterparse(filename, events=("start", "end")):
if elem.tag == "cvemap" and event == "start":
root = elem
updated = parse_datetime(elem.get('updated'))
elif elem.tag == "Vulnerability" and event == "end":
name = elem.get('name')
self.cves[name] = {
'impact': text_strip(elem.find('ThreatSeverity')),
'published_date': parse_datetime(text_strip(elem.find('PublicDate'))),
'modified_date': updated,
'cvss2_score': text_strip(elem.find('CVSS/CVSSBaseScore')),
'cvss2_metrics': text_strip(elem.find('CVSS/CVSSScoringVector')),
'cvss3_score': text_strip(elem.find('CVSS3/CVSS3BaseScore')),
'cvss3_metrics': text_strip(elem.find('CVSS3/CVSS3ScoringVector')),
'cwe_list': self._cwe_list(text_strip(elem.find('CWE'))),
'description': self._cve_description(elem.findall('Details[@{%s}lang="en:us"]' % NS)),
'iava': text_strip(elem.find('IAVA')),
'redhat_url': "https://access.redhat.com/security/cve/" + str.lower(name),
'secondary_url': text_strip(elem.find('References'))
}
# Clear the XML tree continuously
root.clear()
def __init__(self, filename):
self.updates = []
root = None
for event, elem in eT.iterparse(filename, events=("start", "end")):
if elem.tag == "updates" and event == "start":
root = elem
elif elem.tag == "update" and event == "end":
update = {}
update["from"] = elem.get("from")
update["status"] = elem.get("status")
update["version"] = elem.get("version")
update["type"] = elem.get("type")
update["id"] = text_strip(elem.find("id"))
update["title"] = text_strip(elem.find("title"))
update["reboot"] = self._parse_reboot_suggested(elem)
# Optional fields
text_elements = [
"summary", "rights", "description", "release", "solution",
"severity"
]
date_elements = ["issued", "updated"]
for field in text_elements + date_elements:
found = elem.find(field)
if found is not None and field in text_elements:
content = text_strip(found)
update[field] = content if content else None
elif found is not None and field in date_elements:
update[field] = self._get_dt(found.get("date"))
else:
update[field] = None
references = elem.find("references")
update["references"] = []
for reference in references.findall("reference"):
update["references"].append({
"href": reference.get("href"),
"id": reference.get("id"),
"type": reference.get("type"),
"title": reference.get("title")
})
pkglist = elem.find("pkglist")
update["pkglist"] = []
if pkglist is not None:
for collection in pkglist.findall("collection"):
module = collection.find("module")
for pkg in collection.findall("package"):
rec = self._process_package(pkg, module)
if rec not in update["pkglist"]:
update["pkglist"].append(rec)
self.updates.append(update)
# Clear the XML tree continuously
root.clear()
def __init__(self, filename):
self.lastmodified = None
self.cpes = {}
root = None
for event, elem in eT.iterparse(filename, events=("start", "end")):
if elem.tag == "{%s}cpe-list" % NS["cpe"] and event == "start":
root = elem
elif elem.tag == "{%s}generator" % NS["cpe"] and event == "end":
self.lastmodified = parse_datetime(text_strip(elem.find('cpe:timestamp', NS)))
elif elem.tag == "{%s}cpe-item" % NS["cpe"] and event == "end":
name = elem.get('name')
self.cpes[name] = text_strip(elem.find('cpe:title', NS))
# Clear the XML tree continuously
root.clear()
def _parse_reboot_suggested(elem) -> bool:
"""Try to parse bool from <reboot_suggested> tag. Return False by default."""
