Class: Dobby::VulnSource::Ubuntu

Inherits:
AbstractVulnSource show all
Defined in:
lib/dobby/vuln_source/ubuntu.rb

Overview

Note:

This requires bazaar to be installed at /usr/bin/bzar unless configured with a different path via the bzr option.

Vulnerability source for Ubuntu systems. This class uses the Ubuntu CVE Tracker as its' remote source by checking out the bazaar repository.

Defined Under Namespace

Classes: VulnerabilityHash

Constant Summary collapse

DEFAULT_RELEASE =
'xenial'
URGENCY_MAP =

rubocop:enable Layout/AlignArray Map of Canonical-provided urgencies to a common severity format

Hash.new(Severity::Unknown).merge(
  'untriaged'  => Severity::Unknown,
  'negligible' => Severity::Negligible,
  'low'        => Severity::Low,
  'medium'     => Severity::Medium,
  'high'       => Severity::High,
  'critical'   => Severity::Critical
)
RELEVANT_STATUSES =

An array of defect states that we are interested in. Skips e.g. ignored/DNE

%w[needed active deferred not-affected released].freeze
DESC_STOP_FIELDS =

Line prefixes which indicate the end of a defect description

%w[
  Ubuntu-Description:
  Priority:
  Discovered-By:
  Notes:
  Bugs:
  Assigned-to:
].freeze

Instance Attribute Summary

Attributes included from Strategy

#options

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Strategy

included, #initialize, #inspect, #log

Class Method Details

.cli_optionsObject

rubocop:disable Layout/AlignArray



22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/dobby/vuln_source/ubuntu.rb', line 22

def self.cli_options
  [
    ['--releases ONE,TWO',   'Limit the packages returned by a VulnSource to',
                             'these releases. Default vaires with selected',
                             'VulnSource.'],
    ['--bzr-bin PATH',       'VulnSource::Ubuntu - Path to the "bzr" binary.'],
    # ['--bzr-repo PATH',      'Path to the Ubuntu Security bazaar repo on the',
    #                          'local system.'],
    ['--tracker-repo URI',   'VulnSource::Ubuntu - Path to the security tracker',
                             'bazaar repository remote.'],
    ['--cve-url-prefix URL', 'URI prefix used for building CVE links.']
  ]
end

Instance Method Details

#cleanObject

Delete the bzr repository



90
91
92
# File 'lib/dobby/vuln_source/ubuntu.rb', line 90

def clean
  Dir.rmdir(options.local_repo_path)
end

#setupObject



65
66
67
# File 'lib/dobby/vuln_source/ubuntu.rb', line 65

def setup
  @last_revno = nil
end

#updateUpdateResponse

Provide an UpdateReponse sourced from Canoncial's Ubuntu CVE Tracker repository. This is a bazaar repository, and thus this strategy depends on the bzr binary being available. The strategy will avoid descending the repository if the repo's revno matches a previous revno.

Returns:



75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/dobby/vuln_source/ubuntu.rb', line 75

def update
  branch_or_pull
  revno = bzr_revno
  return UpdateResponse.new(false) if revno == @last_revno

  vuln_entries = VulnerabilityHash.new
  modified_entries.each do |file|
    data = parse_ubuntu_cve_file(File.readlines(file))
    vuln_entries.deep_merge!(data)
  end
  @last_revno = revno
  UpdateResponse.new(true, vuln_entries)
end