From 5c74bf67ff591f9c5fd5909114f51e4331ef4d0d Mon Sep 17 00:00:00 2001 From: Lucas Moura Date: Wed, 5 Feb 2025 16:01:01 -0300 Subject: [PATCH] api: hide cves fields that are only usefull on cli We are now hiding some fields that are only usefull when we are writing our CLI related CVE features --- features/api/cves.feature | 112 +++---------------------- uaclient/api/u/pro/security/cves/v1.py | 46 ++-------- 2 files changed, 19 insertions(+), 139 deletions(-) diff --git a/features/api/cves.feature b/features/api/cves.feature index 1a84e52f1a..252470cfa7 100644 --- a/features/api/cves.feature +++ b/features/api/cves.feature @@ -43,7 +43,6 @@ Feature: Client behaviour for CVE vulnerabilities API """ { "attributes": { - "apt_updated_at": ".*", "cves": { "CVE-2012-6655": { "cvss_score": 3.3, @@ -51,16 +50,7 @@ Feature: Client behaviour for CVE vulnerabilities API "description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.", "notes": [], "priority": "low", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6687-1", - "title": "" - } - ] + "published_at": ".*" }, "CVE-2019-18276": { "cvss_score": 7.8, @@ -70,16 +60,7 @@ Feature: Client behaviour for CVE vulnerabilities API "sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla" ], "priority": "low", - "published_at": ".*", - "related_packages": [ - "bash" - ], - "related_usns": [ - { - "name": "USN-5380-1", - "title": "Bash vulnerability" - } - ] + "published_at": ".*" }, "CVE-2023-3297": { "cvss_score": 8.1, @@ -90,20 +71,7 @@ Feature: Client behaviour for CVE vulnerabilities API "eslerm> CWE-416" ], "priority": "medium", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6190-1", - "title": "" - }, - { - "name": "USN-6190-2", - "title": "AccountsService vulnerability" - } - ] + "published_at": ".*" } }, "packages": { @@ -152,8 +120,7 @@ Feature: Client behaviour for CVE vulnerabilities API } ] } - }, - "vulnerability_data_published_at": ".*" + } }, "meta": { "environment_vars": [] @@ -166,7 +133,6 @@ Feature: Client behaviour for CVE vulnerabilities API """ { "attributes": { - "apt_updated_at": ".*", "cves": { "CVE-2012-6655": { "cvss_score": 3.3, @@ -174,16 +140,7 @@ Feature: Client behaviour for CVE vulnerabilities API "description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.", "notes": [], "priority": "low", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6687-1", - "title": "" - } - ] + "published_at": ".*" } }, "packages": { @@ -209,8 +166,7 @@ Feature: Client behaviour for CVE vulnerabilities API } ] } - }, - "vulnerability_data_published_at": ".*" + } }, "meta": { "environment_vars": [] @@ -223,7 +179,6 @@ Feature: Client behaviour for CVE vulnerabilities API """ { "attributes": { - "apt_updated_at": ".*", "cves": { "CVE-2019-18276": { "cvss_score": 7.8, @@ -233,16 +188,7 @@ Feature: Client behaviour for CVE vulnerabilities API "sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla" ], "priority": "low", - "published_at": ".*", - "related_packages": [ - "bash" - ], - "related_usns": [ - { - "name": "USN-5380-1", - "title": "Bash vulnerability" - } - ] + "published_at": ".*" }, "CVE-2023-3297": { "cvss_score": 8.1, @@ -253,20 +199,7 @@ Feature: Client behaviour for CVE vulnerabilities API "eslerm> CWE-416" ], "priority": "medium", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6190-1", - "title": "" - }, - { - "name": "USN-6190-2", - "title": "AccountsService vulnerability" - } - ] + "published_at": ".*" } }, "packages": { @@ -303,8 +236,7 @@ Feature: Client behaviour for CVE vulnerabilities API } ] } - }, - "vulnerability_data_published_at": ".