found = elem.find("reboot_suggested")
if found is None:
return False
parsed = text_strip(found)
parsed_bool = bool(
strtobool(parsed)) # strtobool returns 1 or 0, we need bool type
return parsed_bool
def _cve_description(desc_elements):
descriptions = {}
description = None
for det in desc_elements:
source = det.get('source')
descriptions[source] = text_strip(det)
for source in ["Mitre", "Red Hat"]:
desc = descriptions.get(source, None)
if desc:
description = desc
return description
def _parse_states(self):
for state in self._xfind("default:states"): # <states>
if state.tag == "{%s}rpminfo_state" % NS['red-def']: # <red-def:rpminfo_state>
evr = arch = None
for child in state:
if child.tag == "{%s}evr" % NS['red-def']: # <red-def:evr> 0..1
evr = child
elif child.tag == "{%s}arch" % NS['red-def']: # <red-def:arch> 0..1
arch = child
elif child.tag in UNSUPPORTED_STATE_CHILDS: # Not supported, skip
pass
else: # Other unparsed tags
self.logger.warning("Unknown tag: %s", child.tag)
self.states.append({"id": state.get("id"),
"evr": text_strip(evr),
"evr_operation": get_attr(evr, "operation"),
"arch": text_strip(arch),
"arch_operation": get_attr(arch, "operation"),
"version": int(state.get("version"))})
elif state.tag in UNSUPPORTED_STATES: # Not supported, skip
pass
else: # Other unparsed tags
self.logger.warning("Unknown state: %s", state.tag)
def __init__(self, filename):
self.package_count = 0
self.packages = []
root = None
for event, elem in eT.iterparse(filename, events=("start", "end")):
if elem.tag == "{%s}metadata" % NS["primary"] and event == "start":
root = elem
self.package_count = int(elem.get("packages"))
elif elem.tag == "{%s}package" % NS["primary"] and event == "end":
if elem.get("type") == "rpm":
package = {}
package["name"] = text_strip(elem.find("primary:name", NS))
evr = elem.find("primary:version", NS)
package["epoch"] = evr.get("epoch")
package["ver"] = evr.get("ver")
package["rel"] = evr.get("rel")
package["arch"] = text_strip(elem.find("primary:arch", NS))
package["summary"] = text_strip(elem.find("primary:summary", NS))
package["description"] = text_strip(elem.find("primary:description", NS))
package["srpm"] = elem.find("primary:format", NS).find("rpm:sourcerpm", NS).text
self.packages.append(package)
# Clear the XML tree continuously
root.clear()
def _parse_definitions(self):
# pylint: disable=too-many-nested-blocks, too-many-branches
for definition in self._xfind("default:definitions"): # <definitions>
if definition.tag == "{%s}definition" % NS['default']: # <definition>
cves = []
advisories = []
cpes = []
metadata = definition.find("default:metadata", NS)
if metadata is not None:
for child in metadata.findall("default:reference", NS):
if child.get("source") == "CVE":
cves.append(child.get("ref_id"))
elif child.get("source") == "RHSA":
advisories.append(child.get("ref_id"))
else:
self.logger.warning("Unknown reference source: %s", child.get("source"))
advisory = metadata.find("default:advisory", NS)
if advisory is not None:
affected_cpe_list = advisory.find("default:affected_cpe_list", NS)
if affected_cpe_list is not None:
for child in affected_cpe_list.findall("default:cpe", NS):
cpes.append(text_strip(child))
criteria = self._parse_criteria(definition.find("default:criteria", NS)) # <criteria> 0..1
# Parse tests
tests = []
crit = criteria
criteria_stack = []
while crit is not None:
tests.extend(crit["criterions"])
criteria_stack.extend(crit["criteria"])
if criteria_stack:
crit = criteria_stack.pop()
else:
crit = None
self.definitions.append({"id": definition.get("id"),
"type": definition.get("class"),
"cves": cves,
"advisories": advisories,
"cpes": cpes,
"criteria": criteria,
"tests": tests,
"version": int(definition.get("version"))})
else: # Other unparsed tags
self.logger.warning("Unknown definition: %s", definition.tag)
def _parse_objects(self):
for obj in self._xfind("default:objects"): # <objects>
if obj.tag == "{%s}rpminfo_object" % NS['red-def']: # <red-def:rpminfo_object>
name = None
for child in obj:
if child.tag == "{%s}name" % NS['red-def']: # <red-def:name> 1..1
name = child
elif child.tag in UNSUPPORTED_OBJECT_CHILDS: # Not supported, skip
pass
else: # Other unparsed tags
self.logger.warning("Unknown tag: %s", child.tag)
self.objects.append({"id": obj.get("id"),
"name": text_strip(name),
"version": int(obj.get("version"))})
elif obj.tag in UNSUPPORTED_OBJECTS: # Not supported, skip
pass
else: # Other unparsed tags
self.logger.warning("Unknown object: %s", obj.tag)
def test_text_strip_none(self, setup):
"""Test text strip, when text is None."""
assert not string.text_strip(None)
self.text = None
assert not string.text_strip(self)
def test_text_strip(self, setup):
"""Test text strip."""
assert string.text_strip(self) == "text"