aboutsummaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorAdam Janovsky2023-04-15 21:16:25 +0200
committerAdam Janovsky2023-04-15 21:16:25 +0200
commit45dc9c20a98ace99a716cb706e9280eea8a2c8af (patch)
tree24702012576f2b2fcb0927d2c70f7959365fd962 /src
parentec664404af0c2497d8b5c88fadb2df9c7380738b (diff)
downloadsec-certs-45dc9c20a98ace99a716cb706e9280eea8a2c8af.tar.gz
sec-certs-45dc9c20a98ace99a716cb706e9280eea8a2c8af.tar.zst
sec-certs-45dc9c20a98ace99a716cb706e9280eea8a2c8af.zip
fix fips tests
Diffstat (limited to 'src')
-rw-r--r--src/sec_certs/dataset/cve.py36
-rw-r--r--src/sec_certs/dataset/dataset.py8
-rw-r--r--src/sec_certs/sample/cpe.py2
3 files changed, 25 insertions, 21 deletions
diff --git a/src/sec_certs/dataset/cve.py b/src/sec_certs/dataset/cve.py
index c2bc65f5..4e94a5d9 100644
--- a/src/sec_certs/dataset/cve.py
+++ b/src/sec_certs/dataset/cve.py
@@ -34,13 +34,13 @@ class CVEDataset(JSONPathDataset, ComplexSerializableType):
):
self.cves = cves
self.json_path = Path(json_path)
- self.cpe_uri_to_cve_ids_lookup: dict[str, set[str]] = {}
- self.cves_with_vulnerable_configurations: list[CVE] = []
+ self._cpe_uri_to_cve_ids_lookup: dict[str, set[str]] = {}
+ self._cves_with_vulnerable_configurations: list[CVE] = []
self.last_update_timestamp = last_update_timestamp
@property
def serialized_attributes(self) -> list[str]:
- return ["cves"]
+ return ["last_update_timestamp", "cves"]
def __iter__(self):
yield from self.cves.values()
@@ -57,6 +57,10 @@ class CVEDataset(JSONPathDataset, ComplexSerializableType):
def __eq__(self, other: object):
return isinstance(other, CVEDataset) and self.cves == other.cves
+ @property
+ def look_up_dicts_built(self) -> bool:
+ return bool(self._cpe_uri_to_cve_ids_lookup)
+
@classmethod
def from_web(cls, json_path: str | Path = constants.DUMMY_NONEXISTING_PATH) -> CVEDataset:
"""
@@ -86,13 +90,13 @@ class CVEDataset(JSONPathDataset, ComplexSerializableType):
"""
Method filters the subset of CVE dataset thah contain at least one CPE criteria configuration in the CVE.
"""
- self.cves_with_vulnerable_configurations = [cve for cve in self if cve.vulnerable_criteria_configurations]
+ self._cves_with_vulnerable_configurations = [cve for cve in self if cve.vulnerable_criteria_configurations]
def _expand_criteria_configurations(self, matching_dict: dict, relevant_cpe_uris: set[str] | None = None) -> None:
indices_to_delete = []
cve: CVE
for index, cve in enumerate(
- tqdm(self.cves_with_vulnerable_configurations, desc="Expanding and filtering criteria configurations")
+ tqdm(self._cves_with_vulnerable_configurations, desc="Expanding and filtering criteria configurations")
):
can_be_matched = []
for configuration in cve.vulnerable_criteria_configurations:
@@ -102,28 +106,28 @@ class CVEDataset(JSONPathDataset, ComplexSerializableType):
indices_to_delete.append(index)
for index in sorted(indices_to_delete, reverse=True):
- del self.cves_with_vulnerable_configurations[index]
+ del self._cves_with_vulnerable_configurations[index]
def build_lookup_dict(
self,
- cpe_match_dict: dict,
+ cpe_match_feed: dict,
limit_to_cpes: set[CPE] | None = None,
):
- self.cpe_uri_to_cve_ids_lookup = {}
+ self._cpe_uri_to_cve_ids_lookup = {}
cpe_uris_of_interest = {x.uri for x in limit_to_cpes} if limit_to_cpes else None
self._get_cves_with_criteria_configurations()
- self._expand_criteria_configurations(cpe_match_dict, cpe_uris_of_interest)
+ self._expand_criteria_configurations(cpe_match_feed, cpe_uris_of_interest)
logger.info("Building lookup dictionaries.")
