Add db for version maps (#76)

intel · Feb 26, 2019 · 670808d · 670808d
1 parent f84a5be
commit 670808d
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 107 deletions.
diff --git a/cve_bin_tool/NVDAutoUpdate.py b/cve_bin_tool/NVDAutoUpdate.py
@@ -273,4 +273,4 @@ def get_cves(self, *vendor_product_pairs):
 
     def get_cvelist_if_stale(self):
         """ Update CVEs data from NVD if stale."""
-        get_cvelist_if_stale(self.nvddir, self.dbname)
+        get_cvelist_if_stale(self.nvddir, self.dbname)
diff --git a/cve_bin_tool/VersionSignature.py b/cve_bin_tool/VersionSignature.py
@@ -0,0 +1,79 @@
+import os
+import sqlite3
+import datetime
+
+DISK_LOCATION_DEFAULT = os.path.join(os.path.expanduser('~'), '.cache',
+                                     'cve-bin-tool')
+
+class VersionSignatureDb:
+    """ Methods for version signature data stored in sqlite """
+    def __init__(self, table_name, mapping_function, duration):
+        """ Set location on disk data cache will reside.
+            Also sets the table name and refresh duration
+        """
+        self.table_name = table_name
+        self.mapping_function = mapping_function
+        self.disk_location = DISK_LOCATION_DEFAULT
+        self.duration = duration
+        self.conn = None
+        self.cursor = None
+
+    @property
+    def dbname(self):
+        """ SQLite datebase file where the data is stored."""
+        return os.path.join(self.disk_location, 'version_map.db')
+
+    def open(self):
+        """ Opens connection to sqlite database."""
+        self.conn = sqlite3.connect(self.dbname)
+        self.cursor = self.conn.cursor()
+
+    def close(self):
+        """ Closes connection to sqlite database."""
+        self.cursor.close()
+        self.conn.close()
+        self.conn = None
+        self.cursor = None
+
+    def __enter__(self):
+        """ Opens connection to sqlite database."""
+        self.open()
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        """ Closes connection to sqlite database."""
+        self.close()
+
+    def get_mapping_data(self):
+        """
+        Returns a version map associated with the specified checker. Also takes care of updating
+        the data after the specified refresh duration
+        """
+        self.cursor.execute(
+            'CREATE TABLE IF NOT EXISTS {}(version TEXT , sourceId TEXT PRIMARY KEY)'.format(self.table_name))
+        # fetch first entry
+        entry = self.cursor.execute('SELECT * FROM {}'.format(self.table_name)).fetchone()
+        update_required = False
+        if entry is not None:
+            # Check if update is required
+            # Updates if the difference between current time and the time of latest release is greater than duration
+            cur_time = datetime.datetime.now().replace(microsecond=0)
+            time_fields = entry[1].split()
+            year_data = time_fields[0].split('-')
+            time_data = time_fields[1].split(':')
+            yy, mm, dd = int(year_data[0]), int(year_data[1]), int(year_data[2])
+            H, M, S = int(time_data[0]), int(time_data[1]), int(time_data[2])
+            last_release = datetime.datetime(yy, mm, dd, H, M, S)
+            time_elapsed = str(cur_time - last_release)
+            if int(time_elapsed.split()[0]) >= self.duration:
+                update_required = True
+
+        if entry is None or update_required:
+            # if update is required or database is empty, fetch and insert data into database
+            self.cursor.execute('DELETE FROM {}'.format(self.table_name))
+            for mapping in self.mapping_function():
+                self.cursor.execute('INSERT INTO {} (version, sourceId) VALUES (?, ?)'.format(self.table_name),
+                                    (mapping[0], mapping[1]))
+
+        data = self.cursor.execute('SELECT * FROM {}'.format(self.table_name)).fetchall()
+        self.conn.commit()
+        return data
diff --git a/cve_bin_tool/checkers/sqlite.py b/cve_bin_tool/checkers/sqlite.py
@@ -16,125 +16,28 @@
     import urllib as request
     import urllib as error
 import re
+from cve_bin_tool.VersionSignature import VersionSignatureDb
 
