U

��Jh
-�	@s�
dd
lZddl
mZmZmZmZ
ddlmZmZ
ddl	m
Z

ddlmZ
ddl
mZmZ
ddlmZ
ddlmZ
dd	lmZmZmZmZmZmZmZmZ
Gd
d�de�ZGdd
�d
e�ZGdd�de�ZGdd�de�Z Gdd�de�Z!Gdd�dee�Z"Gdd�de�Z#e$d�
dd�Z%ee"d�dd�Z&eee'efe'e"d�dd �Z(eee"d!�d"d#�Z)e
d$d%e)ed&�Z*d'd(d)e"eg
gd*d+d,�Z+d
S)-�N)�Any�Dict�List�Optional)�system�util)
�APIEndpoint)
�AdditionalInfo)�VulnerabilityParser�get_vulnerabilities)
�get_apt_cache_datetime)
�UAConfig)�
BoolDataValue�
DataObject�DatetimeDataValue�Field�FloatDataValue�StringDataValue�	data_dict�	data_listc@sLeZ
dZed
eddd�ededdd�gZddd�eeeed�dd	�Zd
S)�CVEsOptions�	unfixableFzShow only unfixable CVES.�
�doc�fixablezShow only fixable CVES.�rrc
Cs|
|_||_
dS�
Nr)�selfrr�r�E/usr/lib/python3/dist-packages/uaclient/api/u/pro/security/cves/v1.py�__init__)s
zCVEsOptions.__init__N)	�__name__�
__module__�__qualname__rr�fieldsr�boolr rrrrrs&



�



��
�
�rc@sZeZ
dZed
eddd�ededdd�ededdd�ed	ed
d�gZeeeed�dd
�ZdS)�CVEAffectedPackage�nameFzThe CVE namer�fix_versionz.The version that fixes the CVE for the package�
fix_statusz)The status of the CVE fix for the package�
fix_originz*The pocket where the fix is available from�r'r(r)r*cCs|
|_||_
||_||_dSrr+)rr'r(r)r*rrrr Ns


zCVEAffectedPackage.__init__N�r!r"r#rrr$�strr rrrrr&3s:



�



�



�


���r&c@s@eZ
dZed
edd�edee�
dd�gZee	ed�dd�Z
d	S)
�AffectedPackage�current_versionz"The current version of the packager�cvesz The CVE that affects the package�r/r0c
Cs|
|_||_
dSrr1)rr/r0rrrr es
zAffectedPackage.__init__N)r!r"r#rrrr&r$r-rr rrrrr.Ws


�


���r.c@s8eZ
dZed
edd�ededd�gZeed�dd�Zd	S)
�
RelatedUSNr'zThe USN namer�titlez
The USN title�r'r3cCs|
|_||_
dSrr4)rr'r3rrrr zs

zRelatedUSN.__init__Nr,rrrrr2ls


�


��
r2c@s�eZ
dZed
edd�ededd�ededd�edee�
d	d
d�eded	dd�ed
ed	dd�gZdddddd�e	e
j
e	eee	ee
ee	eeeeee	d�dd�ZdS)�CVEInfo�descriptionzThe CVE descriptionr�published_atzThe CVE published date�priorityzThe ubuntu priority for the CVE�notesFzA list of notes for the CVE�
cvss_scorezThe CVE cvss score�
cvss_severityzThe CVE cvss severityN)r9r:r;�related_usns�related_packages�r6r7r8r9r:r;r<r=c
	Cs4|
|_||_
||_||_||_||_||_||_dSrr>)	rr6r7r8r9r:r;r<r=rrrr �s





zCVEInfo.__init__)r!r"r#rrrrrr$r-�datetimerr�floatr2r rrrrr5sb


�


�


�



�



�



��*



�









�r5c@sfeZ
dZed
eed�
dd�edeed�
dd�gZdd�
ee	efee	efe
j
ee
j
d	�d
d�ZdS)�
CVEsResult�packages)
Z	value_clszcA dictionary where the keys are installed package names and the values are AffectedPackage objects.rr0zMA dictionary where the keys are CVE names and the values are CVEInfo objects.N)
�apt_updated_at�rBr0�vulnerability_data_published_atrCc
Cs|
|_||_
||_||_dSrrD)rrBr0rErCrrrr �s


zCVEsResult.__init__)
r!r"r#rrr.r5r$rr-r?rr rrrrrA�s$


�


���



�rAc@sZeZ
dZd
Zeeefeeefd�dd�Zeeefeeefeeefd�dd�ZdS)	�	CVEParserr0)�affected_pkg�returncCs|
�|j
i�Sr)�get�vulnerability_type)rrGrrr�get_package_vulnerabilities�sz%CVEParser.get_package_vulnerabilities)�vulnerability_info�vulnerabilities_datarHcCs\|
�d
�
rXg}|�di��di�}|
d
D]$}|�
||�|i��dd�d��

q*||
d
<|
S)Nr<Zsecurity_issuesZusnsr3�r4)rI�append)rrLrMr<Zusn_info�related_usnrrr� _post_process_vulnerability_info�s"


�


���	z*CVEParser._post_process_vulnerability_infoN)	r!r"r#rJrr-rrKrQrrrrrF�s



�




�rF)
rHcCs4|�d
�
o|�d�
}|
j
r"|r"dS|
jr0|s0dSdS)Nr(r*FT)rIrr)�cve�optionsZ
is_fixablerrr�cve_status_match_options�s






rT)rSrHc

Cst|t
��Sr)�_cvesr
)
rSrrrr0	
sr0)rS�vulnerabilitiesrErHc	
s�i}t��t
|
�d
i����
D]�\}}g}t
|�dg�dd�d�D]B}t||�rB|�t|d|d|d|d	d
��

��|d�

qB|rt|d|d�||<q�f
d
d�t
|
�di���dd�d�D�
}t	||t
�|�
t�d�S)NrBr0c

Ss|d
S)Nr'r)
rRrrr�<lambda>
�z(_parse_vulnerabilities.<locals>.<lambda>)
�keyr'r(r)r*r+r/r1c
sji|]b\}
}|
�kr|
t|dt
�|d
�
|d|d|d|ddd�|�dg�D�
|�d	g�d
��qS)r6r7Zubuntu_priorityr9r:r;c
Ss(g|] }
t|
�
dd
�|
�
dd
�d��qS)r'rNr3r4)r2rI)�.0rPrrr�
<listcomp>6
s
�



�z5_parse_vulnerabilities.<locals>.<dictcomp>.<listcomp>r<r=r>)r5r�parse_rfc3339_daterI)rZZcve_namerR�
Zallowed_cvesrr�
<dictcomp>.
s�







�
�z*_parse_vulnerabilities.<locals>.<dictcomp>rVc

Ss|d
S)Nr
r)
�
vrrrrWA
rXrD)
�set�sortedrI�itemsrTrOr&�addr.rArr\r)	rSrVrErB�pkg_nameZpackage_infoZpkg_cvesrRr0rr]r�_parse_vulnerabilities
sN


�


�







��


�


��



��re)rS�cfgrHcCsH|jr|j
rd
|_d
|_
t��j}tt�|
|d�}|j}t|||j	d�S)z�
    This endpoint shows the CVE vulnerabilites in the system.
    By default, this API will show all CVEs that affect the system.
    F)�parserrf�series)rSrVrE)
rrrZget_release_inforhrrFZvulnerabilities_inforerE)rSrfrhZcve_vulnerabilities_resultZcve_vulnerabilitiesrrrrUP
s





�


�rUZv1ZCVEs)�versionr'�fnZoptions_clsZ35Tzs
from uaclient.api.u.pro.security.cves.v1 import cves, CVEsOptions

options = CVEsOptions()
result = cves(options)
zpro api u.pro.security.cves.v1a�
{
    "cves": {
      "CVE-2023-5678": {
        "cvss_score": 8.1,
        "cvss_severity": "high",
        "description": "description example",
        "notes": [
          "note example",
        ],
        "priority": "medium",
        "published_at": ".*"
      }
    },
    "packages": {
      "accountsservice": {
        "current_version": "0.6.40-2ubuntu11.6",
        "cves": [
          {
            "fix_origin": "esm-infra",
            "fix_status": "fixed",
            "fix_version": "0.6.40-2ubuntu11.6+esm1",
            "name": "CVE-2023-5678"
          }
        ]
      },
      "libaccountsservice0": {
        "current_version": "0.6.40-2ubuntu11.6",
        "cves": [
          {
            "fix_origin": "esm-infra",
            "fix_status": "fixed",
            "fix_version": "0.6.40-2ubuntu11.6+esm1",
            "name": "CVE-2023-5678"
          }
        ]
      }
    },
}
)Z
introduced_inZrequires_networkZexample_pythonZresult_classZignore_result_classes�
exceptionsZexample_cliZexample_json),r?�typingrrrrZuaclientrrZuaclient.api.apirZuaclient.api.data_typesr	Z+uaclient.api.u.pro.security.cves._common.v1r
rZuaclient.aptrZuaclient.configr
Zuaclient.data_typesrrrrrrrrrr&r.r2r5rArFr%rTr0r-rerUZendpointZ_docrrrr�<module>
sV





($>#
�



�B

� 



�





