diff options
Diffstat (limited to 'bin/acme/srtool_acme.py')
-rwxr-xr-x | bin/acme/srtool_acme.py | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/bin/acme/srtool_acme.py b/bin/acme/srtool_acme.py new file mode 100755 index 00000000..02750ba5 --- /dev/null +++ b/bin/acme/srtool_acme.py @@ -0,0 +1,163 @@ +#!/usr/bin/env python3 +# +# ex:ts=4:sw=4:sts=4:et +# -*- tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- +# +# Security Response Tool Commandline Tool +# +# Copyright (C) 2018 Wind River Systems +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +### Usage Examples (run from top level directory) +# Init ACME products: ./bin/yp/srtool_acme.py --init-products + + +### +### THIS IS A SAMPLE DATASOURCE FOR INSTANTIATING AND +### MANAGING AN ORGANIZATION'S SRTOOL INTEGRATION +### + + +import os +import sys +import re +import csv +import xml.etree.ElementTree as ET +import argparse +import sqlite3 +import subprocess +import json +import urllib +from datetime import datetime + +# load the srt.sqlite schema indexes +dir_path = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) +sys.path.insert(0, dir_path) +from common.srt_schema import ORM + +try: + from datetime import datetime, date + from urllib.request import urlopen, URLError + from urllib.parse import urlparse +except ImportError: + from urllib2 import urlopen, URLError + from urlparse import urlparse + +srtDbName = 'srt.sqlite' + + +################################# +# Helper methods +# + +verbose = False + +def debugMsg(msg): + if verbose: + print(msg) + +overrides = {} + +def set_override(key,value=None): + if not value is None: + overrides[key] = value + elif key in os.environ.keys(): + overrides[key] = 'yes' if os.environ[key].startswith('1') else 'no' + else: + overrides[key] = '' + if overrides[key]: + print("OVERRIDE: %s = %s" % (key,overrides[key])) + +def get_override(key): + if key in overrides.keys(): + return overrides[key] + return '' + +################################# +# Initialize the product list +# + +### +### NOTE: THIS WHERE YOU CAN MAP THE ORGANIZATION'S PRODUCT DATA +### INTO THE SRTOOL SUPPORTED FORMATS +### + +def init_products(source_file): + + source_doc = os.path.join(srtool_basepath,source_file) + with open(source_doc) as json_data: + dct = json.load(json_data) + + conn = sqlite3.connect(srtDbName) + cur = conn.cursor() + + Product_Items = dct['Product_Items'] + for i, Product_Item in enumerate(Product_Items): + order = Product_Item['order'] + key = Product_Item['key'] + name = Product_Item['name'] + version = Product_Item['version'] + profile = Product_Item['profile'] + cpe = Product_Item['cpe'] + defect_tags = Product_Item['defect_tags'] + product_tags = Product_Item['product_tags'] + + sql = "SELECT 1 FROM orm_product WHERE key = '%s'" % (key, ) + product = cur.execute(sql).fetchone() + if product is None: + # NOTE: 'order' is a reserved SQL keyword, so we have to quote it + sql = ''' INSERT into orm_product ("order", key, name, version, profile, cpe, defect_tags, product_tags) VALUES (?, ?, ?, ?, ?, ?, ?, ?)''' + cur.execute(sql, (order, key, name, version, profile, cpe, defect_tags, product_tags)) + else: + sql = ''' UPDATE orm_product + SET "order" = ?, cpe= ?, defect_tags=?, product_tags=? + WHERE id=?''' + cur.execute(sql, (order, cpe, defect_tags, product_tags, product[ORM.PRODUCT_ID])) + conn.commit() + +################################# +# main loop +# + +def main(argv): + global verbose + + parser = argparse.ArgumentParser(description='srtool_acme.py: Manage SRTool to ACME Corp') + parser.add_argument('--init-products', '-p', action='store_const', const='init_products', dest='command', help='Init and import ACME Products') + parser.add_argument('--file', dest='file', help='Source file') + parser.add_argument('--verbose', '-v', action='store_true', dest='verbose', help='Verbose debugging') + args = parser.parse_args() + + master_log = open("./update_logs/master_log.txt", "a") + + verbose = args.verbose + + # required parameter for the following commands + if not args.file: + print("ERROR: missing 'file' argument") + exit(1) + + if 'init_products' == args.command: + init_products(args.file) + else: + print("Command not found") + +if __name__ == '__main__': + global script_pathname + global srtool_basepath + + srtool_scriptpath = os.path.dirname(os.path.dirname(os.path.abspath(sys.argv[0]))) + srtool_basepath = os.path.dirname(srtool_scriptpath) + main(sys.argv[1:]) |