Class: Dobby::VulnSource::Ubuntu
- Inherits:
-
AbstractVulnSource
- Object
- AbstractVulnSource
- Dobby::VulnSource::Ubuntu
- Defined in:
- lib/dobby/vuln_source/ubuntu.rb
Overview
This requires bazaar to be installed at /usr/bin/bzar unless configured with a different path via the bzr option.
Vulnerability source for Ubuntu systems. This class uses the Ubuntu CVE Tracker as its' remote source by checking out the bazaar repository.
Defined Under Namespace
Classes: VulnerabilityHash
Constant Summary collapse
- DEFAULT_RELEASE =
'xenial'
- URGENCY_MAP =
rubocop:enable Layout/AlignArray Map of Canonical-provided urgencies to a common severity format
Hash.new(Severity::Unknown).merge( 'untriaged' => Severity::Unknown, 'negligible' => Severity::Negligible, 'low' => Severity::Low, 'medium' => Severity::Medium, 'high' => Severity::High, 'critical' => Severity::Critical )
- RELEVANT_STATUSES =
An array of defect states that we are interested in. Skips e.g. ignored/DNE
%w[needed active deferred not-affected released].freeze
- DESC_STOP_FIELDS =
Line prefixes which indicate the end of a defect description
%w[ Ubuntu-Description: Priority: Discovered-By: Notes: Bugs: Assigned-to: ].freeze
Instance Attribute Summary
Attributes included from Strategy
Class Method Summary collapse
-
.cli_options ⇒ Object
rubocop:disable Layout/AlignArray.
Instance Method Summary collapse
-
#clean ⇒ Object
Delete the bzr repository.
- #setup ⇒ Object
-
#update ⇒ UpdateResponse
Provide an UpdateReponse sourced from Canoncial's Ubuntu CVE Tracker repository.
Methods included from Strategy
included, #initialize, #inspect, #log
Class Method Details
.cli_options ⇒ Object
rubocop:disable Layout/AlignArray
22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/dobby/vuln_source/ubuntu.rb', line 22 def self. [ ['--releases ONE,TWO', 'Limit the packages returned by a VulnSource to', 'these releases. Default vaires with selected', 'VulnSource.'], ['--bzr-bin PATH', 'VulnSource::Ubuntu - Path to the "bzr" binary.'], # ['--bzr-repo PATH', 'Path to the Ubuntu Security bazaar repo on the', # 'local system.'], ['--tracker-repo URI', 'VulnSource::Ubuntu - Path to the security tracker', 'bazaar repository remote.'], ['--cve-url-prefix URL', 'URI prefix used for building CVE links.'] ] end |
Instance Method Details
#clean ⇒ Object
Delete the bzr repository
90 91 92 |
# File 'lib/dobby/vuln_source/ubuntu.rb', line 90 def clean Dir.rmdir(.local_repo_path) end |
#setup ⇒ Object
65 66 67 |
# File 'lib/dobby/vuln_source/ubuntu.rb', line 65 def setup @last_revno = nil end |
#update ⇒ UpdateResponse
Provide an UpdateReponse sourced from Canoncial's Ubuntu CVE Tracker repository. This is a bazaar repository, and thus this strategy depends on the bzr binary being available. The strategy will avoid descending the repository if the repo's revno matches a previous revno.
75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/dobby/vuln_source/ubuntu.rb', line 75 def update branch_or_pull revno = bzr_revno return UpdateResponse.new(false) if revno == @last_revno vuln_entries = VulnerabilityHash.new modified_entries.each do |file| data = parse_ubuntu_cve_file(File.readlines(file)) vuln_entries.deep_merge!(data) end @last_revno = revno UpdateResponse.new(true, vuln_entries) end |