Skip to content

Commit

Permalink
api: hide cves fields that are only usefull on cli
Browse files Browse the repository at this point in the history 
We are now hiding some fields that are only usefull when
we are writing our CLI related CVE features
  • Loading branch information
@lucasmoura
lucasmoura committed Feb 6, 2025
1 parent e20af99 commit 5c74bf6
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 139 deletions.
112 changes: 12 additions & 100 deletions features/api/cves.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,24 +43,14 @@ Feature: Client behaviour for CVE vulnerabilities API
"""
{
"attributes": {
"apt_updated_at": ".*",
"cves": {
"CVE-2012-6655": {
"cvss_score": 3.3,
"cvss_severity": "low",
"description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.",
"notes": [],
"priority": "low",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6687-1",
"title": ""
}
]
"published_at": ".*"
},
"CVE-2019-18276": {
"cvss_score": 7.8,
Expand All @@ -70,16 +60,7 @@ Feature: Client behaviour for CVE vulnerabilities API
"sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla"
],
"priority": "low",
"published_at": ".*",
"related_packages": [
"bash"
],
"related_usns": [
{
"name": "USN-5380-1",
"title": "Bash vulnerability"
}
]
"published_at": ".*"
},
"CVE-2023-3297": {
"cvss_score": 8.1,
Expand All @@ -90,20 +71,7 @@ Feature: Client behaviour for CVE vulnerabilities API
"eslerm> CWE-416"
],
"priority": "medium",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6190-1",
"title": ""
},
{
"name": "USN-6190-2",
"title": "AccountsService vulnerability"
}
]
"published_at": ".*"
}
},
"packages": {
Expand Down Expand Up @@ -152,8 +120,7 @@ Feature: Client behaviour for CVE vulnerabilities API
}
]
}
},
"vulnerability_data_published_at": ".*"
}
},
"meta": {
"environment_vars": []
Expand All @@ -166,24 +133,14 @@ Feature: Client behaviour for CVE vulnerabilities API
"""
{
"attributes": {
"apt_updated_at": ".*",
"cves": {
"CVE-2012-6655": {
"cvss_score": 3.3,
"cvss_severity": "low",
"description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.",
"notes": [],
"priority": "low",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6687-1",
"title": ""
}
]
"published_at": ".*"
}
},
"packages": {
Expand All @@ -209,8 +166,7 @@ Feature: Client behaviour for CVE vulnerabilities API
}
]
}
},
"vulnerability_data_published_at": ".*"
}
},
"meta": {
"environment_vars": []
Expand All @@ -223,7 +179,6 @@ Feature: Client behaviour for CVE vulnerabilities API
"""
{
"attributes": {
"apt_updated_at": ".*",
"cves": {
"CVE-2019-18276": {
"cvss_score": 7.8,
Expand All @@ -233,16 +188,7 @@ Feature: Client behaviour for CVE vulnerabilities API
"sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla"
],
"priority": "low",
"published_at": ".*",
"related_packages": [
"bash"
],
"related_usns": [
{
"name": "USN-5380-1",
"title": "Bash vulnerability"
}
]
"published_at": ".*"
},
"CVE-2023-3297": {
"cvss_score": 8.1,
Expand All @@ -253,20 +199,7 @@ Feature: Client behaviour for CVE vulnerabilities API
"eslerm> CWE-416"
],
"priority": "medium",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6190-1",
"title": ""
},
{
"name": "USN-6190-2",
"title": "AccountsService vulnerability"
}
]
"published_at": ".*"
}
},
"packages": {
Expand Down Expand Up @@ -303,8 +236,7 @@ Feature: Client behaviour for CVE vulnerabilities API
}
]
}
},
"vulnerability_data_published_at": ".*"
}
},
"meta": {
"environment_vars": []
Expand All @@ -318,24 +250,14 @@ Feature: Client behaviour for CVE vulnerabilities API
"""
{
"attributes": {
"apt_updated_at": ".*",
"cves": {
"CVE-2012-6655": {
"cvss_score": 3.3,
"cvss_severity": "low",
"description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.",
"notes": [],
"priority": "low",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6687-1",
"title": ""
}
]
"published_at": ".*"
},
"CVE-2019-18276": {
"cvss_score": 7.8,
Expand All @@ -345,16 +267,7 @@ Feature: Client behaviour for CVE vulnerabilities API
"sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla"
],
"priority": "low",
"published_at": ".*",
"related_packages": [
"bash"
],
"related_usns": [
{
"name": "USN-5380-1",
"title": "Bash vulnerability"
}
]
"published_at": ".*"
}
},
"packages": {
Expand Down Expand Up @@ -391,8 +304,7 @@ Feature: Client behaviour for CVE vulnerabilities API
}
]
}
},
"vulnerability_data_published_at": ".*"
}
},
"meta": {
"environment_vars": []
Expand Down
46 changes: 7 additions & 39 deletions uaclient/api/u/pro/security/cves/v1.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,18 +160,6 @@ class CVEInfo(DataObject):
False,
doc="The CVE cvss severity",
),
Field(
"related_usns",
data_list(RelatedUSN),
False,
doc="A list of related USNs to the CVE",
),
Field(
"related_packages",
data_list(StringDataValue),
False,
doc="A list of related packages to the CVE",
),
]

def __init__(
Expand All @@ -192,6 +180,9 @@ def __init__(
self.notes = notes
self.cvss_score = cvss_score
self.cvss_severity = cvss_severity
# These fields do not appear on the Fields list
# because we want to access them in the CLI, but
# not output them in the API
self.related_usns = related_usns
self.related_packages = related_packages

Expand All @@ -208,24 +199,16 @@ class PackageVulnerabilitiesResult(DataObject, AdditionalInfo):
data_dict(value_cls=CVEInfo),
doc="A list of CVEs that affect the system",
),
Field(
"vulnerability_data_published_at",
DatetimeDataValue,
doc="The date the JSON vulnerability data was published at",
),
Field(
"apt_updated_at",
DatetimeDataValue,
False,
doc="The date of the last apt update operation in the system",
),
]

def __init__(
self,
*,
packages: Dict[str, AffectedPackage],
cves: Dict[str, CVEInfo],
# These fields do not appear on the Fields list
# because we want to access them in the CLI, but
# not output them in the API
vulnerability_data_published_at: datetime.datetime,
apt_updated_at: Optional[datetime.datetime] = None
):
Expand Down Expand Up @@ -404,7 +387,6 @@ def _vulnerabilities(
"example_cli": "pro api u.pro.security.vulnerabilities.cve.v1",
"example_json": """
{
"apt_updated_at": "2024-07-26T20:53:55.708438+00:00",
"cves": {
"CVE-2023-5678": {
"cvss_score": 8.1,
Expand All @@ -414,20 +396,7 @@ def _vulnerabilities(
"note example",
],
"priority": "medium",
"published_at": ".*",
"related_packages": [
"accountsservice"
],
"related_usns": [
{
"name": "USN-6190-1",
"title": ""
},
{
"name": "USN-6190-2",
"title": "AccountsService vulnerability"
}
]
"published_at": ".*"
}
},
"packages": {
Expand All @@ -454,7 +423,6 @@ def _vulnerabilities(
]
}
},
"vulnerability_data_published_at": "2024-07-26T20:53:55.708438+00:00"
}
""",
}

0 comments on commit 5c74bf6

Please sign in to comment.