403Webshell
Server IP : 172.67.131.151  /  Your IP : 104.23.197.244
Web Server : Apache
System : Linux keen-cori.18-142-40-148.plesk.page 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 06:59:36 UTC 2025 x86_64
User : simottodesign.com_2tntp341vs7 ( 10011)
PHP Version : 8.3.31
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/lib/python3/dist-packages/uaclient/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /usr/lib/python3/dist-packages/uaclient/__pycache__/security.cpython-38.pyc
U

2�d���@s�ddlZddlZddlZddlZddlmZddlmZddlmZm	Z	m
Z
mZmZm
Z
mZddlmZmZmZmZmZmZddlmZddlmZmZddlmZmZdd	lmZm Z m!Z!dd
l"m#Z#ddl$m%Z%m&Z&ddl'm(Z(dd
l)m*Z*m+Z+ddl,m-Z-ddl.m/Z/ddl0m1Z1ddl2m3Z3dZ4dZ5dZ6dZ7dZ8dZ9dZ:dZ;edde<fde<fg�Z=edde>fde
e=fd e
e<fd!e>fg�Z?ed"d#e<fd$e<fd%e<fg�Z@ed&d'e>fd(ee<fg�ZAGd)d*�d*ejB�ZCed+d'eCfdee
e=fg�ZDGd,d-�d-e1jE�ZFGd.d/�d/�ZGGd0d1�d1�ZHGd2d3�d3�ZIe	e<e	e<e<ffd4�d5d6�ZJe
eIe	e<e>fe	e<e	e<e	e<e<fffd7�d8d9�ZKd:d;�ZLe<eeeCee<fd<�d=d>�ZMeHe
eIe<e	e<e	e<e<ffe#e	e<e>fe>eCd?�d@dA�ZNeIe
eIe<e	e<e	e<e<ffe#e	e<e>fe>e>eCdB�	dCdD�ZOd�e#e<e>e>eCdF�dGdH�ZPdIdJ�ZQdKdL�ZReIe	e<e	e<e<ffe	e<eGfdM�dNdO�ZSeHe	e<e	e<e<ffe	e<eGfdP�dQdR�ZTe<e	e<eGfdS�dTdU�ZUeGe	e<e	e<e<ffeGdV�dWdX�ZVdYdZ�ZWe
ee<eGfeXeXe<d[�d\d]�ZYe<e#d^�d_d`�ZZe<e#e>da�dbdc�Z[d�eCe<e<de�dfdg�Z\e#e	e<e
ee<eGffe	e<e
e@feXeXe>e?dh�didj�Z]e
e=e<dk�dldm�Z^e#e<e	e<eGfe	e<e	e<e<ffe	e<e	e<e	e<e<fffe>eDdn�dodp�Z_dd4�dqdr�Z`e#e<e>ds�dtdu�Zae#dv�dwdx�Zbe#e>dy�dzd{�Zce#e<e>d|�d}d~�Zde#e>e>d�d�d��Zee<e#e>e>d��d�d��Zfe#e>dy�d�d��Zge	e<efe#e>e>d��d�d��Zhe#e
e<e<e>eAd��d�d��ZidS)��N)�defaultdict)�datetime)�Any�Dict�List�
NamedTuple�Optional�Set�Tuple)�apt�
exceptions�	livepatch�messages�system�util)�	_initiate)�MagicAttachRevokeOptions�_revoke)�MagicAttachWaitOptions�_wait)�CLOUD_TYPE_TO_TITLE�
PRO_CLOUDS�get_cloud_type)�UAConfig)�BASE_UA_URL�PRINT_WRAP_WIDTH)�entitlement_factory)�ApplicabilityStatus�UserFacingStatus)�notices)�Notice)�
serviceclient)�colorize_commandsz=((CVE|cve)-\d{4}-\d{4,7}$|(USN|usn|LSN|lsn)-\d{1,5}-\d{1,2}$)z	cves.jsonzcves/{cve}.jsonznotices.jsonznotices/{notice}.jsonzUbuntu standard updateszUbuntu Pro: ESM InfrazUbuntu Pro: ESM Apps�UnfixedPackage�pkg�unfixed_reason�ReleasedPackagesInstallResult�
fix_status�unfixed_pkgs�installed_pkgs�all_already_installed�BinaryPackageFix�
source_pkg�
binary_pkg�
fixed_version�
UpgradeResult�status�failure_reasonc@sZeZdZdZGdd�d�Zedd�Zedd�Zedd�Zed	d
�Ze	dd��Z
d
d�ZdS)�	FixStatuszD
    An enum to represent the system status after fix operation
    c@seZdZeed�dd�ZdS)zFixStatus._Value��value�msgcCs||_||_dS�Nr3)�selfr4r5�r8�3/usr/lib/python3/dist-packages/uaclient/security.py�__init___szFixStatus._Value.__init__N)�__name__�
__module__�__qualname__�int�strr:r8r8r8r9�_Value^sr@rZfixed�not-affected�zstill-affected�zaffected-until-rebootcCs|jjSr6)r4�r7r8r8r9�	exit_codehszFixStatus.exit_codecCs|jjSr6r3rDr8r8r9�__str__lszFixStatus.__str__N)r;r<r=�__doc__r@�SYSTEM_NON_VULNERABLE�SYSTEM_NOT_AFFECTED�SYSTEM_STILL_VULNERABLE�SYSTEM_VULNERABLE_UNTIL_REBOOT�propertyrErFr8r8r8r9r2Ys




r2�	FixResultcs�eZdZdZdZeeefeeefd�dd�Ze	j
ejdddgd	�d�fdd�	�Z
deeeeeeeeeeeeeeeeeed
d�	dd�Zed
d�dd�Zdeeeeeeeeeeedd�dd�Zedd�dd�Z�ZS)�UASecurityClient�Zsecurity_url)�query_params�returncCs.|jj�di��di�}|r*|�|�|S|S)zD
        Update query params with data from feature config.
        Zfeatures�extra_security_params)�cfg�get�update)r7rPrRr8r8r9�_get_query_params~s�
z"UASecurityClient._get_query_paramsrB��)Zretry_sleepsNcs"|�|�}t�j|||||dd�S)NF)�path�data�headers�methodrPZlog_response_body)rV�super�request_url)r7rYrZr[r\rP��	__class__r8r9r^�s
�zUASecurityClient.request_url�CVE)	�query�priority�package�limit�offset�	component�versionr0rQc		sT||||||||d�}	�jt|	d�}
|
jdkr@t�t|
j|
j���fdd�|
jD�S)znQuery to match multiple-CVEs.

        @return: List of CVE instances based on the the JSON response.
        )�qrcrdrerfrgrhr0�rP��csg|]}t�|d��qS)��client�response)ra)�.0Zcve_mdrDr8r9�
<listcomp>�sz-UASecurityClient.get_cves.<locals>.<listcomp>)r^�API_V1_CVES�coder�SecurityAPIError�bodyZ	json_list)r7rbrcrdrerfrgrhr0rPrnr8rDr9�get_cves�s&�

�
�zUASecurityClient.get_cves)�cve_idrQcCs@tj|d�}|�|�}|jdkr2t�||j|j��t||jd�S)zkQuery to match single-CVE.

        @return: CVE instance for JSON response from the Security API.
        )�cverkrl)	�API_V1_CVE_TMPL�formatr^rrrrsrtra�	json_dict)r7rv�urlrnr8r8r9�get_cve�s

�zUASecurityClient.get_cve�USN)�details�releasererf�orderrQcsd�||||d�}�jt|d�}|jdkr:t�t|j|j��t��fdd�|j�dg�D�dd�d	�S)
zuQuery to match multiple-USNs.

        @return: Sorted list of USN instances based on the the JSON response.
        )r~rrerfr�rjrkcs0g|](}�dks �|�dg�krt�|d��qS)N�cves_idsrl)rTr})roZusn_md�r~r7r8r9rp�s�z0UASecurityClient.get_notices.<locals>.<listcomp>rcSs|jSr6��id��xr8r8r9�<lambda>��z.UASecurityClient.get_notices.<locals>.<lambda>��key)	r^�API_V1_NOTICESrrrrsrt�sortedrzrT)r7r~rrerfr�rPrnr8r�r9�get_notices�s&
�
���zUASecurityClient.get_notices)�	notice_idrQcCs@tj|d�}|�|�}|jdkr2t�||j|j��t||jd�S)zbQuery to match single-USN.

        @return: USN instance representing the JSON response.
        )�noticerkrl)	�API_V1_NOTICE_TMPLryr^rrrrsrtr}rz)r7r�r{rnr8r8r9�
get_notice�s

�zUASecurityClient.get_notice)NNNN)NNNNNNNN)NNNNN)r;r<r=Zurl_timeoutZcfg_url_base_attrrr?rrVrZretry�socketZtimeoutr^rr>rrur|r�r��
__classcell__r8r8r_r9rNysZ

���
�"��!rNc@s�eZdZdZeeefd�dd�Zedd��Z	edd��Z
ed	d
��Zedd��Zed
d��Z
edd��Zeed�dd��Zedd��ZdS)�CVEPackageStatuszAClass representing specific CVE PackageStatus on an Ubuntu series��cve_responsecCs
||_dSr6�rn)r7r�r8r8r9r:�szCVEPackageStatus.__init__cCs
|jdS�N�descriptionr�rDr8r8r9r�szCVEPackageStatus.descriptioncCs|jSr6)r�rDr8r8r9r.szCVEPackageStatus.fixed_versioncCs
|jdS)N�pocketr�rDr8r8r9r�	szCVEPackageStatus.pocketcCs
|jdS)N�release_codenamer�rDr8r8r9r�
sz!CVEPackageStatus.release_codenamecCs
|jdS)Nr0r�rDr8r8r9r0szCVEPackageStatus.statuscCs�|jdkrtjS|jdkr tjS|jdkr0tjS|jdkr@tjS|jdkrPtjS|jdkr`tjS|jdkrztjj	|j
d�Stjj	|jd	�S)
NZneededzneeds-triage�pending)�ignored�deferredZDNErA�released)Z
fix_stream)r0)r0rZSECURITY_CVE_STATUS_NEEDEDZSECURITY_CVE_STATUS_TRIAGEZSECURITY_CVE_STATUS_PENDINGZSECURITY_CVE_STATUS_IGNOREDZSECURITY_CVE_STATUS_DNEZ SECURITY_CVE_STATUS_NOT_AFFECTEDZSECURITY_FIX_RELEASE_STREAMry�
pocket_sourceZSECURITY_CVE_STATUS_UNKNOWNrDr8r8r9�status_messages"






�zCVEPackageStatus.status_message�rQcCst|jtk�S)z?Return True if the package requires an active Pro subscription.)�boolr��UBUNTU_STANDARD_UPDATES_POCKETrDr8r8r9�requires_ua)szCVEPackageStatus.requires_uacCsH|jdkrt}n4|jdkr t}n$|jdkr0t}nd|jkr@t}nt}|S)z>Human-readable string representing where the fix is published.�	esm-infra�esm-apps)ZupdatesZsecurityZesm)r��UA_INFRA_POCKET�UA_APPS_POCKETr�r.)r7Z
fix_sourcer8r8r9r�.s



zCVEPackageStatus.pocket_sourceN)r;r<r=rGrr?rr:rLr�r.r�r�r0r�r�r�r�r8r8r8r9r��s$





r�c@s�eZdZdZeeeefd�dd�Ze	d�dd�Z
edd	��Zd
d�Z
eeed�dd
��Zeedd�dd��Zedd��Zeeeefd�dd��ZdS)raz7Class representing CVE response from the SecurityClientrlcCs||_||_dSr6�rnrm�r7rmrnr8r8r9r:CszCVE.__init__r�cCst|t�sdS|j|jkS�NF)�
isinstancerarn�r7�otherr8r8r9�__eq__Gs
z
CVE.__eq__cCs|j�dd���S)Nr�ZUNKNOWN_CVE_ID�rnrT�upperrDr8r8r9r�LszCVE.idcCsB|j}|jD]}|j}qqdj|j|d�d�|j�g}d�|�S)z2Return a string representing the URL for this cve.�{issue}: {title}��issue�title�! - https://ubuntu.com/security/{}�
)r�rr�ryr��join)r7r�r��linesr8r8r9�get_url_headerPs

�zCVE.get_url_headercCs|j�dg�S)N�notices_ids�rnrTrDr8r8r9r�]szCVE.notices_idsr}cs<t�d�s6t�fdd��j�dg�D�dd�dd��_�jS)	z�Return a list of USN instances from API response 'notices'.

        Cache the value to avoid extra work on multiple calls.
        �_noticescsg|]}t�j|��qSr8)r}rm)ror�rDr8r9rpis�zCVE.notices.<locals>.<listcomp>rcSs|jSr6r���nr8r8r9r�mr�zCVE.notices.<locals>.<lambda>T�r��reverse)�hasattrr�rnrTr�rDr8rDr9ras

��zCVE.noticescCs|j�d�Sr�r�rDr8r8r9r�rszCVE.descriptioncCsbt|d�r|jSi|_t��j}|jdD]0}|dD]"}|d|kr6t|�|j|d<q6q*|jS)z�Dict of package status dicts for the current Ubuntu series.

        Top-level keys are source packages names and each value is a
        CVEPackageStatus object
        �_packages_statusZpackagesZstatusesr��name)r�r�r�get_release_info�seriesrnr�)r7r�rd�
pkg_statusr8r8r9�packages_statusvs

�zCVE.packages_statusN)r;r<r=rGrNrr?rr:r�r�rLr�r�rr�rr�r�r�r8r8r8r9ra@s


rac@s�eZdZdZeeeefd�dd�Ze	d�dd�Z
eed�dd	��Zee
ed�d
d��Zee
ed�dd
��Zedd��Zedd��Zdd�Zeeeeeeeefffd�dd��ZdS)r}z7Class representing USN response from the SecurityClientrlcCs||_||_dSr6r�r�r8r8r9r:�szUSN.__init__r�cCst|t�sdS|j|jkSr�)r�r}rnr�r8r8r9r��s
z
USN.__eq__cCs|j�dd���S)Nr�ZUNKNOWN_USN_IDr�rDr8r8r9r��szUSN.idcCs|j�dg�S)z$List of CVE IDs related to this USN.r�r�rDr8r8r9r��szUSN.cves_idscs<t�d�s6t�fdd��j�dg�D�dd�dd��_�jS)	z�List of CVE instances based on API response 'cves' key.

        Cache the values to avoid extra work for multiple call-sites.
        �_cvescsg|]}t�j|��qSr8)rarm)rorwrDr8r9rp�s�zUSN.cves.<locals>.<listcomp>�cvescSs|jSr6r�r�r8r8r9r��r�zUSN.cves.<locals>.<lambda>Tr�)r�r�rnrTr�rDr8rDr9r��s

��zUSN.cvescCs|j�d�S)Nr�r�rDr8r8r9r��sz	USN.titlecCs|j�d�S)N�
referencesr�rDr8r8r9r��szUSN.referencescCsvdj|j|jd�g}|jrB|�d�|jD]}|�d�|��q*n*|jrl|�d�|jD]}|�d|�qXd�|�S)z5Return a string representing the URL for this notice.r�r�zFound CVEs:r�zFound Launchpad bugs:z - r�)ryr�r�r��appendr�r�)r7r�rwZ	referencer8r8r9r��s



zUSN.get_url_headercCsPt|d�r|jSt��j}i|_|j�di��|g�D�]}|�d�r�|d|jkr�d|j|dkr�tjdj	|j
|dd�|j
d��||j|dd<nd|i|j|d<q6|�d	�s�tjd
j	|j
|dd�|j
d��n4d|d	k�rtjd
j	|j
|d|d	d�|j
d��|d	�d�d}||jk�r6i|j|<||j||d<q6|jS)aWBinary package information available for this release.


        Reformat the USN.release_packages response to key it based on source
        package name and related binary package names.

        :return: Dict keyed by source package name. The second-level key will
            be binary package names generated from that source package and the
            values will be the dict response from USN.release_packages for
            that binary package. The binary metadata contains the following
            keys: name, version.
            Optional additional keys: pocket and component.
        �_release_packages�release_packagesZ	is_sourcer��sourcez6{usn} metadata defines duplicate source packages {pkg})�usnr$��issue_idZsource_linkzL{issue} metadata does not define release_packages source_link for {bin_pkg}.)r��bin_pkg�/zX{issue} metadata has unexpected release_packages source_link value for {bin_pkg}: {link})r�r��link���)r�r�rr�r�rnrTr�SecurityAPIMetadataErrorryr��split)r7r�r$�source_pkg_namer8r8r9r��sN


��
����	
zUSN.release_packagesN)r;r<r=rGrNrr?rr:r�r�rLr�rr�rar�r�r�r�r�r8r8r8r9r}�s 

r}r�c	Cs|d}t�dd|ddg�\}}i}|��D]J}|�d�\}}}}|sJ|}d|krTq,||krj||||<q,||i||<q,|S)z�Return a dict of all source packages installed on the system.

    The dict keys will be source package name: "krb5". The value will be a dict
    with keys binary_pkg and version.
    z${db:Status-Status}z
dpkg-queryz#-f=${Package},${Source},${Version},r�z-W�,Z	installed)rZsubp�
splitlinesr�)	Zstatus_field�outZ_err�installed_packagesZpkg_line�pkg_namer�Zpkg_versionr0r8r8r9�#query_installed_source_pkg_versionss$
��r�)�usns�beta_pocketsrQcs�i}|D]�}|j��D]�\}}�fdd�|��D�}||krJ|rJ|||<q||kr||}|��D]D\}}	||kr||	||<qb||d}
|	d}t�||
d�sb|	||<qbqq|S)aWalk related USNs, merging the released binary package versions.

    For each USN, iterate over release_packages to collect released binary
        package names and required fix version. If multiple related USNs
        require different version fixes to the same binary package, track the
        maximum version required across all USNs.

    :param usns: List of USN response instances from which to calculate merge.
    :param beta_pockets: Dict keyed on service name: esm-infra, esm-apps
        the values of which will be true of USN response instances
        from which to calculate merge.

    :return: Dict keyed by source package name. Under each source package will
        be a dict with binary package name as keys and binary package metadata
        as the value.
    c	s.i|]&\}}d��|�dd�d�kr||�qS)Fr��None�rT)roZbin_pkg_nameZ
bin_pkg_md�r�r8r9�
<dictcomp>:s��z>merge_usn_released_binary_package_versions.<locals>.<dictcomp>rh�le)r��itemsr�compare_versions)r�r�Zusn_pkg_versionsr��src_pkgZbinary_pkg_versionsZpublic_bin_pkg_versionsZusn_src_pkgr�Z
binary_pkg_mdZprev_versionZcurrent_versionr8r�r9�*merge_usn_released_binary_package_versions#s,
�

�r�cCsn|js
gSi}|jD]@}|jD]4}|�d�s.q||jkr:q||kr|j|d�||<qqtt|��dd�d��S)z�For a give usn, get the related USNs for it.

    For each CVE associated with the given USN, we capture
    other USNs that are related to the CVE. We consider those
    USNs related to the original USN.
    zUSN-�r�cSs|jSr6r�r�r8r8r9r�or�z"get_related_usns.<locals>.<lambda>r�)r�r��
startswithr�r��listr��values)r�rm�related_usnsrwZrelated_usn_idr8r8r9�get_related_usnsTs




�r�)r�rQcCsft��}|dk	rb|jdk	rb|jjdk	rb|jjD]2}|j|��kr.|jr.|jjpPd}tj|fSq.dS)NzN/A)NN)	r
r0�fixesr��lowerZpatchedrhr2rH)r�Z	lp_statusZfixrhr8r8r9�_check_cve_fixed_by_livepatchrs��
�r�)rwr�r�r�rSr��dry_runrQc	Cs2t||d�}t||�}t�t||||||d�jS)N)rwr��rSr��affected_pkg_statusr��usn_released_pkgsr�)�'get_cve_affected_source_packages_statusr��print�prompt_for_affected_packagesr0)	rwr�r�r�rSr�r�r�r�r8r8r9�_fix_cve�s"	���r�)	r�r�r�r�rSr�r��
no_relatedrQc	Cs�tdtjj|d��t||d�}t|g|�}	t|||||	|d�\}
}|
tjtj	fkrZ|
S|rb|rf|
Stdtj
jd�dd�|D��d��tdtj�i}|D]R}
td	�|
j
��t|
|d�}t|
g|�}	t||
j
|||	|d�}|||
j
<t�q�ttj�t|
|d
d�d}|D]�}
||
j
j}t||
j
d
d�|tjk�r\tdtjjdd��d}|tjk�r||
j
j�pxg}|D]"}|j�r~td�|j|j���q~d}�q|�r�tdtjj|d��|
S)Nr�r��r�r�r�z
- css|]}|jVqdSr6r�)ror�r8r8r9�	<genexpr>�sz_fix_usn.<locals>.<genexpr>)r�z- {}z [requested])�
extra_infoFz
 [related]�- �
fix operation�Z	operationTz
  - {}: {})r�rZSECURITY_FIXING_REQUESTED_USNry�get_affected_packages_from_usnr�r�r2rHrIZSECURITY_RELATED_USNSr�ZSECURITY_FIXING_RELATED_USNSr�ZSECURITY_USN_SUMMARY�_handle_fix_status_messager0rK�ENABLE_REBOOT_REQUIRED_TMPLrJr(r%r$ZSECURITY_RELATED_USN_ERROR)r�r�r�r�rSr�r�r�r�r�Ztarget_fix_status�_Zrelated_usn_statusZrelated_usnZrelated_fix_statusZfailure_on_related_usnr0r(Zunfixed_pkgr8r8r9�_fix_usn�s�����
	�������	

����������rF)rSr�r�r�rQc
Cs�|rttj�|��}t|d�}t�}tt|�tt|�d�}d|kr�t	|�\}}|rlttj
j||d��|Sz|j|d�}	|j
|d�}
WnPtjk
r�}z0t|�}|jdkr�tjj|d�j}t�|��W5d}~XYnXt|	���t|	|
|||||d	�Sz|j|d
�}
t|
|�}
WnTtjk
�rj}z2t|�}|jdk�rPtjj|d�j}t�|��W5d}~XYnXt|
���|
jd�s�tjd�|�|d��t|
|
||||||d
�SdS)N�rS)r�r�ra)r�rh)rv)r~i�r�)rwr�r�r�rSr�r�r�r�z.{} metadata defines no fixed package versions.)r�r�r�r�rSr�r�r�)r�rZSECURITY_DRY_RUN_WARNINGr�rNr��_is_pocket_used_by_beta_servicer�r�r�ZCVE_FIXED_BY_LIVEPATCHryr|r�rrsr?rrZSECURITY_FIX_NOT_FOUND_ISSUEr5�UserFacingErrorr�r�r�r�rnr�r)rSr�r�r�rmr�r�Zlivepatch_cve_statusZ
patch_versionrwr��er5r�r8r8r9�fix_security_issue_ids�

����
������r
cCs^i}|D]P}t||���D]<\}}||kr4|||<q||j}t�||jd�s|||<qq|S)Nr�)r�r�r.rr�)r�r��
affected_pkgsrwr�r�Zcurrent_verr8r8r9�get_affected_packages_from_cveshs �

�rcCs�i}|j��D]n\}}||kr qtt�}d|d<dd�|��D�}|sbd}tj|�|j�|jd��|��|d<t	|d�||<q|S)	Nr�r0cSs"h|]\}}|�d�r|d�qS)r�r�)rorZpkg_bin_infor8r8r9�	<setcomp>�s
�z1get_affected_packages_from_usn.<locals>.<setcomp>zC{} metadata defines no pocket information for any release packages.r�r�r�)
r�r�rr?rr�ryr��popr�)r�r�rr�Zpkg_infor�Zall_pocketsr5r8r8r9r{s&��
�r)r�r�rQcCs |jrt|j|�St||�SdS)z�Walk CVEs related to a USN and return a dict of all affected packages.

    :return: Dict keyed on source package name, with active CVEPackageStatus
        for the current Ubuntu release.
    N)r�rrr�r8r8r9� get_usn_affected_packages_status�sr)rwr�rQcCs8i}|j��D]$\}}|jdkr"q||kr|||<q|S)z�Get a dict of any CVEPackageStatuses affecting this Ubuntu release.

    :return: Dict of active CVEPackageStatus keyed by source package names.
    rA)r�r�r0)rwr�Zaffected_pkg_versionsr,Zpackage_statusr8r8r9r��s

r�)r�r�cCs�t|�}|dkrDttjjddd�d�tdtjj|dd��d	S|d
krRd}nd}tjj||d�dd
�t|����}tt	j
|tddd��d	S)a	Print header strings describing affected packages related to a CVE/USN.

