Exemplo n.º 1
0
    def _source_update(self, message):
        """Source update."""
        source = message.attributes['source']
        path = message.attributes['path']
        original_sha256 = message.attributes['original_sha256']

        source_repo = osv.get_source_repository(source)
        repo = osv.clone_with_retries(
            source_repo.repo_url,
            os.path.join(self._sources_dir, source),
            callbacks=self._git_callbacks(source_repo))

        yaml_path = os.path.join(osv.repo_path(repo), path)
        current_sha256 = osv.sha256(yaml_path)
        if current_sha256 != original_sha256:
            logging.warning(
                'sha256sum of %s no longer matches (expected=%s vs current=%s).',
                path, original_sha256, current_sha256)
            return

        try:
            vulnerability = osv.parse_vulnerability(yaml_path)
        except Exception as e:
            logging.error('Failed to parse vulnerability %s: %s', yaml_path, e)
            return

        self._do_update(source_repo, repo, vulnerability, yaml_path,
                        original_sha256)
Exemplo n.º 2
0
    def run(self):
        """Run importer."""
        # Currently only importing OSS-Fuzz data.
        oss_fuzz_source = osv.get_source_repository('oss-fuzz')
        if not oss_fuzz_source:
            raise RuntimeError('OSS-Fuzz source not found.')

        self.process_oss_fuzz(oss_fuzz_source)
Exemplo n.º 3
0
def add_source_info(bug, response):
    """Add source information to `response`."""
    if bug.source_of_truth == osv.SourceOfTruth.INTERNAL:
        response['source'] = 'INTERNAL'
        return

    source_repo = osv.get_source_repository(bug.source)
    if not source_repo or not source_repo.link:
        return

    source_path = osv.source_path(source_repo, bug)
    response['source'] = source_repo.link + source_path
    response['source_link'] = response['source']
Exemplo n.º 4
0
Arquivo: worker.py Projeto: jr69ss/osv
    def _source_update(self, message):
        """Source update."""
        source = message.attributes['source']
        path = message.attributes['path']

        source_repo = osv.get_source_repository(source)
        repo = osv.clone_with_retries(
            source_repo.repo_url,
            os.path.join(self._sources_dir, source),
            callbacks=self._git_callbacks(source_repo))

        yaml_path = os.path.join(osv.repo_path(repo), path)
        vulnerability = osv.parse_vulnerability(yaml_path)
        self._do_update(source_repo, repo, vulnerability, yaml_path)
Exemplo n.º 5
0
Arquivo: worker.py Projeto: tnyyli/osv
    def _source_update(self, message):
        """Source update."""
        source = message.attributes['source']
        path = message.attributes['path']
        original_sha256 = message.attributes['original_sha256']
        deleted = message.attributes['deleted'] == 'true'

        source_repo = osv.get_source_repository(source)
        repo = osv.ensure_updated_checkout(
            source_repo.repo_url,
            os.path.join(self._sources_dir, source),
            git_callbacks=self._git_callbacks(source_repo))

        yaml_path = os.path.join(osv.repo_path(repo), path)
        if not os.path.exists(yaml_path):
            logging.info('%s was deleted.', yaml_path)
            if deleted:
                self._handle_deleted(yaml_path)

            return

        if deleted:
            logging.info('Deletion request but source still exists, aborting.')
            return

        current_sha256 = osv.sha256(yaml_path)
        if current_sha256 != original_sha256:
            logging.warning(
                'sha256sum of %s no longer matches (expected=%s vs current=%s).',
                path, original_sha256, current_sha256)
            return

        try:
            vulnerability = osv.parse_vulnerability(yaml_path)
        except Exception as e:
            logging.error('Failed to parse vulnerability %s: %s', yaml_path, e)
            return

        self._do_update(source_repo, repo, vulnerability, yaml_path, path,
                        original_sha256)
Exemplo n.º 6
0
    def _source_update(self, message):
        """Source update."""
        source = message.attributes['source']
        path = message.attributes['path']
        original_sha256 = message.attributes['original_sha256']
        deleted = message.attributes['deleted'] == 'true'

        source_repo = osv.get_source_repository(source)
        if source_repo.type == osv.SourceRepositoryType.GIT:
            repo = osv.ensure_updated_checkout(
                source_repo.repo_url,
                os.path.join(self._sources_dir, source),
                git_callbacks=self._git_callbacks(source_repo),
                branch=source_repo.repo_branch)

            vuln_path = os.path.join(osv.repo_path(repo), path)
            if not os.path.exists(vuln_path):
                logging.info('%s was deleted.', vuln_path)
                if deleted:
                    self._handle_deleted(source_repo, path)

                return

            if deleted:
                logging.info(
                    'Deletion request but source still exists, aborting.')
                return

            try:
                vulnerabilities = osv.parse_vulnerabilities(
                    vuln_path, key_path=source_repo.key_path)
            except Exception as e:
                logging.error('Failed to parse vulnerability %s: %s',
                              vuln_path, e)
                return

            current_sha256 = osv.sha256(vuln_path)
        elif source_repo.type == osv.SourceRepositoryType.BUCKET:
            storage_client = storage.Client()
            bucket = storage_client.bucket(source_repo.bucket)
            try:
                blob = bucket.blob(path).download_as_bytes()
            except google.cloud.exceptions.NotFound:
                logging.error('Bucket path %s does not exist.', path)
                return

            current_sha256 = osv.sha256_bytes(blob)
            try:
                vulnerabilities = osv.parse_vulnerabilities_from_data(
                    blob,
                    extension=os.path.splitext(path)[1],
                    key_path=source_repo.key_path)
            except Exception as e:
                logging.error('Failed to parse vulnerability %s: %s', path, e)
                return

            repo = None
        else:
            raise RuntimeError('Unsupported SourceRepository type.')

        if current_sha256 != original_sha256:
            logging.warning(
                'sha256sum of %s no longer matches (expected=%s vs current=%s).',
                path, original_sha256, current_sha256)
            return

        for vulnerability in vulnerabilities:
            self._do_update(source_repo, repo, vulnerability, path,
                            original_sha256)