예제 #1
0
    public void UpdateCVEs()
    {
        this.logWriter.WriteText("Beginning CVE updates");
        List <KeyValuePair <string, Dictionary <string, object> > > updatesToBePerformed =
            new List <KeyValuePair <string, Dictionary <string, object> > >();

        foreach (CVEItem cveItem in cveItems)
        {
            CVE    cve = cveItem.cve;
            string sql = "insert into cves (cve_id, assigner, data_type, data_format, data_version) values "
                         + "(@cveId, @assigner, @dataType, @dataFormat, @dataVersion) on duplicate key update "
                         + "cve_id = @cveId, assigner = @assigner, data_type = @dataType, data_format = @dataFormat, "
                         + "data_version = @dataVersion";

            Dictionary <string, object> bindVars = new Dictionary <string, object>();
            bindVars.Add("cveId", cve.cveMetaData.ID);
            bindVars.Add("assigner", cve.cveMetaData.assigner);
            bindVars.Add("dataType", cve.dataType);
            bindVars.Add("dataFormat", cve.dataFormat);
            bindVars.Add("dataVersion", cve.dataVersion);

            updatesToBePerformed.Add(
                new KeyValuePair <string, Dictionary <string, object> >(sql, bindVars)
                );
        }

        int numUpdates = this.databaseUtil.performNonQueries(updatesToBePerformed);

        this.logWriter.WriteText("CVE updates completed. Performed " + numUpdates + " updates");
    }
예제 #2
0
        public PersistentCVE(CVE cve)
        {
            if (cve == null)
            {
                return;
            }

            this.PersistentComments = new List <PersistentCVEComment>();

            if (cve.Comments != null)
            {
                foreach (CVEComment comment in cve.Comments)
                {
                    this.PersistentComments.Add(new PersistentCVEComment(comment));
                }
            }

            this.Description = cve.Description;
            this.Name        = cve.Name;

            this.PersistentReferences = new List <PersistentCVEReference>();

            if (cve.References != null)
            {
                foreach (CVEReference reference in cve.References)
                {
                    this.PersistentReferences.Add(new PersistentCVEReference(reference));
                }
            }
        }
예제 #3
0
        public async Task ExpiredThresholdCausesRecordUpdate()
        {
            // Arrange
            await using var context = JosekiTestsDb.CreateUniqueContext();
            var parser   = new ConfigurationParser("config.sample.yaml");
            var cveCache = new CveCache(parser, context, new MemoryCache(new MemoryCacheOptions()));

            var id             = this.GetCveId();
            var now            = DateTime.UtcNow;
            var expirationDate = now.AddDays(-(parser.Get().Cache.CveTtl + 1));
            var oldCve         = new CveEntity
            {
                CveId       = id,
                Severity    = joseki.db.entities.CveSeverity.Medium,
                PackageName = Guid.NewGuid().ToString(),
                Title       = Guid.NewGuid().ToString(),
                Description = Guid.NewGuid().ToString(),
                Remediation = Guid.NewGuid().ToString(),
                References  = Guid.NewGuid().ToString(),
                DateUpdated = expirationDate,
                DateCreated = expirationDate,
            };

            // this is the hack -_-
            // Use sync version, because it does not update DateUpdated & DateCreated
            context.Cve.Add(oldCve);
            context.SaveChanges();

            var newCve = new CVE
            {
                Id          = id,
                Description = Guid.NewGuid().ToString(),
                Remediation = Guid.NewGuid().ToString(),
                Severity    = CveSeverity.High,
                PackageName = Guid.NewGuid().ToString(),
                Title       = Guid.NewGuid().ToString(),
                References  = Guid.NewGuid().ToString(),
            };