cve: CVE
for cve in tqdm(self, desc="Building-up lookup dictionaries for fast CVE matching"):
vulnerable_cpe_uris: set[str] = set()
for x in cve.vulnerable_criteria:
- if x.criteria_id not in cpe_match_dict["match_strings"]:
+ if x.criteria_id not in cpe_match_feed["match_strings"]:
# This happens when there's no `matches` key in the original dict. In such case, the whole key got
# discarded. Statistically, approx. 13% of criteria match to no CPEs and are used solely as criteria.
continue
- matches = cpe_match_dict["match_strings"][x.criteria_id]["matches"]
+ matches = cpe_match_feed["match_strings"][x.criteria_id]["matches"]
vulnerable_cpe_uris = vulnerable_cpe_uris.union(x["cpeName"] for x in matches)
if (
@@ -134,20 +138,20 @@ class CVEDataset(JSONPathDataset, ComplexSerializableType):
continue
for cpe_uri in vulnerable_cpe_uris:
- if cpe_uri in self.cpe_uri_to_cve_ids_lookup:
- self.cpe_uri_to_cve_ids_lookup[cpe_uri].add(cve.cve_id)
+ if cpe_uri in self._cpe_uri_to_cve_ids_lookup:
+ self._cpe_uri_to_cve_ids_lookup[cpe_uri].add(cve.cve_id)
else:
- self.cpe_uri_to_cve_ids_lookup[cpe_uri] = {cve.cve_id}
+ self._cpe_uri_to_cve_ids_lookup[cpe_uri] = {cve.cve_id}
def _get_cves_from_exactly_matched_cpes(self, cpe_uris: set[str]) -> set[str]:
return set(
- itertools.chain.from_iterable([self.cpe_uri_to_cve_ids_lookup.get(cpe_uri, set()) for cpe_uri in cpe_uris])
+ itertools.chain.from_iterable([self._cpe_uri_to_cve_ids_lookup.get(cpe_uri, set()) for cpe_uri in cpe_uris])
)
def _get_cves_from_criteria_configurations(self, cpe_uris: set[str]) -> set[str]:
return {
cve.cve_id
- for cve in self.cves_with_vulnerable_configurations
+ for cve in self._cves_with_vulnerable_configurations
if any(configuration.matches(cpe_uris) for configuration in cve.vulnerable_criteria_configurations)
}
diff --git a/src/sec_certs/dataset/dataset.py b/src/sec_certs/dataset/dataset.py
index 4c530099..b544294e 100644
--- a/src/sec_certs/dataset/dataset.py
+++ b/src/sec_certs/dataset/dataset.py
@@ -588,10 +588,10 @@ class Dataset(Generic[CertSubType, AuxiliaryDatasetsSubType], ComplexSerializabl
if not self.auxiliary_datasets.cve_dset:
self.auxiliary_datasets.cve_dset = self._prepare_cve_dataset()
- cpe_match_dict = self._prepare_cpe_match_dict()
-
- all_cpes = self._get_all_cpes_in_dataset()
- self.auxiliary_datasets.cve_dset.build_lookup_dict(cpe_match_dict, all_cpes)
+ if not self.auxiliary_datasets.cve_dset.look_up_dicts_built:
+ cpe_match_dict = self._prepare_cpe_match_dict()
+ all_cpes = self._get_all_cpes_in_dataset()
+ self.auxiliary_datasets.cve_dset.build_lookup_dict(cpe_match_dict, all_cpes)
self.enrich_automated_cpes_with_manual_labels()
cpe_rich_certs = [x for x in cast(Iterator[Certificate], self) if x.heuristics.cpe_matches]
diff --git a/src/sec_certs/sample/cpe.py b/src/sec_certs/sample/cpe.py
index 61422330..2cc267c9 100644
--- a/src/sec_certs/sample/cpe.py
+++ b/src/sec_certs/sample/cpe.py
@@ -69,7 +69,7 @@ class CPEMatchCriteriaConfiguration(ComplexSerializableType):
raise ValueError(
"Cannot match to CPEMatchConfiguration when attribute _expanded_components was not filled-in. That attribute is prepared by `CVEDataset.build_lookup_dict()`."
)
- return all(any(x in component for x in cpe_ids) for component in self.components)
+ return all(any(x in component for x in cpe_ids) for component in self._expanded_components)
@property
def serialized_attributes(self) -> list[str]: