晋太元中,武陵人捕鱼为业。缘溪行,忘路之远近。忽逢桃花林,夹岸数百步,中无杂树,芳草鲜美,落英缤纷。渔人甚异之,复前行,欲穷其林。   林尽水源,便得一山,山有小口,仿佛若有光。便舍船,从口入。初极狭,才通人。复行数十步,豁然开朗。土地平旷,屋舍俨然,有良田、美池、桑竹之属。阡陌交通,鸡犬相闻。其中往来种作,男女衣着,悉如外人。黄发垂髫,并怡然自乐。   见渔人,乃大惊,问所从来。具答之。便要还家,设酒杀鸡作食。村中闻有此人,咸来问讯。自云先世避秦时乱,率妻子邑人来此绝境,不复出焉,遂与外人间隔。问今是何世,乃不知有汉,无论魏晋。此人一一为具言所闻,皆叹惋。余人各复延至其家,皆出酒食。停数日,辞去。此中人语云:“不足为外人道也。”(间隔 一作:隔绝)   既出,得其船,便扶向路,处处志之。及郡下,诣太守,说如此。太守即遣人随其往,寻向所志,遂迷,不复得路。   南阳刘子骥,高尚士也,闻之,欣然规往。未果,寻病终。后遂无问津者。 sh-3ll

HOME


sh-3ll 1.0
DIR:/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/api/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/api/vulnerability.py
"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
import logging
from collections import defaultdict
from typing import Iterable
from urllib.parse import urljoin
from urllib.request import Request

from defence360agent.api.server import API, APIError
from defence360agent.internals.iaid import (
    IAIDTokenError,
    IndependentAgentIDAPI,
)

logger = logging.getLogger(__name__)


class VulnerabilityAPI(API):
    URL = urljoin(API._BASE_URL, "/api/patch/vulnerabilities")
    _STUB_VULNERABILITY_INFO = {
        "cveId": "",
        "app": "",
        "type": "",
        "name": "",
        "severity": "",
    }

    @classmethod
    async def get_details(cls, ids: Iterable) -> dict:
        """
        Get vulnerabilities details for specific *ids*.
        More details in DEF-32152
        """
        info = defaultdict(cls._STUB_VULNERABILITY_INFO.copy)
        if not ids:
            return info

        try:
            token = await IndependentAgentIDAPI.get_token()
        except IAIDTokenError as exc:
            logger.error(
                "Can't get iaid token: %s. "
                "Return default vulnerabilities details.",
                exc,
            )
            return info

        url = cls.URL + f"?ids={','.join(ids)}"
        request = Request(
            url,
            headers={"X-Auth": token, "Content-Type": "application/json"},
        )
        try:
            result = await cls.async_request(request)
        except APIError as exc:
            logger.error(
                "Failed to get vulnerabilities details: %s. "
                "Return default vulnerabilities details.",
                exc,
            )
            return info

        info.update(normalize_vulnerabilities(result["vulnerabilities"]))
        return info


def normalize_vulnerabilities(
    vulnerabilities: dict[str, dict[str, str]],
) -> dict[str, dict[str, str]]:
    """
    Normalize vulnerabilities data.
    """
    return {
        _id: normalize_vulnerability(vulnerability)
        for _id, vulnerability in vulnerabilities.items()
    }


def normalize_vulnerability(vulnerability: dict[str, str]) -> dict[str, str]:
    """
    Normalize vulnerability data.
    """
    return {
        "cveId": vulnerability.get("cveId", ""),
        "app": vulnerability.get("app", ""),
        "type": vulnerability.get("type", ""),
        "name": vulnerability.get("name", ""),
        "severity": vulnerability.get("severity", "").upper(),
    }