    :param issue_id: String of USN or CVE issue id.
    :param affected_pkg_status: Dict keyed on source package name, with active
        CVEPackageStatus for the current Ubuntu release.
    rZNozs are)�count�
plural_str�.r���r�rNrBz isz: �, �    F)�width�subsequent_indentZreplace_whitespace)�lenr�rZSECURITY_AFFECTED_PKGSry�SECURITY_ISSUE_UNAFFECTEDr�r��keys�textwrap�fillr)r�r�rrr5r8r8r9�print_affected_packages_header�sN	������������r!)r��usn_src_released_pkgsrQcCsft�|�}|rb|�d�rbd|jd<|dd|jd<|��D]$\}}|�d�}|r<||jd<qbq<|S)a�Parse release status based on both pkg_status and USN.release_packages.

    Since some source packages in universe are not represented in
    CVEPackageStatus, rely on presence of such source packages in
    usn_src_released_pkgs to represent package as a "released" status.

    :param pkg_status: the CVEPackageStatus for this source package.
    :param usn_src_released_pkgs: The USN.release_packages representing only
       this source package. Normally, release_packages would have data on
       multiple source packages.

    :return: Tuple of:
        human-readable status message, boolean whether released,
        boolean whether the fix requires access to UA
    r�r�r0rhr�r�)�copy�deepcopyrTrnr�)r�r"�usn_pkg_statusr�Zusn_released_pkgr�r8r8r9�#override_usn_release_package_status�s

��


r&cCsdi}t|���D]N\}}|�|i�}t||�}|j�dd�}||krLg||<||�||f�q|S)Nr�r�)r�r�rTr&r0�replacer�)r�r�Z
status_groupsr�r��usn_released_srcr%Zstatus_groupr8r8r9�group_by_usn_package_statuss�r))�pkg_status_list�	pkg_index�num_pkgsrQcCs�|sdSg}g}|D],\}}|d7}|�d�||��|�|�qtjd�dd�|�dd�t|���tdd	�}d
�||j�S)z;Format the packages and status to an user friendly message.rrBz{}/{}z{} {}:�(r�)r�rrz{}
{})r�ryrr r�r�rr�)r*r+r,Z	msg_indexZsrc_pkgsr�r�Z
msg_headerr8r8r9�_format_packages_messages"��r0)r�rScCs:d}|tkrd}n|tkrd}t||d�}|r6||�SdS)Nzno-service-neededr�r�)rSr�)r�r�r)r�rSZservice_to_checkZent_clsr8r8r9�_get_service_for_pocket0sr1)r�rSrQcCs4t||�}|r0|��\}}|tjkr(dS|jSdS)zBCheck if the pocket where the fix is at belongs to a beta service.F)r1�user_facing_statusr�ACTIVEZ
valid_service)r�rS�ent�
ent_statusrr8r8r9r
;s

r
r�r0r�rcCs�|tjkr&tt�tjj||d���nf|tjkrLtt�tj	j||d���n@|tj
krrtt�tjj||d���ntt�tjj||d���dS)Nr)r2rHr�rZhandle_unicode_charactersrZSECURITY_ISSUE_RESOLVEDryrIrrKZSECURITY_ISSUE_NOT_RESOLVEDr6r8r8r9rKsF
���
���
������r)rS�src_pocket_pkgs�binary_pocket_pkgsr+r,r�rQcsvd}d}g}t�}	|�rftttfD�]@}
||
}||
}tjj|
d��|�r0t|||d�}
|
r|t|
�|sxttj	�q"nd}g}t
|�D]t}|
tk}tj|j
|d�}|r�t�|j|d�r�|�|j
�q�tjj|j
|jd�j}td|�|�t|j|d	��q�|t|�7}t|||
|d
�}||jM}|j�p.d�|�sP|��fdd
�|D��q"|	�dd�|D��q"t|||	|d�S)a%Handle the packages that could be fixed and have a released status.

    :returns: Tuple of
        boolean whether all packages were successfully upgraded,
        list of strings containing the packages that were not upgraded,
        boolean whether all packages were already installed
    T��service�r*r+r,F)�check_esm_cacher�)rdrhr�r$r%)rS�upgrade_pkgsr�r�rcsg|]\}}t|�d��qS�r=�r#�ror�r�Zfailure_msgr8r9rp�s
��z2_handle_released_package_fixes.<locals>.<listcomp>css|]}|jVqdSr6)r-)ror-r8r8r9r��sz1_handle_released_package_fixes.<locals>.<genexpr>)r'r(r)r*)�setr�r�r�r�SECURITY_UA_SERVICE_REQUIREDryr0r�ZSECURITY_UPDATE_INSTALLEDr�rZget_pkg_candidate_versionr-r�r.r�ZFIX_CANNOT_INSTALL_PACKAGEr5r#r,r�upgrade_packages_and_attachr0r1�extendrUr&)rSr7r8r+r,r�r*Zupgrade_statusr(r)r�Z
pkg_src_groupZbinary_pkgsr5r>r-r<Zcandidate_versionr%Zupgrade_resultr8rBr9�_handle_released_package_fixesps��
��
�������

��

�
�rG)r(rQcCsZtdd�|D��}t|�}tjtjj||dkr2dnd|dkr@dndd�|�d	�jt	d
d�S)z�Format the list of unfixed packages into an message.

