%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/uaclient/api/u/pro/security/cves/_common/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/uaclient/api/u/pro/security/cves/_common/__pycache__/v1.cpython-312.pyc

�

��Jh�L�
�t�ddlZddlZddlZddlZddlZddlmZddlmZddl	m
Z
mZmZm
Z
mZddlmZddlmZmZmZmZmZddlmZddlmZdd	lmZdd
lmZmZm Z m!Z!ddl"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*m+Z+dd
l,m-Z-ddl.m/Z/Gd�de�Z0Gd�de�Z1ejdGd�dejf��Z4Gd�d�Z5deee6ee6fde4fd�Z7e
ddeejfdee6ee6e
fffg�Z8Gd�d�Z9Gd�d ejt�!�Z;Gd"�d#�Z<d$e;d%ed&ee6fd'�Z=y)(�N)�defaultdict)�	lru_cache)�Any�Dict�List�
NamedTuple�Optional)�urljoin)�apt�
exceptions�http�system�util)�#query_installed_source_pkg_versions)�_enabled_services)�UAConfig)�
DataObject�Field�FloatDataValue�StringDataValue)�VULNERABILITY_CACHE_PATH�VULNERABILITY_DATA_CACHE�VULNERABILITY_DATA_TMPL�$VULNERABILITY_DPKG_STATUS_DATE_CACHE�VULNERABILITY_ETAG_CACHE�VULNERABILITY_RESULT_CACHE)�FIPSEntitlement�FIPSUpdatesEntitlement)�DataObjectFile)�UAFilec�&�eZdZede�gZd�Zy)�VulnerabilityCacheETag�etagc��||_y�N�r#)�selfr#s  �M/usr/lib/python3/dist-packages/uaclient/api/u/pro/security/cves/_common/v1.py�__init__zVulnerabilityCacheETag.__init__'s	����	�N)�__name__�
__module__�__qualname__rr�fieldsr)�r*r(r"r"$s���F�O�,�
-�F�r*r"c�,�eZdZede�gZdefd�Zy)�VulnerabilityDpkgCacheDate�dpkg_status_datec��||_yr%�r2)r'r2s  r(r)z#VulnerabilityDpkgCacheDate.__init__.s
�� 0��r*N)r+r,r-rrr.�floatr)r/r*r(r1r1+s���&��7�
8�F�1��1r*r1c��eZdZdZdZdZdZy)�VulnerabilityStatusz<
    An enum to represent the status of a vulnerability
    �no�partial�yesN)r+r,r-�__doc__�NO_FIX_AVAILABLE�PARTIAL_FIX_AVAILABLE�FULL_FIX_AVAILABLEr/r*r(r7r72s�����%���r*r7c��eZdZ	ddedeefd�Zed��Zd�Z	d�Z
deeeffd	�Z
d
edefd�Zd
�Zd�Zd�Zd�Zd�Zy)�VulnerabilityDataN�cfg�seriesc�|�||_|xstj�j|_d|_d|_y)NF)rAr�get_release_inforB�_etag�
_refreshed)r'rArBs   r(r)zVulnerabilityData.__init__?s4��
����@�� 7� 7� 9� @� @�����
���r*c��|jSr%)rF�r's r(�	refreshedzVulnerabilityData.refreshedIs�����r*c�h�tjjt|jt
�Sr%)�os�path�joinrrBrrHs r(�_get_cache_data_pathz&VulnerabilityData._get_cache_data_pathMs#���w�w�|�|�$�d�k�k�3K�
�	
r*c
��tttttj
j
t|j�d����S�NF)�name�	directory�private)�data_object_cls�ua_file)	rr"r rrKrLrMrrBrHs r(�_get_etag_cache_filez&VulnerabilityData._get_etag_cache_fileRs7���2��-��'�'�,�,�'?����M���
�	
r*�	json_datac�r�tj|j�tj|��yr%)r�
write_filerN�json�dumps)r'rWs  r(�_save_cache_dataz"VulnerabilityData._save_cache_data\s$�����$�3�3�5�t�z�z�)�7L�Mr*�cache_etag_filer#c�:�|jt|���y)Nr&)�writer")r'r]r#s   r(�_save_etag_cachez"VulnerabilityData._save_etag_cache_s�����4�$�?�@r*c��|js3|j�}|j�}|r|j|_|jSr%)rErV�readr#)r'�	etag_file�	etag_datas   r(�	_get_etagzVulnerabilityData._get_etagbs;���z�z��1�1�3�I�!���(�I��&�^�^��
��z�z�r*c�n�tjtj|j	���Sr%)rZ�loadsr�	load_filerNrHs r(�_get_cache_dataz!VulnerabilityData._get_cache_datals%���z�z�&�*�*�4�+D�+D�+F�G�H�Hr*c��|j}t|j�jD�cgc]}|j��}}t
j|vrdj
|j�}n-tj|vrdj
|j�}tj|��}t|jj|�Scc}w)Nzfips_{}zfips-updates_{})rB)rBrrA�enabled_servicesrQr�formatrrr
�vulnerability_data_url_prefix)r'�	data_name�s�enabled_services_names�	data_files     r(�
_get_data_urlzVulnerabilityData._get_data_urlos����K�K�	�.�d�h�h�7�H�H�"
��A�F�F�"
��"
����#9�9�!�(�(����5�I�
#�
(�
(�,B�
B�)�0�0����=�I�+�2�2�)�D�	��t�x�x�=�=�y�I�I��"
s�Cc�,�|j�}|dS)N�published_at)�get)r'�vulnerability_json_datas  r(�get_published_datez$VulnerabilityData.get_published_date}s��"&�(�(�*��&�~�6�6r*c���|j�}	tj|j|j	�|��\}}d|_tj|jd��}tj�r3|j|�|r |j|j!�|�|S#tj$r|j�cYSwxYw)N)rA�urlr#Tzutf-8)rer
�download_xz_file_from_urlrArrrFr�
ETagUnchangedrirZrg�decoder�we_are_currently_rootr\r`rV)r'�	last_etag�datar#rWs     r(ruzVulnerabilityData.get�s����N�N�$�	�	*��7�7��H�H�$�"4�"4�"6�Y��J�D�$�#�D�O��J�J�t�{�{�7�3�4�	��%�%�'��!�!�)�,���%�%�d�&?�&?�&A�4�H�����'�'�	*��'�'�)�)�	*�s�:B9�9#C�Cr%)r+r,r-rr	�strr)�propertyrIrNrVrrr\rr`rerirrrwrur/r*r(r@r@=s���
!%� �
� ���
� �����
�

�N�$�s�C�x�.�N�A��A�c�A��I�J�7�r*r@�affected_packages�returnc���tj}d}|D]}|jd���|dz
}�|t|�k(rtj}|S|dk7rtj
}|S)Nr�fix_version�)r7r<ru�lenr>r=)r��vulnerability_status�	num_fixes�pkgs    r(�_get_vulnerability_fix_statusr��s{��/�?�?���I� ����7�7�=�!�-���N�I���C�)�*�*�2�E�E�� ��
�a��2�H�H���r*�VulnerabilityParserResult�vulnerability_data_published_at�vulnerabilities_infoc�6�eZdZd�Z	ddededeefd�Zd�Zy)	�VulnerabilitiesAlreadyFixedc�N�tt�|_td��|_y)Nc� �tt�Sr%)r�intr/r*r(�<lambda>z6VulnerabilitiesAlreadyFixed.__init__.<locals>.<lambda>�s��K��$�r*)r�set�_vulns�priority_counterrHs r(r)z$VulnerabilitiesAlreadyFixed.__init__�s��!�#�&��� +�$�!
��r*N�	vuln_name�vuln_pocket�
vuln_priorityc��||j|vr<|j|j|�|r|j||xxdz
cc<yyy)Nr�)r��addr�)r'r�r�r�s    r(�add_vulnerabilityz-VulnerabilitiesAlreadyFixed.add_vulnerability�sT���D�K�K��4�4��K�K��$�(�(��3���%�%�k�2�=�A�Q�F�A��5r*c��iid�}|jj�D]4\}}t|�|d|<t|j|�|d|<�6|S)N)�count�infor�r�)r��itemsr��dictr�)r'�	dict_repr�pocket�vulnss    r(�to_dictz#VulnerabilitiesAlreadyFixed.to_dict�sm����
�	�"�[�[�.�.�0�	L�M�F�E�),�U��I�g��v�&�(,�T�-B�-B�6�-J�(K�I�f��f�%�	L��r*r%)r+r,r-r)r�r	r�r�r/r*r(r�r��s:��
�(,�	
G��
G��
G� ��}�	
G�	r*r�c���eZdZdZej
deeefdeeeffd��Z	ej
deeefdeeefdeeeffd��Z
deeefd	ed
edefd�Zdeeefd	ed
eded
ef
d�Zdeeefd	ed
eded
ededefd�Z
dedeeefdeeefdeeeffd�Zded
efd�Zed��defd��Zdeed	edefd�Zdedefd�Zdeeeffd�Zdeeefdeeeeefffd �Zy)!�VulnerabilityParserN�affected_pkgr�c��yr%r/)r'r�s  r(�get_package_vulnerabilitiesz/VulnerabilityParser.get_package_vulnerabilities�s��	
r*�vulnerability_info�vulnerabilities_datac��yr%r/)r'r�r�s   r(� _post_process_vulnerability_infoz4VulnerabilityParser._post_process_vulnerability_info�s��	
r*�packages�bin_pkg_name�bin_pkg_versionr�c�*�d||jgi||<y)N�current_version)�vulnerability_type)r'r�r�r�r�s     r(�_add_new_vulnerabilityz*VulnerabilityParser._add_new_vulnerability�s ��
���#�#�R�"
���r*�vuln_pkg_statusc��||vr|j||||��|||jj|d|dd��y�N)r�r�r�r�)rQr��
fix_status�
fix_origin�r�r��append)r'r�r�r�r�r�s      r(�_add_unfixable_vulnerabilityz0VulnerabilityParser._add_unfixable_vulnerability�s\���x�'��'�'�!�)� /�#�	
(�
�	���t�6�6�7�>�>�!�#�-�"�	
�	
r*�vuln_bin_fix_versionr�c��||vr|j||||��|||jj||||d��yr�r�)r'r�r�r�r�r�r�r�s        r(�_add_fixable_vulnerabilityz.VulnerabilityParser._add_fixable_vulnerabilitys\���x�'��'�'�!�)� /�#�	
(�
�	���t�6�6�7�>�>�!�3�-�)�	
�	
r*�vulnerabilities�	vuln_info�
vulns_datac�:�||vr|j||��||<yy)N)r�r�)r�)r'r�r�r�r�s     r(�_add_vulnerability_infoz+VulnerabilityParser._add_vulnerability_info s2���O�+�)-�)N�)N�#,�%/�*O�*�O�I�&�,r*�vuln_source_fixed_versionc��|�|dk7ryy)Nznot-vulnerableTFr/)r'r�r�s   r(�is_vulnerability_not_fixablez0VulnerabilityParser.is_vulnerability_not_fixable-s��%�,��"2�2��r*)�maxsize�binary_pkg_namec�>�tjddd|g�\}}|S)Nz
dpkg-queryz-Wz-f=${source:Version})r�subp)r'r��out�_s    r(�!_get_installed_source_pkg_versionz5VulnerabilityParser._get_installed_source_pkg_version;s,�������&��	
�
���Q��
r*c�`�|�,|j|�}tj||�dkDryyy)aZ
        This method checks if we can detect that a vulnerability
        affects a binary package but can't be fixed. This
        situation can happen during a package transition.

