public function create(Cve &$cve)
{
$this->db->query("insert into Cve set\n \tname='" . $this->db->escape($cve->getName()) . "',\n \tcveDefId='" . $this->db->escape($cve->getCveDefId()) . "'");
# Set the newly assigned id
$cve->setId($this->db->getLastInsertedId());
}
public function removeCveTags(Cve &$cve)
{
if ($cve == null || $cve->getId() == -1) {
Utils::log(LOG_DEBUG, "Exception", __FILE__, __LINE__);
throw new Exception("Cve object is not valid or Cve.id is not set");
}
Utils::log(LOG_DEBUG, "Removing all tags associated with the cve [cveId='{$cve->getId()}']", __FILE__, __LINE__);
$this->getPakiti()->getDao("Tag")->deleteTagsByCveId($cve->getId());
}
public function retrieveVulnerabilities()
{
Utils::log(LOG_DEBUG, "Synchronizing CVE", __FILE__, __LINE__);
$vulnerabilities = array();
foreach ($this->getSubSources() as $subSource) {
$defs = $subSource->retrieveDefinitions();
# We have CVE definition in this format:
# Array
#(
# [subSourceDefId] => 5
# [definition_id] => oval:com.redhat.rhsa:def:20120006
# [severity] => Critical
# [title] => RHSA-2012:0006: java-1.4.2-ibm security update (Critical)
# [ref_url] => https://rhn.redhat.com/errata/RHSA-2012-0006.html
# [cves] => Array
# (
# [0] => CVE-2011-3389
# [1] => CVE-2011-3545
# )
#
# [osGroup] => Array
# (
# [Red Hat Enterprise Linux 5] => Array
# (
# [0] => Array
# (
# [name] => java-1.4.2-ibm-plugin
# [version] => 0:1.4.2.13.11
# [release] => 1jpp.1.el5
# [operator] => <
# )
# [1] => Array
# (
# [name] => java-1.4.2-ibm-src
# [version] => 0:1.4.2.13.11
# [release] => 1jpp.1.el5
# [operator] => <
# )
#
# )
#
# )
#
#)
# Store them into the list of Vulnerabilities
if ($defs) {
# Reformat data into
foreach ($defs as $def) {
#CVEs definition
$cveDef = new CveDef();
$cveDef->setDefinitionId($def['definition_id']);
$cveDef->setTitle($def['title']);
$cveDef->setRefUrl($def['ref_url']);
$cveDef->setVdsSubSourceDefId($def['subSourceDefId']);
$cveDefId = $this->_pakiti->getDao("CveDef")->getCveDefId($cveDef);
if ($cveDefId == null) {
# CVEs
$cves = array();
foreach ($def['cves'] as $cveName) {
$cve = new Cve();
$cve->setName($cveName);
array_push($cves, $cve);
}
$cveDef->setCves($cves);
$this->_pakiti->getManager('CveDefsManager')->createCveDef($cveDef);
} else {
$cveDef->setId($cveDefId);
}
foreach ($def['osGroup'] as $osGroupName => $defsPkg) {
foreach ($defsPkg as $defPkg) {
$vuln = new Vulnerability();
$vuln->setCveDefId($cveDef->getId());
# OVAL from RH and DSA doesn't contain arch, so use all
$archName = 'all';
$arch = $this->_pakiti->getManager("HostsManager")->getArch($archName);
if ($arch == null) {
# Arch is not defined in the DB, so created it e);
$arch = $this->_pakiti->getManager('HostsManager')->createArch($archName);
}
$vuln->setName($defPkg['name']);
$vuln->setRelease($defPkg['release']);
$vuln->setVersion($defPkg['version']);
$vuln->setArch($arch->getName());
# Get osGroup Id
$osGroup = $this->_pakiti->getManager("OsGroupsManager")->getOsGroupByName($osGroupName);
if ($osGroup == null) {
$osGroup = new OsGroup();
$osGroup->setName($osGroupName);
# osGropu is not defined in the DB, so created it
$osGroup = $this->_pakiti->getManager('OsGroupsManager')->createOsGroup($osGroupName);
}
$vuln->setOsGroupId($osGroup->getId());
$vuln->setOperator($defPkg['operator']);
array_push($vulnerabilities, $vuln);
}
}
}
}
}
return $vulnerabilities;
}