diff options
| -rw-r--r-- | sec_certs/config/settings.yaml | 2 | ||||
| -rw-r--r-- | sec_certs/model/dependency_finder.py | 25 | ||||
| -rw-r--r-- | sec_certs/model/dependency_vulnerability_finder.py | 20 | ||||
| -rw-r--r-- | tests/data/settings_test.yaml | 6 |
4 files changed, 49 insertions, 4 deletions
diff --git a/sec_certs/config/settings.yaml b/sec_certs/config/settings.yaml index 4383b6ad..b0228238 100644 --- a/sec_certs/config/settings.yaml +++ b/sec_certs/config/settings.yaml @@ -29,7 +29,7 @@ cc_latest_snapshot: value: https://seccerts.org/cc/dataset.json cc_maintenances_latest_snapshot: description: Url from where to fetch the latest snapshot of CC maintenance updates - value: https://seccerts.org/static/cc_maintenances_latest_snapshot.json + value: https://seccerts.org/cc/maintenance_updates.json ignore_first_page: description: During keyword search, first page usually contains addresses - ignore it. value: true diff --git a/sec_certs/model/dependency_finder.py b/sec_certs/model/dependency_finder.py index afc4db59..f04db9be 100644 --- a/sec_certs/model/dependency_finder.py +++ b/sec_certs/model/dependency_finder.py @@ -11,6 +11,12 @@ ReferenceLookupFunc = Callable[[Certificate], Set[str]] class DependencyFinder: + """ + The class assigns references of other certificate instances for each instance. + Adheres to sklearn BaseEstimator interface. + The fit is called on a dictionary of certificates, builds a hashmap of references, and assigns references for each certificate in the dictionary. + """ + def __init__(self): self.dependencies: Dependencies = {} @@ -96,6 +102,13 @@ class DependencyFinder: return referenced_by_indirect.get(cert, None) def fit(self, certificates: Certificates, id_func: IDLookupFunc, ref_lookup_func: ReferenceLookupFunc) -> None: + """ + Builds a list of references and assigns references for each certificate instance. + @param certificates: dictionary of certificates with hashes as key + @param id_func: lookup function for cert id + @param ref_lookup_func: lookup for references + @return: None + """ referenced_by_direct, referenced_by_indirect = DependencyFinder._build_cert_references( certificates, id_func, ref_lookup_func ) @@ -140,6 +153,12 @@ class DependencyFinder: return set(res) if res else None def predict_single_cert(self, dgst: str) -> References: + """ + Method returns references object for specified certificate digest + + @param dgst: certificate digest + @return: References object + """ return References( self._get_directly_referenced_by(dgst), self._get_indirectly_referenced_by(dgst), @@ -148,6 +167,12 @@ class DependencyFinder: ) def predict(self, dgst_list: List[str]) -> Dict[str, References]: + """ + Method returns references for a list of certificate digests + + @param dgst_list: List of certificate hashes + @return: Dict with certificate hash and References object. + """ cert_references = {} for dgst in dgst_list: diff --git a/sec_certs/model/dependency_vulnerability_finder.py b/sec_certs/model/dependency_vulnerability_finder.py index 2f66f30c..27877b84 100644 --- a/sec_certs/model/dependency_vulnerability_finder.py +++ b/sec_certs/model/dependency_vulnerability_finder.py @@ -23,6 +23,11 @@ Vulnerabilities = Dict[str, Dict[str, Optional[Set[str]]]] class DependencyVulnerabilityFinder: + """ + The class assigns vulnerabilities to each certificate instance caused by dependencies among certificate instances. + Adheres to sklearn BaseEstimator interface. + """ + def __init__(self): self.vulnerabilities: Vulnerabilities = {} self.certificates: Certificates = {} @@ -77,6 +82,11 @@ class DependencyVulnerabilityFinder: return vulnerabilities if vulnerabilities else None def fit(self, certificates: Certificates) -> Vulnerabilities: + """ + Method assigns each certificate vulnerabilities caused by dependencies among certificates + @param certificates: Dictionary of certificates with digests + @return: Dictionary of vulnerabilities of certificate instances + """ self._overwrite_previous_state(certificates) cert_id_occurrences = self._get_dataset_cert_ids_occurrences() @@ -106,6 +116,11 @@ class DependencyVulnerabilityFinder: return self.vulnerabilities def predict_single_cert(self, dgst: str) -> DependencyCVE: + """ + Method returns vulnerabilities for certificate digest + @param dgst: Digest of certificate + @return: DependencyCVE object of certificate + """ if not self.vulnerabilities.get(dgst): return DependencyCVE(direct_dependency_cves=None, indirect_dependency_cves=None) @@ -115,6 +130,11 @@ class DependencyVulnerabilityFinder: ) def predict(self, dgst_list: List[str]) -> Dict[str, DependencyCVE]: + """ + Method returns vulnerabilities for a list of certificate digests + @param dgst_list: list of certificate digests + @return: Dictionary of DependencyCVE objects for specified certificate digests + """ cert_vulnerabilities = {} for dgst in dgst_list: diff --git a/tests/data/settings_test.yaml b/tests/data/settings_test.yaml index 5815aef5..cff5a9be 100644 --- a/tests/data/settings_test.yaml +++ b/tests/data/settings_test.yaml @@ -24,10 +24,10 @@ cpe_n_max_matches: value: 20 cc_latest_snapshot: description: Url from where to fetch the latest snapshot of fully processed CC dataset - value: https://www.ajanovsky.cz/cc_latest_snapshot.json + value: https://seccerts.org/cc/dataset.json cc_maintenances_latest_snapshot: description: Url from where to fetch the latest snapshot of CC maintenance updates - value: https://www.ajanovsky.cz/cc_maintenances_latest_snapshot.json + value: https://seccerts.org/cc/maintenance_updates.json ignore_first_page: description: During keyword search, first page usually contains addresses - ignore it. value: true @@ -36,7 +36,7 @@ cert_threshold: value: 5 fips_latest_snapshot: description: Url for the latest snapshot of FIPS dataset - value: https://seccerts.org/static/fips_dset_ad8734a39b856ca1a1b7b073713872359bae7545.json + value: https://seccerts.org/fips/dataset.json enable_progress_bars: description: Whether to enable pretty-printed progress bars while processing. value: False |