*" + } }, "meta": { "environment_vars": [] @@ -318,7 +250,6 @@ Feature: Client behaviour for CVE vulnerabilities API """ { "attributes": { - "apt_updated_at": ".*", "cves": { "CVE-2012-6655": { "cvss_score": 3.3, @@ -326,16 +257,7 @@ Feature: Client behaviour for CVE vulnerabilities API "description": "An issue exists AccountService 0.6.37 in the\nuser_change_password_authorized_cb() function in user.c which could let a\nlocal users obtain encrypted passwords.", "notes": [], "priority": "low", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6687-1", - "title": "" - } - ] + "published_at": ".*" }, "CVE-2019-18276": { "cvss_score": 7.8, @@ -345,16 +267,7 @@ Feature: Client behaviour for CVE vulnerabilities API "sbeattie> This issue appears to only affect bash when bash is\nsetuid. Ubuntu does not ship with bash setuid, so this has minimal\nimpact for Ubuntu users. This is why we have rated the priority\nfor this issue 'low'.\nreproducer steps in the suse bugzilla" ], "priority": "low", - "published_at": ".*", - "related_packages": [ - "bash" - ], - "related_usns": [ - { - "name": "USN-5380-1", - "title": "Bash vulnerability" - } - ] + "published_at": ".*" } }, "packages": { @@ -391,8 +304,7 @@ Feature: Client behaviour for CVE vulnerabilities API } ] } - }, - "vulnerability_data_published_at": ".*" + } }, "meta": { "environment_vars": [] diff --git a/uaclient/api/u/pro/security/cves/v1.py b/uaclient/api/u/pro/security/cves/v1.py index fd1cb696d5..0876a75296 100644 --- a/uaclient/api/u/pro/security/cves/v1.py +++ b/uaclient/api/u/pro/security/cves/v1.py @@ -160,18 +160,6 @@ class CVEInfo(DataObject): False, doc="The CVE cvss severity", ), - Field( - "related_usns", - data_list(RelatedUSN), - False, - doc="A list of related USNs to the CVE", - ), - Field( - "related_packages", - data_list(StringDataValue), - False, - doc="A list of related packages to the CVE", - ), ] def __init__( @@ -192,6 +180,9 @@ def __init__( self.notes = notes self.cvss_score = cvss_score self.cvss_severity = cvss_severity + # These fields do not appear on the Fields list + # because we want to access them in the CLI, but + # not output them in the API self.related_usns = related_usns self.related_packages = related_packages @@ -208,17 +199,6 @@ class PackageVulnerabilitiesResult(DataObject, AdditionalInfo): data_dict(value_cls=CVEInfo), doc="A list of CVEs that affect the system", ), - Field( - "vulnerability_data_published_at", - DatetimeDataValue, - doc="The date the JSON vulnerability data was published at", - ), - Field( - "apt_updated_at", - DatetimeDataValue, - False, - doc="The date of the last apt update operation in the system", - ), ] def __init__( @@ -226,6 +206,9 @@ def __init__( *, packages: Dict[str, AffectedPackage], cves: Dict[str, CVEInfo], + # These fields do not appear on the Fields list + # because we want to access them in the CLI, but + # not output them in the API vulnerability_data_published_at: datetime.datetime, apt_updated_at: Optional[datetime.datetime] = None ): @@ -404,7 +387,6 @@ def _vulnerabilities( "example_cli": "pro api u.pro.security.vulnerabilities.cve.v1", "example_json": """ { - "apt_updated_at": "2024-07-26T20:53:55.708438+00:00", "cves": { "CVE-2023-5678": { "cvss_score": 8.1, @@ -414,20 +396,7 @@ def _vulnerabilities( "note example", ], "priority": "medium", - "published_at": ".*", - "related_packages": [ - "accountsservice" - ], - "related_usns": [ - { - "name": "USN-6190-1", - "title": "" - }, - { - "name": "USN-6190-2", - "title": "AccountsService vulnerability" - } - ] + "published_at": ".*" } }, "packages": { @@ -454,7 +423,6 @@ def _vulnerabilities( ] } }, - "vulnerability_data_published_at": "2024-07-26T20:53:55.708438+00:00" } """, }