merging all the fixes that were made in the decouple branch as well as

the RethinkDB 1.12 compatability changes
dominiquearpin · Mar 27, 2014 · 0aa4f59 · 0aa4f59
1 parent f9636dd
commit 0aa4f59
Show file tree

Hide file tree

Showing 41 changed files with 27,456 additions and 11,594 deletions.
diff --git a/tp/src/operations/operation_manager.py b/tp/src/operations/operation_manager.py
@@ -518,18 +518,20 @@ def _update_app_stats(self, operation_id, agent_id,
                     [operation_id, agent_id],
                     index=OperationPerAppIndexes.OperationIdAndAgentId
                 )
-                .group_by(OperationPerAppKey.Results, r.count)
+                .group(OperationPerAppKey.Results)
+                .count()
+                .ungroup()
                 .run(conn)
             )
 
             for i in app_stats_count:
-                if i['group']['results'] == OperationCodes.ResultsPending:
+                if i['group'] == OperationCodes.ResultsPending:
                     pending_count = i['reduction']
 
-                elif i['group']['results'] == OperationCodes.ResultsReceived:
+                elif i['group'] == OperationCodes.ResultsReceived:
                     completed_count = i['reduction']
 
-                elif i['group']['results'] == OperationCodes.ResultsReceivedWithErrors:
+                elif i['group'] == OperationCodes.ResultsReceivedWithErrors:
                     failed_count = i['reduction']
 
             (

diff --git a/tp/src/operations/retriever.py b/tp/src/operations/retriever.py
@@ -4,7 +4,7 @@
 import logging.config
 from vFense.db.client import db_create_close, r
 from vFense.operations import *
-from vFense.agent import *
+from vFense.core.agent import *
 from vFense.errorz.error_messages import GenericResults, OperationResults, OperationCodes
 from vFense.plugins.patching import *
 from vFense.plugins.patching.rv_db_calls import *

diff --git a/tp/src/plugins/cve/__init__.py b/tp/src/plugins/cve/__init__.py
@@ -32,7 +32,7 @@ class WindowsSecurityBulletinKey():
     BulletinKb = 'bulletin_kb'
     BulletinSeverity = 'bulletin_severity'
     BulletinImpact = 'bulletin_impact'
-    Title = 'bulletin_title'
+    Details = 'bulletin_details'
     AffectedProduct = 'affected_product'
     ComponentKb = 'component_kb'
     AffectedComponent = 'affected_component'
@@ -41,6 +41,7 @@ class WindowsSecurityBulletinKey():
     SupersedesBulletinId = 'supercedes_bulletin_id'
     SupersedesBulletinKb = 'supercedes_bulletin_kb'
     Supersedes = 'supercedes'
+    SupportUrl = 'support_url'
     Reboot = 'reboot'
     CveIds = 'cve_ids'
 
@@ -58,6 +59,7 @@ class UbuntuSecurityBulletinKey():
     Apps = 'apps'
     OsString = 'os_string'
     CveIds = 'cve_ids'
+    SupportUrl = 'support_url'
 