            // Act & Assert
            context.Cve.Count().Should().Be(1, "context should have the only one record before GetOrAddItem");
            await cveCache.GetOrAddItem(id, () => newCve);

            var actualEntity = await context.Cve.FirstAsync(i => i.CveId == id);

            actualEntity.Description.Should().Be(newCve.Description);
            actualEntity.Remediation.Should().Be(newCve.Remediation);
            actualEntity.PackageName.Should().Be(newCve.PackageName);
            actualEntity.Title.Should().Be(newCve.Title);
            actualEntity.References.Should().Be(newCve.References);
            actualEntity.Severity.Should().Be(joseki.db.entities.CveSeverity.High);
            actualEntity.DateUpdated.Should().BeOnOrAfter(now);
        }
예제 #4
0
 /// <summary>
 /// Creates CVE entity from internal model.
 /// </summary>
 /// <param name="cve">Internal CVE model.</param>
 /// <returns>Database compatible entity.</returns>
 public static CveEntity ToEntity(this CVE cve)
 {
     return(new CveEntity
     {
         CveId = cve.Id,
         PackageName = cve.PackageName,
         Severity = cve.Severity.ToEntity(),
         Title = cve.Title,
         Description = cve.Description,
         Remediation = cve.Remediation,
         References = cve.References,
     });
 }
예제 #5
0
        public async Task GetNotExistingItemAddOneRecordToDb()
        {
            // Arrange
            await using var context = JosekiTestsDb.CreateUniqueContext();
            var parser   = new ConfigurationParser("config.sample.yaml");
            var cveCache = new CveCache(parser, context, new MemoryCache(new MemoryCacheOptions()));

            var id  = this.GetCveId();
            var cve = new CVE {
                Id = id, Description = Guid.NewGuid().ToString(),
            };

            // Act & Assert
            context.Cve.Count().Should().Be(0, "context should be empty before GetOrAddItem");
            await cveCache.GetOrAddItem(id, () => cve);

            context.Cve.Count().Should().Be(1, "context should have a single value after GetOrAddItem");
        }
예제 #6
0
        public async Task GetExistingItemDoesNotAddNewRecords()
        {
            // Arrange
            await using var context = JosekiTestsDb.CreateUniqueContext();
            var parser   = new ConfigurationParser("config.sample.yaml");
            var cveCache = new CveCache(parser, context, new MemoryCache(new MemoryCacheOptions()));

            var id  = this.GetCveId();
            var cve = new CVE {
                Id = id, Description = Guid.NewGuid().ToString(),
            };

            context.Cve.Add(cve.ToEntity());
            await context.SaveChangesAsync();

            // Act & Assert
            context.Cve.Count().Should().Be(1, "context should have the only one record before GetOrAddItem");
            await cveCache.GetOrAddItem(id, () => cve);

            context.Cve.Count().Should().Be(1, "context should still have the only one record after GetOrAddItem");
        }
예제 #7
0
        public static List <DebianPackage> ParseDebianJsonFile(FileInfo f)
        {
            List <DebianPackage> packages = null;;
            Stack <IJsonValue>   stack    = new Stack <IJsonValue>(50);

            using (StreamReader sr = new StreamReader(f.FullName))
                using (JsonTextReader jr = new JsonTextReader(sr))
                {
                    while (jr.Read())
                    {
                        IJsonValue top;
                        switch (jr.TokenType)
                        {
                        case JsonToken.StartObject:
                            if (stack.Count == 0)
                            {
                                stack.Push(new JsonList <DebianPackage>());
                                break;
                            }
                            else
                            {
                                top = stack.Peek();
                            }
                            if (top.JsonType == "package")
                            {
                                JsonList <CVE> c = new JsonList <CVE>();
                                DebianPackage  p = (DebianPackage)top;
                                p.CVEs = (List <CVE>)c;
                                stack.Push(c);
                            }
                            break;

