aboutsummaryrefslogtreecommitdiffstats
path: root/bin/srt
AgeCommit message (Collapse)Author
2020-01-12Bug 13734 - cumulative deployment features and fixesDavid Reyna
srtool: cumulative deployment features and fixes High level new features: * Publishing support to external/public databases * Ability to label products as "active", "inactive", "under development" Inactive (EOL) products appear but * Do not affect status propagation * Do not auto-create defects Development product status is not exported to pubic database * Extend NIST download range to 2002..2019 * Added MITRE downloads to provide RESERVED tracking * Extended audit history tracking and meta-data * Delete CVE records * Ability to do "OR" searches (default is "AND") Example: "CVE-2019-20095 OR CVE-2019-20096 OR CVE-2019-19977" * Automated defect creation (Jira) If selected, creates customer defect for selected and active products Reuse existing defect if present for given product * Many small sorting, readability, edge case fixes Backups: * Add meta-data stamp file for each backup * Save daily backups with day name instead of day number * Preserve file dates when making copies to backup * Add list command Automated Updates: * Fix report format * Add trial run test Utilities: * Add 13 new database fix up procedures Some are one-shot historical fixes, some are learned validation checks Database Schema: * Add "SRTool" class to wrap shared enumerations (e.g. Priority) * Add "Update" class to tag and track audit trail objects * Change Priority naming to match CVE model instead of JIRA * Add srt_created/srt_updated to CVE/Vul/Inv/Notify for improved updating and auditing * Add to Defect the SRT versions of Status, Priority, Outcome To distinguish these from the customer's defect system's values Common Tools: * Fix new CVE auto-scoring to skip CVE's already scored (though still NEW) * Add automated propagation of Defects/Investigations status to parent Vulnerabilities See "srtool_common.py" for rule details CVEs: * Add MITRE as an automatic upstream source This is to specifically capture all of the "RESERVED" CVE enumerations which will not appear in the MIST databases, and have the CVE records in place for internal investigations and transitions to "public" status. * Spell out the command arguments in the NIST data source files for greater legibility * Change Priority naming to match CVE instead of JIRA * Add parallel status states for "inactive" products This specifically blocks state propagation from inactive objects to active objects NIST management script: * Refactor file for greater clarity * Reorder methods to reflect workflow order * Fully spell out names of objects * Remove temporary holding class "CVE" in favor of dictionary objects * Debugging enhancements * Incremental update commands for stepped debugging For example, ability to fetch/update specific CVE(s) * Additional debugging flags [YOCTO #13734] Signed-off-by: David Reyna <David.Reyna@windriver.com>
2019-02-20srtool_update: improve update reporting and schedulingDavid Reyna
Track the current running update task in ".srtupdate.task" to help track background update activity and overhead. Make calls to the update start/stop absolute paths to help track active SRTool tasks, especially between multiple servers. Signed-off-by: David Reyna <David.Reyna@windriver.com>
2019-02-09srtool_srt: add 'manage' usage help displayDavid Reyna
Signed-off-by: David Reyna <David.Reyna@windriver.com>
2019-01-21srtool_start: generate SRTool stop/restart scriptsDavid Reyna
When the SRTool successfully starts, auto-generate helper scripts to allow the user to stop and restart the SRTool based on the previous options. This is also useful for scripts that need to stop then restart the SRTool server in order to safely perform actions (like backup or restore). Generated scripts: bin/srt_start.sh (also first stops the server if currently running) bin/srt_stop.sh Signed-off-by: David Reyna <David.Reyna@windriver.com>
2019-01-14srtool: complete auto-update supportDavid Reyna
Complete the support for backgroup data source updates: * Add cron-start,cron-stop to srtool_update * Have cron update run as a user space script to avoid sudo * Hook cron-start,cron-stop into srt start,stop * Add list command to show update sources * Have force command propagate to update script calls, and add force option to all source scripts * Add 'srt manage update ...' for access to the update functions * Add flag SRT_SKIP_AUTOUPDATE and srt option noautoupdate to disable the automatic update app for development assistance Related Fixes: * Set the schema generator to always update on startup (13138) * Fix CVE 'recommend' default to the integer zero (13139) with auto-fix at startup for existing databases [YOCTO #13131] [YOCTO #13138] [YOCTO #13139] Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-12-29srtool: generalize the master app (yp, acme, ...) managementDavid Reyna