 class UbuntuSecurityBulletinIndexes():
     BulletinId = 'bulletin_id'
@@ -82,4 +84,3 @@ class SecurityBulletinKey():
     Supersedes = 'supercedes'
     Reboot = 'reboot'
     CveIds = 'cve_ids'
-
diff --git a/tp/src/plugins/cve/api/__init__.py b/tp/src/plugins/cve/api/__init__.py
diff --git a/tp/src/plugins/cve/api/cve.py b/tp/src/plugins/cve/api/cve.py
@@ -0,0 +1,44 @@
+from datetime import datetime
+import tornado.httpserver
+import tornado.web
+
+import simplejson as json
+
+from vFense.server.handlers import BaseHandler
+import logging
+import logging.config
+
+from vFense.errorz.error_messages import GenericResults, PackageResults
+
+from vFense.plugins.cve.search.by_cve_id import RetrieveByCveId
+from vFense.plugins.cve import *
+
+from vFense.server.hierarchy.manager import get_current_customer_name
+from vFense.server.hierarchy.decorators import authenticated_request, permission_check
+from vFense.server.hierarchy.decorators import convert_json_to_arguments
+from vFense.server.hierarchy.permissions import Permission
+
+logging.config.fileConfig('/opt/TopPatch/conf/logging.config')
+logger = logging.getLogger('rvapi')
+
+
+class CveIdHandler(BaseHandler):
+    @authenticated_request
+    def get(self, cve_id):
+        username = self.get_current_user().encode('utf-8')
+        customer_name = get_current_customer_name(username)
+        uri = self.request.uri
+        method = self.request.method
+        vuln = (
+            RetrieveByCveId(
+                username, customer_name, cve_id,
+                uri, method
+            )
+        )
+        results = vuln.get_cve()
+
+        self.set_status(results['http_status'])
+        self.set_header('Content-Type', 'application/json')
+        self.write(json.dumps(results, indent=4))
+
+
diff --git a/tp/src/plugins/cve/api/vulnerability.py b/tp/src/plugins/cve/api/vulnerability.py
@@ -0,0 +1,44 @@
+from datetime import datetime
+import tornado.httpserver
+import tornado.web
+
+import simplejson as json
+
+from vFense.server.handlers import BaseHandler
+import logging
+import logging.config
+
+from vFense.errorz.error_messages import GenericResults, PackageResults
+
+from vFense.plugins.cve.search.by_vuln_id import RetrieveByVulnerabilityId
+from vFense.plugins.cve import *
+
+from vFense.server.hierarchy.manager import get_current_customer_name
+from vFense.server.hierarchy.decorators import authenticated_request, permission_check
+from vFense.server.hierarchy.decorators import convert_json_to_arguments
+from vFense.server.hierarchy.permissions import Permission
+
+logging.config.fileConfig('/opt/TopPatch/conf/logging.config')
+logger = logging.getLogger('rvapi')
+
+
+class VulnIdHandler(BaseHandler):
+    @authenticated_request
+    def get(self, vuln_id):
+        username = self.get_current_user().encode('utf-8')
+        customer_name = get_current_customer_name(username)
+        uri = self.request.uri
+        method = self.request.method
+        vuln = (
+            RetrieveByVulnerabilityId(
+                username, customer_name, vuln_id,
+                uri, method
+            )
+        )
+        results = vuln.get_vuln()
+
+        self.set_status(results['http_status'])
+        self.set_header('Content-Type', 'application/json')
+        self.write(json.dumps(results, indent=4))
+
+
diff --git a/tp/src/plugins/cve/bulletin_parser.py b/tp/src/plugins/cve/bulletin_parser.py
@@ -1,6 +1,8 @@
 import os
 import re
 import sys
+from time import mktime
+from datetime import datetime
 import logging
 import logging.config
 
@@ -55,7 +57,7 @@ def parse_spread_sheet(bulletin_file):
         bulletin_dict[WindowsSecurityBulletinKey.BulletinKb] = row[2]
         bulletin_dict[WindowsSecurityBulletinKey.BulletinSeverity] = row[3]
         bulletin_dict[WindowsSecurityBulletinKey.BulletinImpact] = row[4]
-        bulletin_dict[WindowsSecurityBulletinKey.Title] = row[5]
+        bulletin_dict[WindowsSecurityBulletinKey.Details] = row[5]
         bulletin_dict[WindowsSecurityBulletinKey.AffectedProduct] = row[6]
         bulletin_dict[WindowsSecurityBulletinKey.ComponentKb] = row[7]
         bulletin_dict[WindowsSecurityBulletinKey.AffectedComponent] = row[8]
@@ -86,11 +88,14 @@ def parse_spread_sheet(bulletin_file):
     return(bulletin_list)
 
 def parse_bulletin_and_updatedb():
+    logger.info('starting microsoft security bulletin update process')
     if not os.path.exists(XLS_DIR):
         os.makedirs(XLS_DIR)
     downloaded, xls_file = download_latest_xls_from_msft()
     if downloaded:
         bulletin_data = parse_spread_sheet(xls_file)
         insert_into_bulletin_collection_for_windows(bulletin_data)
 
+    logger.info('finished microsoft security bulletin update process')
+
 #parse_bulletin_and_updatedb()
diff --git a/tp/src/plugins/cve/cve_parser.py b/tp/src/plugins/cve/cve_parser.py
@@ -20,7 +20,7 @@ class NvdParser(object):
     def get_entry_info(self, entry):
         data = {}
         attrib = entry.attrib
-        data[CveKey.CveId] = attrib.get(CVE_ID)
+        data[CveKey.CveId] = attrib.get(CVE_NAME)
         data[CveKey.CveSev] = attrib.get(CVE_SEVERITY)
         data[CveKey.CvePublishedDate] = (
             r.epoch_time(
@@ -186,8 +186,8 @@ def parse_cve_and_udpatedb(download_latest_nvd=True, nvd_file=NVD_MODIFIED_FILE)
         if entry.tag == NVD_FEEDS_REFS and event == 'start':
             cve_data[CveKey.CveRefs] = parser.get_refs(entry)
 
-        if entry.tag == NVD_FEEDS_VULN_SOFT and event == 'start':
-            cve_data[CveKey.CveVulnsSoft] = parser.get_vulns_soft(entry)
+        #if entry.tag == NVD_FEEDS_VULN_SOFT and event == 'start':
+        #    cve_data[CveKey.CveVulnsSoft] = parser.get_vulns_soft(entry)
 
         cve_data[CveKey.CveCategories] = []
         if entry.tag == NVD_FEEDS_ENTRY and event == 'end':
@@ -197,6 +197,7 @@ def parse_cve_and_udpatedb(download_latest_nvd=True, nvd_file=NVD_MODIFIED_FILE)
                         key != CveKey.CveVulnsSoft and
                         key != CveKey.CvePublishedDate and
                         key != CveKey.CveCategories and
+                        key != CveKey.CvssVector and
                         key != CveKey.CveModifiedDate):
                     cve_data[key] = unicode(cve_data[key])
 
@@ -218,6 +219,7 @@ def load_up_all_xml_into_db():
     if not os.path.exists(XML_DIR):
         os.makedirs(XML_DIR)
     xml_exists = os.listdir(XML_DIR)
+    logger.info('starting cve/nvd update process') 
     if not xml_exists:
         logger.info('downloading nvd/cve xml data files')
         start_nvd_xml_download()
@@ -226,6 +228,7 @@ def load_up_all_xml_into_db():
             nvd_file = os.path.join(directory, xml_file)
             parse_cve_and_udpatedb(False, nvd_file)
     update_cve_categories()
+    logger.info('finished cve/nvd update process') 
 
 #update_cve_categories()
 #load_up_all_xml_into_db()
diff --git a/tp/src/plugins/cve/data/html/ubuntu/usn-2150-1 b/tp/src/plugins/cve/data/html/ubuntu/usn-2150-1
@@ -129,7 +129,7 @@ opened a malicious website.
 
 <p>Robert O&#39;Callahan discovered a mechanism for timing attacks involving<br />SVG filters and displacements input to feDisplacementMap. An attacker<br />could potentially exploit this to steal confidential information across<br />domains. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1505">CVE-2014-1505</a>)</p>
 
-<p>Tyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read<br />during polygon rendering in MathML. An attacker could potentially exploit<br />this to steal confidential information across domains. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2104-1508">CVE-2104-1508</a>)</p>
+<p>Tyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read<br />during polygon rendering in MathML. An attacker could potentially exploit<br />this to steal confidential information across domains. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1508">CVE-2014-1508</a>)</p>
 
 <p>John Thomson discovered a memory corruption bug in the Cairo graphics<br />library. If a user had a malicious extension installed, an attacker could<br />potentially exploit this to cause a denial of service via application<br />crash, or execute arbitrary code with the privileges of the user invoking<br />Firefox. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1509">CVE-2014-1509</a>)</p>