aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--sec_certs/config/settings.yaml2
-rw-r--r--sec_certs/model/dependency_finder.py25
-rw-r--r--sec_certs/model/dependency_vulnerability_finder.py20
-rw-r--r--tests/data/settings_test.yaml6
4 files changed, 49 insertions, 4 deletions
diff --git a/sec_certs/config/settings.yaml b/sec_certs/config/settings.yaml
index 4383b6ad..b0228238 100644
--- a/sec_certs/config/settings.yaml
+++ b/sec_certs/config/settings.yaml
@@ -29,7 +29,7 @@ cc_latest_snapshot:
value: https://seccerts.org/cc/dataset.json
cc_maintenances_latest_snapshot:
description: Url from where to fetch the latest snapshot of CC maintenance updates
- value: https://seccerts.org/static/cc_maintenances_latest_snapshot.json
+ value: https://seccerts.org/cc/maintenance_updates.json
ignore_first_page:
description: During keyword search, first page usually contains addresses - ignore it.
value: true
diff --git a/sec_certs/model/dependency_finder.py b/sec_certs/model/dependency_finder.py
index afc4db59..f04db9be 100644
--- a/sec_certs/model/dependency_finder.py
+++ b/sec_certs/model/dependency_finder.py
@@ -11,6 +11,12 @@ ReferenceLookupFunc = Callable[[Certificate], Set[str]]
class DependencyFinder:
+ """
+ The class assigns references of other certificate instances for each instance.
+ Adheres to sklearn BaseEstimator interface.
+ The fit is called on a dictionary of certificates, builds a hashmap of references, and assigns references for each certificate in the dictionary.
+ """
+
def __init__(self):
self.dependencies: Dependencies = {}
@@ -96,6 +102,13 @@ class DependencyFinder:
return referenced_by_indirect.get(cert, None)
def fit(self, certificates: Certificates, id_func: IDLookupFunc, ref_lookup_func: ReferenceLookupFunc) -> None:
+ """
+ Builds a list of references and assigns references for each certificate instance.
+ @param certificates: dictionary of certificates with hashes as key
+ @param id_func: lookup function for cert id
+ @param ref_lookup_func: lookup for references
+ @return: None
+ """
referenced_by_direct, referenced_by_indirect = DependencyFinder._build_cert_references(
certificates, id_func, ref_lookup_func
)
@@ -140,6 +153,12 @@ class DependencyFinder:
return set(res) if res else None
def predict_single_cert(self, dgst: str) -> References:
+ """
+ Method returns references object for specified certificate digest
+
+ @param dgst: certificate digest
+ @return: References object
+ """
return References(
self._get_directly_referenced_by(dgst),
self._get_indirectly_referenced_by(dgst),
@@ -148,6 +167,12 @@ class DependencyFinder:
)
def predict(self, dgst_list: List[str]) -> Dict[str, References]:
+ """
+ Method returns references for a list of certificate digests
+
+ @param dgst_list: List of certificate hashes
+ @return: Dict with certificate hash and References object.
+ """
cert_references = {}
for dgst in dgst_list:
diff --git a/sec_certs/model/dependency_vulnerability_finder.py b/sec_certs/model/dependency_vulnerability_finder.py
index 2f66f30c..27877b84 100644
--- a/sec_certs/model/dependency_vulnerability_finder.py
+++ b/sec_certs/model/dependency_vulnerability_finder.py
@@ -23,6 +23,11 @@ Vulnerabilities = Dict[str, Dict[str, Optional[Set[str]]]]
class DependencyVulnerabilityFinder:
+ """
+ The class assigns vulnerabilities to each certificate instance caused by dependencies among certificate instances.
+ Adheres to sklearn BaseEstimator interface.
+ """
+
def __init__(self):
self.vulnerabilities: Vulnerabilities = {}
self.certificates: Certificates = {}
@@ -77,6 +82,11 @@ class DependencyVulnerabilityFinder:
return vulnerabilities if vulnerabilities else None
def fit(self, certificates: Certificates) -> Vulnerabilities:
+ """
+ Method assigns each certificate vulnerabilities caused by dependencies among certificates
+ @param certificates: Dictionary of certificates with digests
+ @return: Dictionary of vulnerabilities of certificate instances
+ """
self._overwrite_previous_state(certificates)
cert_id_occurrences = self._get_dataset_cert_ids_occurrences()
@@ -106,6 +116,11 @@ class DependencyVulnerabilityFinder:
return self.vulnerabilities
def predict_single_cert(self, dgst: str) -> DependencyCVE:
+ """
+ Method returns vulnerabilities for certificate digest
+ @param dgst: Digest of certificate
+ @return: DependencyCVE object of certificate
+ """
if not self.vulnerabilities.get(dgst):
return DependencyCVE(direct_dependency_cves=None, indirect_dependency_cves=None)
@@ -115,6 +130,11 @@ class DependencyVulnerabilityFinder:
)
def predict(self, dgst_list: List[str]) -> Dict[str, DependencyCVE]:
+ """
+ Method returns vulnerabilities for a list of certificate digests
+ @param dgst_list: list of certificate digests
+ @return: Dictionary of DependencyCVE objects for specified certificate digests
+ """
cert_vulnerabilities = {}
for dgst in dgst_list:
diff --git a/tests/data/settings_test.yaml b/tests/data/settings_test.yaml
index 5815aef5..cff5a9be 100644
--- a/tests/data/settings_test.yaml
+++ b/tests/data/settings_test.yaml
@@ -24,10 +24,10 @@ cpe_n_max_matches:
value: 20
cc_latest_snapshot:
description: Url from where to fetch the latest snapshot of fully processed CC dataset
- value: https://www.ajanovsky.cz/cc_latest_snapshot.json
+ value: https://seccerts.org/cc/dataset.json
cc_maintenances_latest_snapshot:
description: Url from where to fetch the latest snapshot of CC maintenance updates
- value: https://www.ajanovsky.cz/cc_maintenances_latest_snapshot.json
+ value: https://seccerts.org/cc/maintenance_updates.json
ignore_first_page:
description: During keyword search, first page usually contains addresses - ignore it.
value: true
@@ -36,7 +36,7 @@ cert_threshold:
value: 5
fips_latest_snapshot:
description: Url for the latest snapshot of FIPS dataset
- value: https://seccerts.org/static/fips_dset_ad8734a39b856ca1a1b7b073713872359bae7545.json
+ value: https://seccerts.org/fips/dataset.json
enable_progress_bars:
description: Whether to enable pretty-printed progress bars while processing.
value: False