def __init__(self):
self.logger = get_logger(__name__)
self.downloader = FileDownloader()
self.cvemap_store = CvemapStore()
self.updated = False
self.lastmodified = None
self.tmp_directory = tempfile.mkdtemp(prefix="cvemap-")
class TestCvemapStore:
"""TestCvemapStore class. Test redhat cve repo store."""
@pytest.fixture
def cvemap_obj(self):
"""Setup CvemapStore obj."""
self.controller = CvemapController()
self.controller.lastmodified = datetime.utcnow()
self.controller.tmp_directory = "test_data/cvemap"
self.cvemap = self.controller._load_xml(self.controller.lastmodified)
self.cvemap_store = CvemapStore()
def test_store(self, db_conn, cvemap_obj):
"""Test redhat cvemap store."""
# store cvemap in DB
self.cvemap_store.store(self.cvemap)
cur = db_conn.cursor()
cur.execute("select * from cve where name = 'CVE-2018-1097'")
cve = cur.fetchone()
assert cve[CVE_NAME] == "CVE-2018-1097"
assert "foreman" in cve[CVE_DESCRIPTION]
assert cve[CVE_IMPACT_ID] == 4
assert cve[CVE_PUBLISHED].year == 2018
assert cve[CVE_CVSS3_SCORE] == Decimal("7.7")
assert cve[
CVE_CVSS3_METRIC] == "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
assert self.cvemap_store.lastmodified()[:10] == time.strftime(
'%Y-%m-%d')
def cvemap_obj(self):
"""Setup CvemapStore obj."""
self.controller = CvemapController()
self.controller.lastmodified = datetime.utcnow()
self.controller.tmp_directory = "test_data/cvemap"
self.cvemap = self.controller._load_xml(self.controller.lastmodified)
self.cvemap_store = CvemapStore()
class CvemapController:
"""
Controls import/sync of CVE map into the DB.
"""
def __init__(self):
self.logger = get_logger(__name__)
self.downloader = FileDownloader()
self.cvemap_store = CvemapStore()
self.updated = False
self.lastmodified = None
self.tmp_directory = tempfile.mkdtemp(prefix="cvemap-")
def _tmp_head(self):
return os.path.join(self.tmp_directory, 'cvemap.head')
def _tmp_xml(self):
return os.path.join(self.tmp_directory, 'cvemap.xml')
def _download_head(self):
item = DownloadItem(source_url=URL,
target_path=self._tmp_head()
)
download_items = [item]
self.downloader.add(item)
self.downloader.run(headers_only=True)
return {item.target_path: item.status_code for item in download_items
if item.status_code not in VALID_HTTP_CODES}
def _read_head(self, failed):
"""Reads downloaded meta files and checks for updates."""
if not failed:
header_path = self._tmp_head()
header = CvemapHead(header_path)
# already synced before?
db_lastmodified = parse_datetime(self.cvemap_store.lastmodified())
#db_lastmodified = None
self.lastmodified = parse_datetime(header.get_lastmodified())
# synced for the first time or has newer revision
if (db_lastmodified is None
or self.lastmodified is None
or self.lastmodified > db_lastmodified):
self.updated = True
else:
self.logger.info("Cve map has not been updated (since %s).",
str(db_lastmodified))
else:
FAILED_CVEMAP.inc()
self.logger.warning("Download failed: %s (HTTP CODE %d)", URL, failed[header_path])
def _download_xml(self):
self.downloader.add(DownloadItem(source_url=URL,
target_path=self._tmp_xml()))
self.downloader.run()
def _load_xml(self, lastmodified):
return CvemapBody(self._tmp_xml(), lastmodified)
def clean(self):
"""Clean downloaded files for given batch."""
if self.tmp_directory:
shutil.rmtree(self.tmp_directory)
self.tmp_directory = None
def store(self):
"""Sync CVE map."""
self.logger.info("Checking CVE map.")
# Download all repomd files first
failed = self._download_head()
if failed:
FAILED_CVEMAP.inc()
self.logger.warning("Cve map failed to download.")
self._read_head(failed)
try:
if self.updated:
# Download and process cvemap
self._download_xml()
cvemap = self._load_xml(self.lastmodified)
self.cvemap_store.store(cvemap)
finally:
self.clean()