    :returns: A string containing the message output for the unfixed
              packages.
    cSsh|]
}|j�qSr8)r$)ror$r8r8r9r�sz/_format_unfixed_packages_msg.<locals>.<setcomp>rB�srZare�isr)r,rHZverbZpkgsrr/)
r�rrr rZSECURITY_PKG_STILL_AFFECTEDryr�r5r)r(Zsorted_pkgsZnum_pkgs_unfixedr8r8r9�_format_unfixed_packages_msg�s��rJ)rSr�r�r�r�r�rQc
st|�}t||�|dkr(ttjdd�Stt�}tt�}d}	t||�}
g}t|
�	��D]�\}}
|dkr�tj
}tt|
|	|d��|	t|
�7}	|
ddj
�|�fdd�|
D�7}qV|
D]�\}}||j�||f�||�	�D]Z\}}|�|i�}||kr�q�|�|i��d	d
�}t�||d�s�||j�t|||d��q�q�qVt||||	||d
�}||j7}t�|�rrtt|��|j�r�|j�r�|�r�tjntj
}n\tj|jd��r�tjjdd�}t|�t j!t"j#dd�|�r�tjntj$}n|�r�tjntj
}ntj}t%||�t||d�S)aProcess security CVE dict returning a CVEStatus object.

    Since CVEs point to a USN if active, get_notice may be called to fill in
    CVE title details.

    :returns: An FixStatus enum value corresponding to the system state
              after processing the affected packages
    rN)r0r(r�r;rBcsg|]\}}t|�d��qSr?r@rA�Z
status_msgr8r9rps�z0prompt_for_affected_packages.<locals>.<listcomp>rhrr�)r,r-r.)rSr7r8r+r,r�)r)rr)&rr!rMr2rIrr�r)r�r�rHr�r0r�r�r�rTrr�r+rGr(rJr'r*rJrZ
should_rebootr)rrryr�addr ZENABLE_REBOOT_REQUIREDrKr)rSr�r�r�r�r�rr7r8r+Zpkg_status_groupsr(Zstatus_valueZpkg_status_groupZ
fix_resultr�r�r-rhr(r.Zreleased_pkgs_install_resultZ
reboot_msgr8rKr9r��s�
�����

��
��
�	
�
�����
�
�
�
�r�cCs0t�\}}|tkr,ttjjt�|�|d��dS)z:Alert the user when running Pro on cloud with PRO support.)r�ZcloudN)rrr�rZSECURITY_USE_PRO_TMPLryrrT)Z
cloud_typerr8r8r9�*_inform_ubuntu_pro_existence_if_applicableus
��rM)rS�tokenrQc
Cs�ddl}ddlm}ttdd|gg��z$|�|j|dddd�|�}|dkWStjk
r�}zt|j	�WY�d	Sd}~XYnXdS)
ztAttach to an Ubuntu Pro subscription with a given token.

    :return: True if attach performed without errors.
    rN��cli�proZattachTrP)rNZauto_enableryZ
attach_configF)
�argparse�uaclientrPr�r"Z
action_attach�	Namespacerrr5)rSrNrRrPZret_code�errr8r8r9�_run_ua_attach�s"��

rVr	c
Cs�ttj�t|d�}tdtjj|jd��t|jd�}zt	||d�}WnJt
jk
r�}z*ttj�t
|jd�}t||d�|�W5d}~XYnXtdtj�t||j�S)Nr	r�)�	user_code)Zmagic_token)ZoptionsrS)r�rZCLI_MAGIC_ATTACH_INITrZCLI_MAGIC_ATTACH_SIGN_INryrWrrNrrZMagicAttachTokenErrorZCLI_MAGIC_ATTACH_FAILEDrrZCLI_MAGIC_ATTACH_PROCESSINGrVZcontract_token)rSZ
initiate_respZwait_optionsZ	wait_resprZrevoke_optionsr8r8r9�_perform_magic_attach�s*

���
�rX)rSrQcCsjt�ttj�tjtjdddgd�}|dkr2dS|dkrBt|�S|dkrfttj�t	d�}t
||�SdS)zZPrompt for attach to a subscription or token.

    :return: True if attach performed.
    rH�a�c�Z
valid_choicesF�> T)rMr�rZ*SECURITY_UPDATE_NOT_INSTALLED_SUBSCRIPTIONr�prompt_choicesZSECURITY_FIX_ATTACH_PROMPTrXZPROMPT_ENTER_TOKEN�inputrV)rS�choicerNr8r8r9�_prompt_for_attach�s
�

r`)rSr:rQcCs�ddl}ddlm}ttjj|d��tjd�|�ddgd�}|dkr�tt	d	d
|gg��t
d|�|j|gddd
dd�|�k�SdS)zMPrompt for enable a pro service.

    :return: True if enable performed.
    rNrOr9zChoose: [E]nable {} [C]ancelrrZr[rQ�enableTFrP)r:�
assume_yesZbetaryZaccess_only)
rRrSrPr�rZSECURITY_SERVICE_DISABLEDryrr]r"r�Z
action_enablerT)rSr:rRrPr_r8r8r9�_prompt_for_enable�s0�����rc)rSr�rQcCs|rtdtj�dSt|�S)z<Verify if machine is attached to an Ubuntu Pro subscription.r�T)r�rZ SECURITY_DRY_RUN_UA_NOT_ATTACHEDr`)rSr�r8r8r9�_check_attached�srd)r�rSr�rQcCs�t||�}|r�|��\}}|tjkr(dS|��\}}|tjkr�|r^tdtj	j
|jd��dSt||j�rndSttj
j
|jd��nttjj
|jd��dS)zQ
    Verify if the Ubuntu Pro subscription has the required service enabled.
    Tr�r9F)r1r2rr3�applicability_statusrZ
APPLICABLEr�rZ'SECURITY_DRY_RUN_UA_SERVICE_NOT_ENABLEDryr�rcZSECURITY_UA_SERVICE_NOT_ENABLEDZ SECURITY_UA_SERVICE_NOT_ENTITLED)r�rSr�r4r5rrer8r8r9�(_check_subscription_for_required_service�s:


�������rfcCs�ddl}ddlm}t�ttj�tjd�	t
�ddgd�}|dkr�ttj�td�}tt
d	d
gg��|�|jddd
�|�t||�SdS)zdPrompt for attach a new subscription token to the user.

    :return: True if attach performed.
    rNrOz2Choose: [R]enew your subscription (at {}) [C]ancel�rrZr[r\rQ�detachTrP)rbryF)rRrSrPrMr�rZ%SECURITY_UPDATE_NOT_INSTALLED_EXPIREDrr]ryrZPROMPT_EXPIRED_ENTER_TOKENr^r"Z
action_detachrTrV)rSrRrPr_rNr8r8r9�_prompt_for_new_tokens(
��
�
ri)�status_cacherSr�rQcCsV|�dd�}|sdS|�d�}|dks6|t�|j�krR|rHttj�dSt|�SdS)zuCheck if the Ubuntu Pro subscription is expired.

    :returns: True if subscription is expired and not renewed.
    �attachedFZexpiresN)rTrZnowZtzinfor�rZ(SECURITY_DRY_RUN_UA_EXPIRED_SUBSCRIPTIONri)rjrSr�rkZcontract_expiry_datetimer8r8r9�_check_subscription_is_expired;s

��

rl)rSr>r�r�rQc
Csx|stddd�St��s6|s6tj}t|�td|d�S|tkr�|�d�pJi}|�dd�szt	||�s�tdtj
j|d�d�Sn$t|||d�r�tdtj
j|d�d�St|||�s�tdtjj|d�d�Sttd	d
dgd	dd
dgt|�g��|�slz*t��tjddd
dg|ddid�WnRtk
�rj}z2t|dt|��}t|���tdtjd�WY�Sd}~XYnXtddd�S)aUpgrade available packages to fix a CVE.

    Upgrade all packages in upgrades_packages and, if necessary,
    prompt regarding system attach prior to upgrading Ubuntu Pro packages.

    :return: True if package upgrade completed or unneeded, False otherwise.
    TN)r0r1Fzstatus-cacherkr9)rjrSr�rrUz&&�installz--only-upgradez-yzapt-getZDEBIAN_FRONTENDZnoninteractive)�cmdZoverride_env_varsr5)r/rZwe_are_currently_rootrZSECURITY_APT_NON_ROOTr�r�Z
read_cacherTrdrDryrlZ$SECURITY_UA_SERVICE_WITH_EXPIRED_SUBrfZ%SECURITY_UA_SERVICE_NOT_ENABLED_SHORTr"r�rZrun_apt_update_commandZrun_apt_command�	Exception�getattrr?�stripZSECURITY_UA_APT_FAILURE)rSr>r�r�r5rjrr8r8r9rEUsz

�������
�����

��
�rE)FF)r)jr#�enumr�r�collectionsrr�typingrrrrrr	r
rSrrr
rrrZ+uaclient.api.u.pro.attach.magic.initiate.v1rZ)uaclient.api.u.pro.attach.magic.revoke.v1rrZ'uaclient.api.u.pro.attach.magic.wait.v1rrZuaclient.clouds.identityrrrZuaclient.configrZuaclient.defaultsrrZuaclient.entitlementsrZ(uaclient.entitlements.entitlement_statusrrZuaclient.filesrZuaclient.files.noticesr Z
uaclient.httpr!Zuaclient.statusr"ZCVE_OR_USN_REGEXrqrxr�r�r�r�r�r?r#r�r&r+r/�Enumr2rMZUAServiceClientrNr�rar}r�r�r�r�r�rr
rrrr�r!r&r)r>r0r1r
rrGrJr�rMrVrXr`rcrdrfrirlrEr8r8r8r9�<module>s`$ ���	

����

��	��	EJ|
�1�
�
�r��Z
�
�
�/�#���&�l
�"	�+
��

Youez - 2016 - github.com/yon3zu
LinuXploit