The SRTool allows users to substitute an alternate master application instead of the default "yp" in order to customize their instance to their organization. This is done by: (a) Creating a datasource directory under bin (b) Defining a "datasource.json" file (c) Defining 'export SRT_MAIN_APP="<app>"' in "srtool_env.sh" This environment files are scanned by 'bin/srt', and if such an alternate master app is found it pre-empts the default 'yp'. This value is set via the environment because "lib/srtmain/settings.py" is the file that sets the app (and this the URL) ordering, and it is processed before any database is attached. To disable the alternate main app, simply rename its "datasource.json" file and it will be ignored for the next start. The sample alternate app "acme" is provided to demonstrate this facility. Additionally, a development tool 'bin/dev_tools/master_app.sh' has been added to help switch between master apps, to aid testing. $ ./stop.sh $ ./master_app.sh acme $ ./start.sh ... test ... $ ./stop.sh $ ./master_app.sh yp $ ./start.sh Other included fixes: * Fix the ACME JSON files formating * Remove ACME "_sample" from all but "datasource.json_sample" * Fix tabs to spaces in "srt" * Add global contect values to views::managedcontextprocessor so that other app templates can share them Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-12-29srtool: add quick test for python3 and sqlite3David Reyna
Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-12-21srtool: cummulative fixes 12/21/2018David Reyna
Fixes: * Support Django development head in version check (e.g. '2.2.dev20181217100344') * Remove the single quotes around the comments content * Include Documentation/Export links for Guest users * Allow 'ip:port/acme' to link to 'acme_hello' Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-12-13srtool: cummulative update 12/13/2018David Reyna
Changes: Repartition the data sources Reconfigure the data sources into self-contained directories under the "bin" directory. Implement dynamic data source discovery and import Remove all hard coded data source data (e.g. fixtures, data, CVE lookups) Add license files to all data sources Django User model Add "users" Django application dir Login page Self create user account page Password change page User access and delete management CVE Name sorting by hidden 'name_sort' field (CVE-nnnn-0nnnnnn) CVE Triage Auto import reserved CVEs Add MITRE CVE records where NIST missing Add data source count to triage page Easy checkbox toggle by clicking any field Triage any CVE status category (not just new) Assign to any CVE status category Object create/delete Create/Delete Vulnerablities Create/Delete Investigations from Vulnerablity page Add "Historical" CVE status When bootstraping system, all CVEs older than 60 days preset to "Historical" Add CVEs withint 60 days preset to "New" Can be overridden by defect and systaining status imports Preadd Debian data for "New" CVEs Abstraction Add generic Product mappings to defect system ("defect_tag": defect prefix) Add generic Product mappings to product system ("product_tag": product reference, related) Manage functions via "srt" script For example add superuser Normalize Vulnerability to Investigation mapping Replace orm_vulnerabilityproduct with orm_vulnerabilitytoinvestigation General Enable the 'srtool-requirements.txt' Django test Speed the CVE scoring by pre-fetching the datasources Progress display cleanup Move and update srtool_defect prototype to 'bin/yp' Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-08-10Cummulative development update August 2018David Reyna
* Add incremental NIST scans and import to CVE database * Add modified NIST scans and import to CVE database * Moved CVE details out of SRTool database to reduce size * Add CVE details lookup in cached CVE upstream files * Added edit support for Vulnerabilies and Investigations * Comments * Attachments and downloads * Product list * History audit trail * Add Vulnerability and Investigation creation from CVE triage * Add user id to session variables * Add defect import placeholder script * Modularize the fixture files for common versus site-specific setup Signed-off-by: Moayer, Puya <Puya.Moayer@windriver.com> Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-05-15remove WR-isms from template files, update 'toaster' executable to 'srt' ↵David Reyna
executable Signed-off-by: David Reyna <David.Reyna@windriver.com>
2018-05-14Add SRTool updated files version 0.03David Reyna
Signed-off-by: David Reyna <David.Reyna@windriver.com>