                        case JsonToken.PropertyName:
                            top = stack.Peek();
                            if (top.JsonType == "package_list")
                            {
                                JsonList <DebianPackage> pl = (JsonList <DebianPackage>)top;
                                DebianPackage            p  = new DebianPackage()
                                {
                                    Name = (string)jr.Value
                                };
                                pl.Add(p);
                                stack.Push(p);
                            }
                            else if (top.JsonType == "cve_list")
                            {
                                JsonList <CVE> cl = (JsonList <CVE>)top;
                                CVE            c  = new CVE()
                                {
                                    Name = (string)jr.Value
                                };
                                cl.Add(c);
                                stack.Push(c);
                            }
                            else if (top.JsonType == "cve")
                            {
                                CVE cve = (CVE)top;
                                switch ((string)jr.Value)
                                {
                                case "scope":
                                    cve.Scope = jr.ReadAsString();

                                    break;

                                case "debianbug":
                                    string s = jr.ReadAsString();
                                    int    db;
                                    if (Int32.TryParse(s, out db))
                                    {
                                        cve.DebianBug = db;
                                    }
                                    else
                                    {
                                        logger.Warn("Could not parse debianbug property {0} for CVE {1} as int.", s, cve.Name);
                                    }
                                    break;

                                case "description":
                                    cve.Description = jr.ReadAsString();
                                    break;

                                case "releases":
                                    JsonList <Release> rl = new JsonList <Release>();
                                    cve.Releases = rl;
                                    stack.Push(rl);
                                    break;
                                }
                            }
                            else if (top.JsonType == "release_list")
                            {
                                JsonList <Release> rl = (JsonList <Release>)top;
                                Release            r  = new Release()
                                {
                                    Name = (string)jr.Value
                                };
                                rl.Add(r);
                                stack.Push(r);
                            }
                            else if (top.JsonType == "release")
                            {
                                Release release = (Release)top;
                                switch ((string)jr.Value)
                                {
                                case "status":
                                    release.Status = jr.ReadAsString();
                                    break;

                                case "urgency":
                                    release.Urgency = jr.ReadAsString();
                                    break;

                                case "nodsa":
                                    release.Nodsa = jr.ReadAsString();
                                    break;

                                case "fixed_version":
                                    release.FixedVersion = jr.ReadAsString();
                                    break;

                                case "repositories":
                                    JsonList <Repository> rl = new JsonList <Repository>();
                                    release.Repositories = rl;
                                    stack.Push(rl);
                                    break;
                                }
                            }
                            else if (top.JsonType == "repository_list")
                            {
                                JsonList <Repository> rl         = (JsonList <Repository>)top;
                                Repository            repository = new Repository()
                                {
                                    Name    = (string)jr.Value,
                                    Version = jr.ReadAsString()
                                };
                                rl.Add(repository);
                            }
                            break;

                        case JsonToken.EndObject:
                            top = stack.Peek();
                            if (top.JsonType == "cve" || top.JsonType == "release" || top.JsonType == "release_list" ||
                                top.JsonType == "repository" || top.JsonType == "repository_list")
                            {
                                stack.Pop();
                                //logger.Debug("Popped object {0} with name {1} from stack.", top.JsonType, top.Name);
                            }
                            if (top.JsonType == "cve_list")
                            {
                                stack.Pop();
                                DebianPackage package = (DebianPackage)stack.Pop();  //cve list end means package end too
                                logger.Info("Parsed {0} CVEs for package {1}.", package.CVEs.Count, package.Name);
                            }
                            break;

                        default:
                            Exception e = new Exception(string.Format
                                                            ("Unexpected Json token in stream: {0} at path {1}, file position {2} with value {3}.", jr.TokenType.ToString(), jr.Path, jr.LinePosition, jr.Value));
                            logger.Error(e);
                            throw e;
                        }
                    }
                }
            packages = (List <DebianPackage>)stack.Pop();
            logger.Info("Parsed {0} packages, {1} CVEs.", packages.Count, packages.Sum(p => p.CVEs.Count));
            return((List <DebianPackage>)packages);
        }