forked from RedHatProductSecurity/osidb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
query_sets.py
81 lines (68 loc) · 2.72 KB
/
query_sets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
from django.db import models
from osidb.query_sets import CustomQuerySetUpdatedDt
from .constants import FIXED_AND_UNFIXABLE_TRACKER_RESOLUTIONS, UNSUPPORTED_PRODUCTS
class AffectQuerySetExploitExtension(CustomQuerySetUpdatedDt):
"""
Additional Affect queries needed for exploit reports.
"""
def not_community(self):
"""
Exclude all community products.
"""
q = self
q = q.exclude(ps_module__contains="epel") # Remove EPEL
q = q.exclude(ps_module__contains="fedora") # Remove Fedora
return q
def supported(self):
"""
Exclude all affects which Red Hat does not provide ANY security fixes regardless of the
flaw impact and affects where we do not particularly care if fix is provided, i.e.
community products and EOL products.
"""
q = self
q = q.not_community() # Remove community products
# Remove products which are not supported anymore. This is a temporary workaround until
# it is possible to check for products which are completely unsupported (no security fixed
# ever)
q = q.exclude(ps_module__in=UNSUPPORTED_PRODUCTS)
return q
def unfixed_in_delegate(self):
"""
Exclude all affects which have resolution DELEGATED and all associated trackers are either
in fixed state, or are not fixable, e.g. duplicate, EOL.
"""
from osidb.models import Affect
unfixed_trackers = models.Count(
"trackers",
filter=~models.Q(
trackers__resolution__in=FIXED_AND_UNFIXABLE_TRACKER_RESOLUTIONS
),
)
q = self
q = q.annotate(unfixed_trackers=unfixed_trackers)
q = q.exclude(
resolution=Affect.AffectResolution.DELEGATED,
unfixed_trackers=0,
)
return q
def unfixed(self):
"""
Exclude all affects which either have resolution FIX or have resolution DELEGATED and
associated trackers allow us to treat it as fixed (see "unfixed_in_delegate" above).
"""
from osidb.models import Affect
return self.exclude(
resolution=Affect.AffectResolution.FIX
).unfixed_in_delegate()
def affected(self):
"""
Exclude all affects with affectedness state NOTAFFECTED.
"""
from osidb.models import Affect
return self.exclude(affectedness=Affect.AffectAffectedness.NOTAFFECTED)
def exploit_relevant(self):
"""
Only affects which are relevant for exploit reviews - i.e. for supported products, for
affected components, not fixed and potentially fixable.
"""
return self.supported().affected().unfixed()