-# FIXME: We could do this every time but should cache it somehow.
-# For initial testing, I'm running once and keeping a data structure
-# version_map = get_version_map()
-VERSION_MAP = [
-    ["3.27.1", "2019-02-08 13:17:39 0eca3dd3d38b31c92b49ca2d311128b74584714d9e7de895b1a6286ef959a1dd"],
-    ["3.27.0", "2019-02-07 17:02:52 97744701c3bd414e6c9d7182639d8c2ce7cf124c4fce625071ae65658ac61713"],
-    ["3.26.0", "2018-12-01 12:34:55 bf8c1b2b7a5960c282e543b9c293686dccff272512d08865f4600fb58238b4f9"],
-    ["3.25.3", "2018-11-05 20:37:38 89e099fbe5e13c33e683bef07361231ca525b88f7907be7092058007b75036f2"],
-    ["3.25.2", "2018-09-25 19:08:10 fb90e7189ae6d62e77ba3a308ca5d683f90bbe633cf681865365b8e92792d1c7"],
-    ["3.25.1", "2018-09-18 20:20:44 2ac9003de44da7dafa3fbb1915ac5725a9275c86bf2f3b7aa19321bf1460b386"],
-    ["3.25.0", "2018-09-15 04:01:47 b63af6c3bd33152742648d5d2e8dc5d5fcbcdd27df409272b6aea00a6f761760"],
-    ["3.24.0", "2018-06-04 19:24:41 c7ee0833225bfd8c5ec2f9bf62b97c4e04d03bd9566366d5221ac8fb199a87ca"],
-    ["3.23.1", "2018-04-10 17:39:29 4bb2294022060e61de7da5c227a69ccd846ba330e31626ebcd59a94efd148b3b"],
-    ["3.23.0", "2018-04-02 11:04:16 736b53f57f70b23172c30880186dce7ad9baa3b74e3838cae5847cffb98f5cd2"],
-    ["3.22.0", "2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d"],
-    ["3.21.0", "2017-10-24 18:55:49 1a584e499906b5c87ec7d43d4abce641fdf017c42125b083109bc77c4de48827"],
-    ["3.20.1", "2017-08-24 16:21:36 8d3a7ea6c5690d6b7c3767558f4f01b511c55463e3f9e64506801fe9b74dce34"],
-    ["3.20.0", "2017-08-01 13:24:15 9501e22dfeebdcefa783575e47c60b514d7c2e0cad73b2a496c0bc4b680900a8"],
-    ["3.18.2", "2017-06-17 09:59:36 036ebf729e4b21035d7f4f8e35a6f705e6bf99887889e2dc14ebf2242e7930dd"],
-    ["3.18.1", "2017-06-16 13:41:15 77bb46233db03a3338bacf7e56f439be3dfd1926ea0c44d252eeafa7a7b31c06"],
-    ["3.19.3", "2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b"],
-    ["3.19.2", "2017-05-25 16:50:27 edb4e819b0c058c7d74d27ebd14cc5ceb2bad6a6144a486a970182b7afe3f8b9"],
-    ["3.19.1", "2017-05-24 13:08:33 f6d7b988f40217821a382bc298180e9e6794f3ed79a83c6ef5cae048989b3f86"],
-    ["3.19.0", "2017-05-22 13:58:13 28a94eb282822cad1d1420f2dad6bf65e4b8b9062eda4a0b9ee8270b2c608e40"],
-    ["3.18.0", "2017-03-28 18:48:43 424a0d380332858ee55bdebc4af3789f74e70a2b3ba1cf29d84b9b4bcf3e2e37"],
-    ["3.17.0", "2017-02-13 16:02:40 ada05cfa86ad7f5645450ac7a2a21c9aa6e57d2c"],
-    ["3.16.2", "2017-01-06 16:32:41 a65a62893ca8319e89e48b8a38cf8a59c69a8209"],
-    ["3.16.1", "2017-01-03 18:27:03 979f04392853b8053817a3eea2fc679947b437fd"],
-    ["3.16.0", "2017-01-02 11:57:58 04ac0b75b1716541b2b97704f4809cb7ef19cccf"],
-    ["3.15.2", "2016-11-28 19:13:37 bbd85d235f7037c6a033a9690534391ffeacecc8"],
-    ["3.15.1", "2016-11-04 12:08:49 1136863c76576110e710dd5d69ab6bf347c65e36"],
-    ["3.15.0", "2016-10-14 10:20:30 707875582fcba352b4906a595ad89198d84711d8"],
-    ["3.14.2", "2016-09-12 18:50:49 29dbef4b8585f753861a36d6dd102ca634197bd6"],
-    ["3.14.1", "2016-08-11 18:53:32 a12d8059770df4bca59e321c266410344242bf7b"],
-    ["3.14", "2016-08-08 13:40:27 d5e98057028abcf7217d0d2b2e29bbbcdf09d6de"],
-    ["3.13.0", "2016-05-18 10:57:30 fc49f556e48970561d7ab6a2f24fdd7d9eb81ff2"],
-    ["3.12.2", "2016-04-18 17:30:31 92dc59fd5ad66f646666042eb04195e3a61a9e8e"],
-    ["3.12.1", "2016-04-08 15:09:49 fe7d3b75fe1bde41511b323925af8ae1b910bc4d"],
-    ["3.12.0", "2016-03-29 10:14:15 e9bb4cf40f4971974a74468ef922bdee481c988b"],
-    ["3.11.1", "2016-03-03 16:17:53 f047920ce16971e573bc6ec9a48b118c9de2b3a7"],
-    ["3.11.0", "2016-02-15 17:29:24 3d862f207e3adc00f78066799ac5a8c282430a5f"],
-    ["3.10.2", "2016-01-20 15:27:19 17efb4209f97fb4971656086b138599a91a75ff9"],
-    ["3.10.1", "2016-01-13 21:41:56 254419c36766225ca542ae873ed38255e3fb8588"],
-    ["3.10.0", "2016-01-06 11:01:07 fd0a50f0797d154fefff724624f00548b5320566"],
-    ["3.9.2", "2015-11-02 18:31:45 bda77dda9697c463c3d0704014d51627fceee328"],
-    ["3.9.1", "2015-10-16 17:31:12 767c1727fec4ce11b83f25b3f1bfcfe68a2c8b02"],
-    ["3.9.0", "2015-10-14 12:29:53 a721fc0d89495518fe5612e2e3bbc60befd2e90d"],
