PHP WebShell

Текущая директория: /usr/lib/python3/dist-packages/uaclient/api/u/pro/security/cves/_common/__pycache__

Просмотр файла: v1.cpython-310.pyc

o

μg�L�	@s�ddlZddlZddlZddlZddlZddlmZddlmZddl	m
Z
mZmZm
Z
mZddlmZddlmZmZmZmZmZddlmZddlmZdd	lmZdd
lmZmZm Z m!Z!ddl"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*m+Z+dd
l,m-Z-ddl.m/Z/Gdd�de�Z0Gdd�de�Z1ej2Gdd�dej3��Z4Gdd�d�Z5deee6ee6fde4fdd�Z7e
ddeejfdee6ee6e
fffg�Z8Gdd�d�Z9Gd d!�d!ej:d"�Z;Gd#d$�d$�Z<d%e;d&ed'ee6fd(d)�Z=dS)*�N)�defaultdict)�	lru_cache)�Any�Dict�List�
NamedTuple�Optional)�urljoin)�apt�
exceptions�http�system�util)�#query_installed_source_pkg_versions)�_enabled_services)�UAConfig)�
DataObject�Field�FloatDataValue�StringDataValue)�VULNERABILITY_CACHE_PATH�VULNERABILITY_DATA_CACHE�VULNERABILITY_DATA_TMPL�$VULNERABILITY_DPKG_STATUS_DATE_CACHE�VULNERABILITY_ETAG_CACHE�VULNERABILITY_RESULT_CACHE)�FIPSEntitlement�FIPSUpdatesEntitlement)�DataObjectFile)�UAFilec@s eZdZede�gZdd�ZdS)�VulnerabilityCacheETag�etagcC�
||_dS�N�r!)�selfr!�r&�M/usr/lib/python3/dist-packages/uaclient/api/u/pro/security/cves/_common/v1.py�__init__'�
zVulnerabilityCacheETag.__init__N)�__name__�
__module__�__qualname__rr�fieldsr(r&r&r&r'r $sr c@s&eZdZede�gZdefdd�ZdS)�VulnerabilityDpkgCacheDate�dpkg_status_datecCr"r#�r/)r%r/r&r&r'r(.r)z#VulnerabilityDpkgCacheDate.__init__N)r*r+r,rrr-�floatr(r&r&r&r'r.+sr.c@seZdZdZdZdZdZdS)�VulnerabilityStatusz<
    An enum to represent the status of a vulnerability
    �no�partial�yesN)r*r+r,�__doc__�NO_FIX_AVAILABLE�PARTIAL_FIX_AVAILABLE�FULL_FIX_AVAILABLEr&r&r&r'r22s
r2c@s�eZdZ	ddedeefdd�Zedd��Zdd	�Z	d
d�Z
deeeffd
d�Z
dedefdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS)�VulnerabilityDataN�cfg�seriescCs&||_|p	t��j|_d|_d|_dS)NF)r;r
�get_release_infor<�_etag�
_refreshed)r%r;r<r&r&r'r(?s
zVulnerabilityData.__init__cCs|jSr#)r?�r%r&r&r'�	refreshedIszVulnerabilityData.refreshedcCstj�t|jt�Sr#)�os�path�joinrr<rr@r&r&r'�_get_cache_data_pathMs�z&VulnerabilityData._get_cache_data_pathcCs"tttttj�t|j�dd�d�S�NF)�name�	directory�private)�data_object_cls�ua_file)	rr rrrBrCrDrr<r@r&r&r'�_get_etag_cache_fileRs��z&VulnerabilityData._get_etag_cache_file�	json_datacCst�|��t�|��dSr#)r
�
write_filerE�json�dumps)r%rMr&r&r'�_save_cache_data\sz"VulnerabilityData._save_cache_data�cache_etag_filer!cCs|�t|d��dS)Nr$)�writer )r%rRr!r&r&r'�_save_etag_cache_�z"VulnerabilityData._save_etag_cachecCs(|js|��}|��}|r|j|_|jSr#)r>rL�readr!)r%�	etag_file�	etag_datar&r&r'�	_get_etagbszVulnerabilityData._get_etagcC�t�t�|����Sr#)rO�loadsr
�	load_filerEr@r&r&r'�_get_cache_datalrUz!VulnerabilityData._get_cache_datacCsd|j}dd�t|j�jD�}tj|vrd�|j�}ntj|vr%d�|j�}tj|d�}t	|jj
|�S)NcSsg|]}|j�qSr&)rG)�.0�sr&r&r'�
<listcomp>rs�z3VulnerabilityData._get_data_url.<locals>.<listcomp>zfips_{}zfips-updates_{})r<)r<rr;�enabled_servicesrrG�formatrrr	�vulnerability_data_url_prefix)r%�	data_name�enabled_services_names�	data_filer&r&r'�
_get_data_urlos
�

zVulnerabilityData._get_data_urlcCs|��}|dS)N�published_at)�get)r%�vulnerability_json_datar&r&r'�get_published_date}sz$VulnerabilityData.get_published_datecCs�|��}ztj|j|��|d�\}}d|_Wntjy$|��YSwt	�
|�d��}t�
�r@|�|�|r@|�|��|�|S)N)r;�urlr!Tzutf-8)rYr�download_xz_file_from_urlr;rgr?r�
ETagUnchangedr]rOr[�decoder�we_are_currently_rootrQrTrL)r%�	last_etag�datar!rMr&r&r'ri�s
�
�
zVulnerabilityData.getr#)r*r+r,rr�strr(�propertyrArErLrrrQrrTrYr]rgrkrir&r&r&r'r:=s$��
�



r:�affected_packages�returncCsRtj}d}|D]
}|�d�dur|d7}q|t|�kr tj}|S|dkr'tj}|S)Nr�fix_version�)r2r7ri�lenr9r8)ru�vulnerability_status�	num_fixes�pkgr&r&r'�_get_vulnerability_fix_status�s��r}�VulnerabilityParserResult�vulnerability_data_published_at�vulnerabilities_infoc@s:eZdZdd�Z	ddededeefdd�Zd	d
�ZdS)�VulnerabilitiesAlreadyFixedcCstt�|_tdd��|_dS)NcSstt�Sr#)r�intr&r&r&r'�<lambda>��z6VulnerabilitiesAlreadyFixed.__init__.<locals>.<lambda>)r�set�_vulns�priority_counterr@r&r&r'r(�s

