|
8687.15.15
by Karl Fogel
Add the copyright header block to files under lib/lp/bugs/. |
1 |
# Copyright 2009 Canonical Ltd. This software is licensed under the
|
2 |
# GNU Affero General Public License version 3 (see the file LICENSE).
|
|
3 |
||
|
4983.1.1
by Curtis Hovey
Added lint exceptions to __init__.py and interface/*.py. |
4 |
# pylint: disable-msg=E0211,E0213
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
5 |
|
6 |
"""CVE interfaces."""
|
|
7 |
||
8 |
__metaclass__ = type |
|
9 |
||
10 |
__all__ = [ |
|
|
4911.3.1
by Tom Berger
merge changes from rocketfuel and resolve conflicts |
11 |
'CveStatus', |
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
12 |
'ICve', |
13 |
'ICveSet', |
|
14 |
]
|
|
15 |
||
|
11403.1.4
by Henning Eggers
Reformatted imports using format-imports script r32. |
16 |
from lazr.enum import ( |
17 |
DBEnumeratedType, |
|
18 |
DBItem, |
|
19 |
)
|
|
20 |
from lazr.restful.declarations import ( |
|
21 |
collection_default_content, |
|
22 |
export_as_webservice_collection, |
|
23 |
export_as_webservice_entry, |
|
24 |
exported, |
|
25 |
)
|
|
26 |
from lazr.restful.fields import ( |
|
27 |
CollectionField, |
|
28 |
Reference, |
|
29 |
)
|
|
30 |
from zope.interface import ( |
|
31 |
Attribute, |
|
32 |
Interface, |
|
33 |
)
|
|
34 |
from zope.schema import ( |
|
35 |
Choice, |
|
36 |
Datetime, |
|
37 |
Int, |
|
38 |
TextLine, |
|
39 |
)
|
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
40 |
|
|
3255.1.1
by Diogo Matsubara
Fix https://launchpad.net/products/malone/+bug/34768 (Unhelpful error message on linking cve) and some validation functions cleanup |
41 |
from canonical.launchpad import _ |
42 |
from canonical.launchpad.interfaces.validation import valid_cve_sequence |
|
|
4911.3.1
by Tom Berger
merge changes from rocketfuel and resolve conflicts |
43 |
|
44 |
||
45 |
class CveStatus(DBEnumeratedType): |
|
|
4911.3.6
by Tom Berger
post review changes |
46 |
"""The Status of this item in the CVE Database.
|
|
4911.3.1
by Tom Berger
merge changes from rocketfuel and resolve conflicts |
47 |
|
48 |
When a potential problem is reported to the CVE authorities they assign
|
|
49 |
a CAN number to it. At a later stage, that may be converted into a CVE
|
|
50 |
number. This indicator tells us whether or not the issue is believed to
|
|
51 |
be a CAN or a CVE.
|
|
52 |
"""
|
|
53 |
||
54 |
CANDIDATE = DBItem(1, """ |
|
55 |
Candidate
|
|
56 |
||
|
4911.3.6
by Tom Berger
post review changes |
57 |
The vulnerability is a candidate which hasn't yet been confirmed and
|
|
4911.3.1
by Tom Berger
merge changes from rocketfuel and resolve conflicts |
58 |
given "Entry" status.
|
59 |
""") |
|
60 |
||
61 |
ENTRY = DBItem(2, """ |
|
62 |
Entry
|
|
63 |
||
64 |
This vulnerability or threat has been assigned a CVE number, and is
|
|
65 |
fully documented. It has been through the full CVE verification
|
|
66 |
process.
|
|
67 |
""") |
|
68 |
||
69 |
DEPRECATED = DBItem(3, """ |
|
70 |
Deprecated
|
|
71 |
||
72 |
This entry is deprecated, and should no longer be referred to in
|
|
73 |
general correspondence. There is either a newer entry that better
|
|
74 |
defines the problem, or the original candidate was never promoted to
|
|
75 |
"Entry" status.
|
|
76 |
""") |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
77 |
|
78 |
||
|
3691.109.3
by Francis J. Lacoste
Add IBugLink interface. Make IBugCve extend IBugLink. Make Cve implement IBugLinkTarget directly instead of making ICve extend IBugLinkTarget. Remove user |
79 |
class ICve(Interface): |
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
80 |
"""A single CVE database entry."""
|
81 |
||
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
82 |
export_as_webservice_entry() |
83 |
||
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
84 |
id = Int(title=_('ID'), required=True, readonly=True) |
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
85 |
sequence = exported( |
86 |
TextLine(title=_('CVE Sequence Number'), |
|
87 |
description=_('Should take the form XXXX-XXXX, all digits.'), |
|
88 |
required=True, readonly=False, |
|
89 |
constraint=valid_cve_sequence)) |
|
90 |
status = exported( |
|
91 |
Choice(title=_('Current CVE State'), |
|
92 |
default=CveStatus.CANDIDATE, |
|
93 |
description=_("Whether or not the " |
|
94 |
"vulnerability has been reviewed and assigned a "
|
|
95 |
"full CVE number, or is still considered a "
|
|
96 |
"Candidate, or is deprecated."), |
|
97 |
required=True, vocabulary=CveStatus)) |
|
98 |
description = exported( |
|
99 |
TextLine(title=_('Title'), |
|
100 |
description=_('A description of the CVE issue. This will be ' |
|
101 |
'updated regularly from the CVE database.'), |
|
102 |
required=True, readonly=False)) |
|
103 |
datecreated = exported( |
|
|
7242.1.2
by Tom Berger
PEP-8 attributes |
104 |
Datetime(title=_('Date Created'), required=True, readonly=True), |
105 |
exported_as='date_created') |
|
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
106 |
datemodified = exported( |
|
7242.1.2
by Tom Berger
PEP-8 attributes |
107 |
Datetime(title=_('Date Modified'), required=True, readonly=False), |
108 |
exported_as='date_modified') |
|
|
9425.6.1
by Kees Cook
first attempt at exposing bug list on CVE item (LP: #322562) |
109 |
bugs = exported( |
110 |
CollectionField( |
|
111 |
title=_('Bugs related to this CVE entry.'), |
|
|
9425.6.3
by Deryck Hodge
Fix up imports. |
112 |
readonly=True, |
113 |
value_type=Reference(schema=Interface))) # Redefined in bug.py |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
114 |
|
115 |
# other attributes
|
|
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
116 |
url = exported( |
117 |
TextLine(title=_('URL'), |
|
118 |
description=_("Return a URL to the site that has the CVE " |
|
119 |
"data for this CVE reference."))) |
|
120 |
displayname = exported( |
|
121 |
TextLine(title=_("Display Name"), |
|
122 |
description=_("A very brief name describing " |
|
|
7242.1.2
by Tom Berger
PEP-8 attributes |
123 |
"the ref and state.")), |
124 |
exported_as='display_name') |
|
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
125 |
title = exported(TextLine(title=_("Title"), |
126 |
description=_("A title for the CVE"))) |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
127 |
references = Attribute("The set of CVE References for this CVE.") |
128 |
||
129 |
def createReference(source, content, url=None): |
|
130 |
"""Create a new CveReference for this CVE."""
|
|
131 |
||
132 |
def removeReference(ref): |
|
133 |
"""Remove a CveReference."""
|
|
134 |
||
135 |
||
136 |
class ICveSet(Interface): |
|
137 |
"""The set of ICve objects."""
|
|
138 |
||
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
139 |
export_as_webservice_collection(ICve) |
140 |
||
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
141 |
title = Attribute('Title') |
142 |
||
143 |
def __getitem__(key): |
|
144 |
"""Get a Cve by sequence number."""
|
|
145 |
||
146 |
def __iter__(): |
|
147 |
"""Iterate through all the Cve records."""
|
|
148 |
||
149 |
def new(sequence, description, cvestate=CveStatus.CANDIDATE): |
|
150 |
"""Create a new ICve."""
|
|
151 |
||
|
7242.1.1
by Tom Berger
expose bug CVEs via the API |
152 |
@collection_default_content() |
|
3024.1.43
by Christian Reis
Add batching to the cve-all listing, which times out because of ZCML rendering overhead |
153 |
def getAll(): |
154 |
"""Return all ICVEs"""
|
|
155 |
||
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
156 |
def latest(quantity=5): |
157 |
"""Return the most recently created CVE's, newest first, up to the
|
|
158 |
number given in quantity."""
|
|
159 |
||
160 |
def latest_modified(quantity=5): |
|
161 |
"""Return the most recently modified CVE's, newest first, up to the
|
|
162 |
number given in quantity."""
|
|
163 |
||
164 |
def search(text): |
|
165 |
"""Search the CVE database for matching CVE entries."""
|
|
166 |
||
167 |
def inText(text): |
|
168 |
"""Find one or more Cve's by analysing the given text.
|
|
|
3024.1.43
by Christian Reis
Add batching to the cve-all listing, which times out because of ZCML rendering overhead |
169 |
|
|
2450
by Canonical.com Patch Queue Manager
[r=jamesh] rework cve structure, and general polish |
170 |
This will look for references to CVE or CAN numbers, and return the
|
171 |
CVE references. It will create any CVE's that it sees which are
|
|
172 |
already not in the database. It returns the list of all the CVE's it
|
|
173 |
found in the text.
|
|
174 |
"""
|
|
175 |
||
176 |
def inMessage(msg): |
|
177 |
"""Find any CVE's in the given message.
|
|
178 |
||
179 |
This will create any CVE's that it does not already know about. It
|
|
180 |
returns a list of all the CVE's that it saw mentioned in the
|
|
181 |
message.
|
|
182 |
"""
|
|
183 |
||
|
3691.141.2
by kiko
Fix for bug 42092 (Distribution release cve listing is soft timing out) and bug 42093 (Distribution cve listing is soft timing out). Rewrite the CVE reports to query in an efficient manner, removing duplication in the results and organizing the data on the UI in a more scalable manner. Remove API from the content classes that only served to provide the view code with this data. Clean up BugTask.statusdisplayhtml which was XXXed. Add a breadcrumb to the CVE reports hierarchy and remove the weird legacy breadcrumb left in there. |
184 |
def getBugCvesForBugTasks(bugtasks): |
185 |
"""Return BugCve objects that correspond to the supplied bugtasks.
|
|
186 |
||
187 |
Returns an iterable of BugCve objects for bugs related to the
|
|
188 |
supplied sequence of bugtasks.
|
|
189 |
"""
|
|
190 |
||
|
3691.284.1
by Bjorn Tillenius
add ICveSet.getBugCveCount |
191 |
def getBugCveCount(): |
192 |
"""Return the number of CVE bug links there is in Launchpad."""
|