-    ["3.8.11.1", "2015-07-29 20:00:57 cf538e2783e468bbc25e7cb2a9ee64d3e0e80b2f"],
-    ["3.8.11", "2015-07-27 13:49:41 b8e92227a469de677a66da62e4361f099c0b79d0"],
-    ["3.8.10.2", "2015-05-20 18:17:19 2ef4f3a5b1d1d0c4338f8243d40a2452cc1f7fe4"],
-    ["3.8.10.1", "2015-05-09 12:14:55 05b4b1f2a937c06c90db70c09890038f6c98ec40"],
-    ["3.8.10", "2015-05-07 11:53:08 cf975957b9ae671f34bb65f049acf351e650d437"],
-    ["3.8.9", "2015-04-08 12:16:33 8a8ffc862e96f57aa698f93de10dee28e69f6e09"],
-    ["3.8.8.3", "2015-02-25 13:29:11 9d6c1880fb75660bbabd693175579529785f8a6b"],
-    ["3.8.8.2", "2015-01-30 14:30:45 7757fc721220e136620a89c9d28247f28bbbc098"],
-    ["3.8.8.1", "2015-01-20 16:51:25 f73337e3e289915a76ca96e7a05a1a8d4e890d55"],
-    ["3.8.8", "2015-01-16 12:08:06 7d68a42face3ab14ed88407d4331872f5b243fdf"],
-    ["3.8.7.4", "2014-12-09 01:34:36 f66f7a17b78ba617acde90fc810107f34f1a1f2e"],
-    ["3.8.7.3", "2014-12-05 22:29:24 647e77e853e81a5effeb4c33477910400a67ba86"],
-    ["3.8.7.2", "2014-11-18 20:57:56 2ab564bf9655b7c7b97ab85cafc8a48329b27f93"],
-    ["3.8.7.1", "2014-10-29 13:59:56 3b7b72c4685aa5cf5e675c2c47ebec10d9704221"],
-    ["3.8.7", "2014-10-17 11:24:17 e4ab094f8afce0817f4074e823fabe59fc29ebb4"],
-    ["3.8.6", "2014-08-15 11:46:33 9491ba7d738528f168657adb43a198238abde19e"],
-    ["3.8.5", "2014-06-04 14:06:34 b1ed4f2a34ba66c29b130f8d13e9092758019212"],
-    ["3.8.4.3", "2014-04-03 16:53:12 a611fa96c4a848614efe899130359c9f6fb889c3"],
-    ["3.8.4.2", "2014-03-26 18:51:19 02ea166372bdb2ef9d8dfbb05e78a97609673a8e"],
-    ["3.8.4.1", "2014-03-11 15:27:36 018d317b1257ce68a92908b05c9c7cf1494050d0"],
-    ["3.8.4", "2014-03-10 12:20:37 530a1ee7dc2435f80960ce4710a3c2d2bfaaccc5"],
-    ["3.8.3.1", "2014-02-11 14:52:19 ea3317a4803d71d88183b29f1d3086f46d68a00e"],
-    ["3.8.3", "2014-02-03 13:52:03 e816dd924619db5f766de6df74ea2194f3e3b538"],
-    ["3.8.2", "2013-12-06 14:53:30 27392118af4c38c5203a04b8013e1afdb1cebd0d"],
-    ["3.8.1", "2013-10-17 12:57:35 c78be6d786c19073b3a6730dfe3fb1be54f5657a"],
-    ["3.8.0.2", "2013-09-03 17:11:13 7dd4968f235d6e1ca9547cda9cf3bd570e1609ef"],
-    ["3.8.0.1", "2013-08-29 17:35:01 352362bc01660edfbda08179d60f09e2038a2f49"],
-    ["3.8.0", "2013-08-26 04:50:08 f64cd21e2e23ed7cff48f7dafa5e76adde9321c2"],
-    ["3.7.17", "2013-05-20 00:56:22 118a3b35693b134d56ebd780123b7fd6f1497668"],
-    ["3.7.16.2", "2013-04-12 11:52:43 cbea02d93865ce0e06789db95fd9168ebac970c7"],
-    ["3.7.16.1", "2013-03-29 13:44:34 527231bc67285f01fb18d4451b28f61da3c4e39d"],
-    ["3.7.16", "2013-03-18 11:39:23 66d5f2b76750f3520eb7a495f6247206758f5b90"],
-    ["3.7.15.2", "2013-01-09 11:53:05 c0e09560d26f0a6456be9dd3447f5311eb4f238f"],
-    ["3.7.15.1", "2012-12-19 20:39:10 6b85b767d0ff7975146156a99ad673f2c1a23318"],
-    ["3.7.15", "2012-12-12 13:36:53 cd0b37c52658bfdf992b1e3dc467bae1835a94ae"],
-    ["3.7.14.1", "2012-10-04 19:37:12 091570e46d04e84b67228e0bdbcd6e1fb60c6bdb"],
-    ["3.7.14", "2012-09-03 15:42:36 c0d89d4a9752922f9e367362366efde4f1b06f2a"],
-    ["3.7.13", "2012-06-11 02:05:22 f5b5a13f7394dc143aa136f1d4faba6839eaa6dc"],
-    ["3.7.12.1", "2012-05-22 02:45:53 6d326d44fd1d626aae0e8456e5fa2049f1ce0789"],
-    ["3.7.12", "2012-05-14 01:41:23 8654aa9540fe9fd210899d83d17f3f407096c004"],
-    ["3.7.11", "2012-03-20 11:35:50 00bb9c9ce4f465e6ac321ced2a9d0062dc364669"],
-    ["3.7.10", "2012-01-16 13:28:40 ebd01a8deffb5024a5d7494eef800d2366d97204"],
-    ["3.7.9", "2011-11-01 00:52:41 c7c6050ef060877ebe77b41d959e9df13f8c9b5e"],
-    ["3.7.8", "2011-09-19 14:49:19 3e0da808d2f5b4d12046e05980ca04578f581177"],
-    ["3.7.7.1", "2011-06-28 17:39:05 af0d91adf497f5f36ec3813f04235a6e195a605f"],
-    ["3.7.7", "2011-06-23 19:49:22 4374b7e83ea0a3fbc3691f9c0c936272862f32f2"],
-    ["3.7.6.2", "2011-04-17 17:25:17 154ddbc17120be2915eb03edc52af1225eb7cb5e"],
-    ["3.7.6.1", "2011-04-13 14:40:25 a35e83eac7b185f4d363d7fa51677f2fdfa27695"],
-    ["3.7.6", "2011-04-12 01:58:40 f9d43fa363d54beab6f45db005abac0a7c0c47a7"],
-]
-
-def guess_version(lines):
+def guess_version(lines, version_map):
     """Guesses the sqlite version from the file contents.
 