�z$VulnerabilitiesAlreadyFixed.__init__N�	vuln_name�vuln_pocket�
vuln_prioritycCsD||j|vr|j|�|�|r |j||d7<dSdSdS)Nrx)r��addr�)r%r�r�r�r&r&r'�add_vulnerability�s�z-VulnerabilitiesAlreadyFixed.add_vulnerabilitycCsHiid�}|j��D]\}}t|�|d|<t|j|�|d|<q
|S)N)�count�infor�r�)r��itemsry�dictr�)r%�	dict_repr�pocket�vulnsr&r&r'�to_dict�s�z#VulnerabilitiesAlreadyFixed.to_dictr#)r*r+r,r(rsrr�r�r&r&r&r'r��s
���
�r�c@s�eZdZdZejdeeefdeeeffdd��Z	ejdeeefdeeefdeeeffdd	��Z
d
eeefdeded
efdd�Zd
eeefdeded
edef
dd�Zd
eeefdeded
edededefdd�Z
d
edeeefdeeefdeeeffdd�Zdedefdd�Zedd�d efd!d"��Zdeededefd#d$�Zd%edefd&d'�Zd(eeeffd)d*�Zdeeefd(eeeeefffd+d,�ZdS)-�VulnerabilityParserN�affected_pkgrvcC�dSr#r&)r%r�r&r&r'�get_package_vulnerabilities�sz/VulnerabilityParser.get_package_vulnerabilities�vulnerability_info�vulnerabilities_datacCr�r#r&)r%r�r�r&r&r'� _post_process_vulnerability_info�sz4VulnerabilityParser._post_process_vulnerability_info�packages�bin_pkg_name�bin_pkg_versionr�cCsd||jgi||<dS)N�current_version)�vulnerability_type)r%r�r�r�r�r&r&r'�_add_new_vulnerability�s�z*VulnerabilityParser._add_new_vulnerability�vuln_pkg_statuscCs<||vr
|j||||d�|||j�|d|dd��dS�N)r�r�r�r�)rGrw�
fix_status�
fix_origin�r�r��append)r%r�r�r�r�r�r&r&r'�_add_unfixable_vulnerability�s���z0VulnerabilityParser._add_unfixable_vulnerability�vuln_bin_fix_versionr�cCs<||vr
|j||||d�|||j�||||d��dSr�r�)r%r�r�r�r�r�r�r�r&r&r'�_add_fixable_vulnerabilitys
���z.VulnerabilityParser._add_fixable_vulnerability�vulnerabilities�	vuln_info�
vulns_datacCs"||vr|j||d�||<dSdS)N)r�r�)r�)r%r�r�r�r�r&r&r'�_add_vulnerability_info s��z+VulnerabilityParser._add_vulnerability_info�vuln_source_fixed_versioncCs|dur
|dkr
dSdS)Nznot-vulnerableTFr&)r%r�r�r&r&r'�is_vulnerability_not_fixable-sz0VulnerabilityParser.is_vulnerability_not_fixable)�maxsize�binary_pkg_namecCst�ddd|g�\}}|S)Nz
dpkg-queryz-Wz-f=${source:Version})r
�subp)r%r��out�_r&r&r'�!_get_installed_source_pkg_version;s��	z5VulnerabilityParser._get_installed_source_pkg_versioncCs.|dur|�|�}t�||�dkrdSdSdS)aZ
        This method checks if we can detect that a vulnerability
        affects a binary package but can't be fixed. This
        situation can happen during a package transition.

        For example, suppose we have this entry for pkg1:

        "pkg1": {
          "source_version": {
            "1.0": {
              "bin-pkg1": "1.0",
              "bin-pkg2": "1.1",
            },
            "1.1": {
              "bin-pkg1": "1.2"
            }
          }
        }

        Notice that version 1.1 doesn't produce bin-pkg2 anymore.
        Therefore, if we detect that a vulnerability is fixable
        by version 1.1, we won't find the binary fixable bersion for
        the bin-pkg2 package.

        If we detect that, we will:

        1. Check if versions of the source package associated with the
           binary package is higher than the vulnerability source fix
           version. If it is, we can say that the system is not vulnerable.
        2. If it is not, then the binary package is affected by the issue, but
           we can't say what the user needs to do to fix it.
        NrFT)r�r
�version_compare)r%r�r�r��installed_source_pkg_versionr&r&r'�&is_vulnerability_valid_but_not_fixableHs'���z:VulnerabilityParser.is_vulnerability_valid_but_not_fixable�bin_versioncCst�||�dkS�Nr)r
r�)r%r�r�r&r&r'�vulnerability_affects_system�sz0VulnerabilityParser.vulnerability_affects_system�installed_pkgs_by_sourceccs:�|��D]\}}t|���D]
\}}|||fVqqdSr#)r��sorted)r%r��
source_pkg�binary_pkgsr��binary_installed_versionr&r&r'�_list_binary_packages�s�
���z)VulnerabilityParser._list_binary_packagescCs�i}i}|�di�}|�di��|ji�}|�|�D]�\}}}	|�|i�}
|
�di�}t|�|
���dd�d�D]�\}}
|�|d�}|
�d�}|
�d	�}|j||d
�rg|j|||	||d�|j||||d�q8z||�d
�}||�di��|�}Wn	t	y�Yq8w|�
|||�r�|j|||	|dd�|j||||d�|dur�q8|�|	|�r�|j|||	||||d�|j||||d�q8qt
|�d�||d�d�S)Nr��security_issues�source_versionscSs|dSr�r&)�xr&r&r'r��r�zLVulnerabilityParser.get_vulnerabilities_for_installed_pkgs.<locals>.<lambda>)�key��source_fixed_version�status)r�r�)r�r�r�r�r�)r�r�r�r�r��binary_packages�unknown)r�r�r�r�r�r�r�rh)r�r��rr�)rir�r�r�r�r�r�r�r��KeyErrorr�r�r�r~)r%r�r�r�r��
affected_pkgs�
vulns_infor�r�r�r��vuln_source_versionsr��vulnr�r�r�r�r�r&r&r'�&get_vulnerabilities_for_installed_pkgs�s����

������������	���T���z:VulnerabilityParser.get_vulnerabilities_for_installed_pkgs)r*r+r,r��abc�abstractmethodrrsrr�r�r�r�r�r�r�rr�rr�r�r�r�r&r&r&r'r��s�
�
�
�
�
�
���
�
����
�
������
��
�
�

�
�
���
�8�
�
��r�)�	metaclassc@sjeZdZddedeefdd�Zdd�Zdeeeffd	d
�Z	dd�Z
d
d�Zdd�Zdd�Z
dd�ZdS)�VulnerabilityResultCacheNr�r<cCs2|pt��j|_||_tttttdd�d�|_	dSrF)
r
r=r<r�rr.rrr�dpkg_status_cache)r%r�r<r&r&r'r(s��z!VulnerabilityResultCache.__init__cCstj�t|j|jt�Sr#)rBrCrDrr<r�rr@r&r&r'�_get_result_cache_paths�z/VulnerabilityResultCache._get_result_cache_path�vulnerability_datacCsDt��r t��p	d}|j�t|d��t�|�	�t
�|��dSdS)Nrr0)rrpr
�get_dpkg_status_timer�rSr.r
rNr�rOrP)r%r��latest_dpkg_status_timer&r&r'�save_result_caches����z*VulnerabilityResultCache.save_result_cachecCs(t��pd}|j��}|sdS||jkS)NrT)r
r�r�rVr/)r%r��dpkg_status_cache_objr&r&r'�_has_apt_state_changed&s


z/VulnerabilityResultCache._has_apt_state_changedcCstj�|���Sr#)rBrC�existsr�r@r&r&r'�_cache_result_exists.sz-VulnerabilityResultCache._cache_result_existscCs|��sdS|��rdSdS)NFT)r�r�r@r&r&r'�_is_cache_result_valid1s
z/VulnerabilityResultCache._is_cache_result_validcCs|��Sr#)r�r@r&r&r'�is_cache_valid:sz'VulnerabilityResultCache.is_cache_validcCrZr#)rOr[r
r\r�r@r&r&r'�get_result_cache=rUz)VulnerabilityResultCache.get_result_cacher#)r*r+r,rsrr(r�rrr�r�r�r�r�r�r&r&r&r'r�s
	r��parserr;r<cCsht||d�}t||jd�}|��}|js"|��r"t|��|��d�St	�}|j
||d�}|�|j�|S)N)r;r<)r<r�r�)r�r�)
r:r�r�rirAr�r~rkr�rr�r�r�)r�r;r<r��vulnerabilities_result�vulnerabilities_json_datar��vulnerabilities_parser_resultr&r&r'�get_vulnerabilitiesAs2������r�)>r��datetime�enumrOrB�collectionsr�	functoolsr�typingrrrrr�urllib.parser	�uaclientr
rrr
r�'uaclient.api.u.pro.security.fix._commonr�-uaclient.api.u.pro.status.enabled_services.v1r�uaclient.configr�uaclient.data_typesrrrr�uaclient.defaultsrrrrrr�uaclient.entitlements.fipsrr�uaclient.files.data_typesr�uaclient.files.filesrr r.�unique�Enumr2r:rsr}r~r��ABCMetar�r�r�r&r&r&r'�<module>s\ 
Y�
���	6>���

Выполнить команду

Для локальной разработки. Не используйте в интернете!