1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
# Copyright 2009-2011 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
# pylint: disable-msg=E0211,E0213
"""CVE interfaces."""
__metaclass__ = type
__all__ = [
'CveStatus',
'ICve',
'ICveSet',
]
from lazr.enum import (
DBEnumeratedType,
DBItem,
)
from lazr.restful.declarations import (
collection_default_content,
export_as_webservice_collection,
export_as_webservice_entry,
exported,
)
from lazr.restful.fields import (
CollectionField,
Reference,
)
from zope.interface import (
Attribute,
Interface,
)
from zope.schema import (
Choice,
Datetime,
Int,
TextLine,
)
from canonical.launchpad import _
from lp.app.validators.validation import valid_cve_sequence
class CveStatus(DBEnumeratedType):
"""The Status of this item in the CVE Database.
When a potential problem is reported to the CVE authorities they assign
a CAN number to it. At a later stage, that may be converted into a CVE
number. This indicator tells us whether or not the issue is believed to
be a CAN or a CVE.
"""
CANDIDATE = DBItem(1, """
Candidate
The vulnerability is a candidate which hasn't yet been confirmed and
given "Entry" status.
""")
ENTRY = DBItem(2, """
Entry
This vulnerability or threat has been assigned a CVE number, and is
fully documented. It has been through the full CVE verification
process.
""")
DEPRECATED = DBItem(3, """
Deprecated
This entry is deprecated, and should no longer be referred to in
general correspondence. There is either a newer entry that better
defines the problem, or the original candidate was never promoted to
"Entry" status.
""")
class ICve(Interface):
"""A single CVE database entry."""
export_as_webservice_entry()
id = Int(title=_('ID'), required=True, readonly=True)
sequence = exported(
TextLine(title=_('CVE Sequence Number'),
description=_('Should take the form XXXX-XXXX, all digits.'),
required=True, readonly=False,
constraint=valid_cve_sequence))
status = exported(
Choice(title=_('Current CVE State'),
default=CveStatus.CANDIDATE,
description=_("Whether or not the "
"vulnerability has been reviewed and assigned a "
"full CVE number, or is still considered a "
"Candidate, or is deprecated."),
required=True, vocabulary=CveStatus))
description = exported(
TextLine(title=_('Title'),
description=_('A description of the CVE issue. This will be '
'updated regularly from the CVE database.'),
required=True, readonly=False))
datecreated = exported(
Datetime(title=_('Date Created'), required=True, readonly=True),
exported_as='date_created')
datemodified = exported(
Datetime(title=_('Date Modified'), required=True, readonly=False),
exported_as='date_modified')
bugs = exported(
CollectionField(
title=_('Bugs related to this CVE entry.'),
readonly=True,
value_type=Reference(schema=Interface))) # Redefined in bug.py.
# Other attributes.
url = exported(
TextLine(title=_('URL'),
description=_("Return a URL to the site that has the CVE "
"data for this CVE reference.")))
displayname = exported(
TextLine(title=_("Display Name"),
description=_("A very brief name describing "
"the ref and state.")),
exported_as='display_name')
title = exported(TextLine(title=_("Title"),
description=_("A title for the CVE")))
references = Attribute("The set of CVE References for this CVE.")
def createReference(source, content, url=None):
"""Create a new CveReference for this CVE."""
def removeReference(ref):
"""Remove a CveReference."""
class ICveSet(Interface):
"""The set of ICve objects."""
export_as_webservice_collection(ICve)
title = Attribute('Title')
def __getitem__(key):
"""Get a Cve by sequence number."""
def __iter__():
"""Iterate through all the Cve records."""
def new(sequence, description, cvestate=CveStatus.CANDIDATE):
"""Create a new ICve."""
@collection_default_content()
def getAll():
"""Return all ICVEs"""
def latest(quantity=5):
"""Return the most recently created CVE's, newest first, up to the
number given in quantity."""
def latest_modified(quantity=5):
"""Return the most recently modified CVE's, newest first, up to the
number given in quantity."""
def search(text):
"""Search the CVE database for matching CVE entries."""
def inText(text):
"""Find one or more Cve's by analysing the given text.
This will look for references to CVE or CAN numbers, and return the
CVE references. It will create any CVE's that it sees which are
already not in the database. It returns the list of all the CVE's it
found in the text.
"""
def inMessage(msg):
"""Find any CVE's in the given message.
This will create any CVE's that it does not already know about. It
returns a list of all the CVE's that it saw mentioned in the
message.
"""
def getBugCvesForBugTasks(bugtasks):
"""Return BugCve objects that correspond to the supplied bugtasks.
Returns an iterable of BugCve objects for bugs related to the
supplied sequence of bugtasks.
"""
def getBugCveCount():
"""Return the number of CVE bug links there is in Launchpad."""
|