     The most correct way to do this is to search for the sha1 sums per release.
     """
 
     for line in lines:
-        for mapping in VERSION_MAP:
+        for mapping in version_map:
             if mapping[1] in line:
                 return mapping[0]
 
     return "UNKNOWN"
 
-def guess_contains(lines):
+def guess_contains(lines, version_map):
     """Tries to determine if a file includes sqlite
     """
     # since the version strings are super unique here, we can guess the version
     # at the same time
     for line in lines:
-        for mapping in VERSION_MAP:
+        for mapping in version_map:
             if mapping[1] in line:
                 return mapping[0]
 
@@ -158,13 +61,16 @@ def get_version(lines, filename):
 
     VPkg: sqlite, sqlite
     """
+    mapdb = VersionSignatureDb('sqlite', get_version_map, 30)
+    with mapdb:
+        mapping = mapdb.get_mapping_data()
     version_info = dict()
     if "sqlite" in filename or "sqlite3" in filename:
         version_info["is_or_contains"] = "is"
-        version_info["version"] = guess_version(lines)
+        version_info["version"] = guess_version(lines, mapping)
 
     else:
-        version = guess_contains(lines)
+        version = guess_contains(lines, mapping)
         if version:
             version_info["is_or_contains"] = "contains"
             version_info["version"] = version
@@ -200,10 +106,10 @@ def get_version_map():
             id_match = id_pattern.search(line)
             if id_match:
                 version_map.append([last_version, id_match.group(1)])
-                print('        [\"' + last_version + '", "' + id_match.group(1) + '"],')
+                # print('        [\"' + last_version + '", "' + id_match.group(1) + '"],')
                 break
 
     return version_map
 
 if __name__ == '__main__':
-    get_version_map()
+    get_version_map()