        For example, suppose we have this entry for pkg1:

        "pkg1": {
          "source_version": {
            "1.0": {
              "bin-pkg1": "1.0",
              "bin-pkg2": "1.1",
            },
            "1.1": {
              "bin-pkg1": "1.2"
            }
          }
        }

        Notice that version 1.1 doesn't produce bin-pkg2 anymore.
        Therefore, if we detect that a vulnerability is fixable
        by version 1.1, we won't find the binary fixable bersion for
        the bin-pkg2 package.

        If we detect that, we will:

        1. Check if versions of the source package associated with the
           binary package is higher than the vulnerability source fix
           version. If it is, we can say that the system is not vulnerable.
        2. If it is not, then the binary package is affected by the issue, but
           we can't say what the user needs to do to fix it.
        rFT)r�r�version_compare)r'r�r�r��installed_source_pkg_versions     r(�&is_vulnerability_valid_but_not_fixablez:VulnerabilityParser.is_vulnerability_valid_but_not_fixableHsI��N �'��6�6�|�D�
)�
�#�#�0�2K����
��r*�bin_versionc�4�tj||�dkDS�Nr)rr�)r'r�r�s   r(�vulnerability_affects_systemz0VulnerabilityParser.vulnerability_affects_system�s��
�"�"�#7��E��I�Ir*�installed_pkgs_by_sourcec#�K�|j�D]-\}}t|j��D]\}}|||f����/y�wr%)r��sorted)r'r��
source_pkg�binary_pkgsr��binary_installed_versions      r(�_list_binary_packagesz)VulnerabilityParser._list_binary_packages�s]����'?�'E�'E�'G�	L�#�J����)�)�+�,�
L���(� �/�3K�K�K�	
L�	L�s�AAc�*�i}i}|jdi�}|jdi�j|ji�}|j|�D�]�\}}}	|j|i�}
|
jdi�}t|j	|
�j�d���D�]4\}}
|j|d�}|
jd�}|
jd�}|j
||�	�r,|j|||	||�
�|j||||���z	||jd�}||jd
i�j|�}|j|||�r+|j|||	|d�
�|j||||��|���|j|	|�s��|j|||	||||��|j||||����7���t|jd�||d���S#t$rY��fwxYw)Nr��security_issues�source_versionsc��|dSr�r/)�xs r(r�zLVulnerabilityParser.get_vulnerabilities_for_installed_pkgs.<locals>.<lambda>�s
��a��d�r*)�key��source_fixed_version�status)r�r�)r�r�r�r�r�)r�r�r�r�r��binary_packages�unknown)r�r�r�r�r�r�r�rt)r�r��r�r�)rur�r�r�r�r�r�r�r��KeyErrorr�r�r�r�)r'r�r�r�r��
affected_pkgs�
vulns_infor�r�r�r��vuln_source_versionsr��vulnr�r�r�r�r�s                   r(�&get_vulnerabilities_for_installed_pkgsz:VulnerabilityParser.get_vulnerabilities_for_installed_pkgs�s���
����,�0�0��R�@�
�)�-�-�.?��D�H�H��#�#�R�
�
��
'�
'�(@�
A�	Z	�
����(�,�,�Z��<�L�#/�#3�#3�4E�r�#J� �#)��0�0��>�D�D�F�"�$�R
��	�4�'�N�N�9�b�9�	�,0�H�H�5K�,L�)�"&�(�(�8�"4���4�4�$3�.G�5���5�5�!)�%1�(7�"+�(7�6���0�0�"+�(7�"+�#7�	1���
�1�1���c�(�m��-�-F�G���.��3���\�*�)��>�>�(� �-��
�5�5�!)�%1�(7�"+�(1�6���0�0�"+�(7�"+�#7�	1��(�/���4�4�#�(���3�3�!)�%1�(7�"+�(7�-A�$*�4���0�0�"+�(7�"+�#7�	1��[R
�Z	�x)�,@�,D�,D��-�%�#2�"�	
�	
��a ���	�s�&8H�	H�H)r+r,r-r��abc�abstractmethodrr�rr�r�r�r�r�r�r�rr�r	r�r�r�r�r/r*r(r�r��sS�������
� ��c��N�
�	
�c�3�h��
��
�
	���
� ��c��N�
�#�3��8�n�
�
�c�3�h��	
��
�

��s�C�x�.�

��

��	

�
�

�
��s�C�x�.�
��
��	
�
�
��

�2
��s�C�x�.�
��
��	
�
�
��

�"�
��
�6����c�3�h�����S��>�	�
��c��N���#&�����t��
��
��
�6�&�s�m�6��6�$'�	6�pJ��J�"�J�L�d�3��8�n�L�q
�"�3��8�n�q
�#'�s�D��c��N�':�";�q
r*r�)�	metaclassc�^�eZdZd
dedeefd�Zd�Zdeeeffd�Z	d�Z
d	�Zd
�Zd�Z
d�Zy)�VulnerabilityResultCacheNr�rBc��|xstj�j|_||_t	t
t
ttd����|_	yrP)
rrDrBr�rr1r rr�dpkg_status_cache)r'r�rBs   r(r)z!VulnerabilityResultCache.__init__sF���@�� 7� 7� 9� @� @���"4���!/�6��9�2���"
��r*c�~�tjjt|j|j
t�Sr%)rKrLrMrrBr�rrHs r(�_get_result_cache_pathz/VulnerabilityResultCache._get_result_cache_paths-���w�w�|�|�$��K�K��#�#�&�	
�	
r*�vulnerability_datac��tj�rutj�xsd}|jjt
|���tj|j�tj|��yy)Nrr4)rr}r�get_dpkg_status_timer�r_r1rrYr�rZr[)r'r��latest_dpkg_status_times   r(�save_result_cachez*VulnerabilityResultCache.save_result_cacheso���%�%�'�&)�&>�&>�&@�&E�A�#��"�"�(�(�*�%<��
�

����+�+�-��
�
�-�.�
�(r*c��tj�xsd}|jj�}|sy||jkDS)NrT)rr�r�rbr2)r'r��dpkg_status_cache_objs   r(�_has_apt_state_changedz/VulnerabilityResultCache._has_apt_state_changed&sC��"%�":�":�"<�"A��� $� 6� 6� ;� ;� =��$��&�)>�)O�)O�O�Or*c�\�tjj|j��Sr%)rKrL�existsr�rHs r(�_cache_result_existsz-VulnerabilityResultCache._cache_result_exists.s���w�w�~�~�d�9�9�;�<�<r*c�H�|j�sy|j�ryy)NFT)rrrHs r(�_is_cache_result_validz/VulnerabilityResultCache._is_cache_result_valid1s#���(�(�*���&�&�(��r*c�"�|j�Sr%)rrHs r(�is_cache_validz'VulnerabilityResultCache.is_cache_valid:s���*�*�,�,r*c�n�tjtj|j	���Sr%)rZrgrrhr�rHs r(�get_result_cachez)VulnerabilityResultCache.get_result_cache=s%���z�z�&�*�*�4�+F�+F�+H�I�J�Jr*r%)r+r,r-r�r	r)r�rrr�rrrr	rr/r*r(r�r�sM��

�3�

���
�

�
��D��c��N��P�=��-�Kr*r��parserrArBc�h�t||��}t||j��}|j�}|js9|j�r)t
|j�|j���St�}|j||��}|j|j�|S)N)rArB)rBr�r�)r�r�)
r@r�r�rurIr	r�rwrrr�r�r�)rrArBr��vulnerabilities_result�vulnerabilities_json_datar��vulnerabilities_parser_results        r(�get_vulnerabilitiesrAs���
-�����6��!�4�4���
!5� 8� 8� :���)�)�!�0�0�2�,�0D�0W�0W�0Y�%;�%L�%L�%N��
�
 C�D��	�5�5�!:�%=�	6�	
�"��,�,�%�:�:��)�(r*)>r��datetime�enumrZrK�collectionsr�	functoolsr�typingrrrrr	�urllib.parser
�uaclientrrr
rr�'uaclient.api.u.pro.security.fix._commonr�-uaclient.api.u.pro.status.enabled_services.v1r�uaclient.configr�uaclient.data_typesrrrr�uaclient.defaultsrrrrrr�uaclient.entitlements.fipsrr�uaclient.files.data_typesr�uaclient.files.filesr r"r1�unique�Enumr7r@r�r�r�r��ABCMetar�r�rr/r*r(�<module>r$sV��
����	�#��8�8� �8�8��L�$�����O�4�'��Z��1��1�����$�)�)��
��V�V�r ��D��h�s�m�!3�4�5� �� �"'��	*�H�X�5F�5F�,G�H�	��c�4��S��>�&9�!:�;������>q
�C�K�K�q
�h	;K�;K�|$)��$)�	�$)�
�S�M�$)r*

Zerion Mini Shell 1.0