Hcf{ddlZddlZddlmZddlmZmZddlmZmZm Z m Z m Z m Z ddl mZmZmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZddl m!Z!ddl"m#Z#m$Z$dd l%m&Z&dd l'm(Z(m)Z)m*Z*m+Z+m,Z,d Z-d Z.d Z/e dde0fde0fde e0fgZ1ejdGddejfZ4ejdGddejfZ5ejdGddejfZ6ejdGddejfZ7Gdde(Z8Gdde(Z9Gdde8Z:Gd d!e(Z;Gd"d#e8Z<Gd$d%e(Z=Gd&d'e8Z>Gd(d)e(Z?Gd*d+e8Z@Gd,d-e?ZAGd.d/e@ZBGd0d1e?ZCGd2d3e@ZDGd4d5e(ZEGd6d7e(ZFGd8d9eEZGGd:d;e(ZHGd<d=eEZIGd>d?e(ZJGd@dAeEZKGdBdCe(ZLGdDdEe(ZMGdFdGeMZNGdHdIe(ZOGdJdKe(ZPGdLdMZQGdNdOeQZR dodPe0dQe e0dRe e e0fdSZSdTe0dUedVe ee effdWZTdTe0dUedVe ee effdXZUdYe edZeVdVe e e0e e1ffd[ZWd\e e e0efd]ee0ee0ee0e0fffd^ee0ee0e0fffd_ZXd`ed^ee0ee0e0fffdaZYdTe0dbe&dVeOfdcZZdTe0dbe&dVePfddZ[dTe0dbe&dVeOfdeZ\dTe0dbe&dVePfdfZ]dge0fdhZ^dZeVdieVdbe&dVeVfdjZ_ddkdTe0dle0dmee0efd]ee0ee0ee0e0fffd^ee0ee0e0ffdbe&dVeOfdnZ`y)pN) defaultdict)datetimetimezone)AnyDictList NamedTupleOptionalTuple)apt exceptionsmessages)CVECVE_OR_USN_REGEXUSNBinaryPackageFixCVEPackageStatus FixStatusUASecurityClient_check_cve_fixed_by_livepatchget_affected_packages_from_usn'get_cve_affected_source_packages_statusget_related_usnsgroup_by_usn_package_status*merge_usn_released_binary_package_versions#query_installed_source_pkg_versions)_enabled_services)ContractExpiryStatus _is_attached)UAConfig) DataObjectField IntDataValueStringDataValue data_listzstandard-updates esm-infraesm-appsUnfixedPackagesource_packagebinary_packageversionceZdZdZdZdZdZy) FixStepTypeattachenablezno-opz apt-upgradeN)__name__ __module__ __qualname__ATTACHENABLENOOP APT_UPGRADEQ/usr/lib/python3/dist-packages/uaclient/api/u/pro/security/fix/_common/plan/v1.pyr-r-4s F F DKr8r-ceZdZdZdZdZy)FixPlanNoOpStatuszcve-already-fixedsystem-not-affectedzcve-fixed-by-livepatchN)r0r1r2 ALREADY_FIXED NOT_AFFECTEDFIXED_BY_LIVEPATCHr7r8r9r;r;<s'M(L1r8r;ceZdZdZdZy)FixPlanAttachReasonzexpired-contract-tokenrequired-pro-serviceN)r0r1r2EXPIRED_CONTRACTREQUIRED_PRO_SERVICEr7r8r9rArACs/1r8rAceZdZdZdZdZy)FixWarningTypezpackage-cannot-be-installedzsecurity-issue-not-fixedzfail-updating-esm-cacheN)r0r1r2PACKAGE_CANNOT_BE_INSTALLEDSECURITY_ISSUE_NOT_FIXEDFAIL_UPDATING_ESM_CACHEr7r8r9rFrFIs"?97r8rFc@eZdZedeedegZdedefdZ y) FixPlanStep operationorderc ||_||_yNrLrM)selfrLrMs r9__init__zFixPlanStep.__init__Vs" r8N r0r1r2r"r$r#fieldsstrintrRr7r8r9rKrKPs0 k?+ g|$F Sr8rKcxeZdZedeeedeeedegZdeedeedefdZ y)AptUpgradeDatabinary_packagessource_packagespocketc.||_||_||_yrOrYrZr[)rQrYrZr[s r9rRzAptUpgradeData.__init__bs /. r8N r0r1r2r"r%r$rTrrUrRr7r8r9rXrX[s^ ?!;< ?!;< h(F c c   r8rXc\eZdZedeedeedegZdedeffd Z xZ S)FixPlanAptUpgradeSteprLdatarMcft|tjj|||_yNrP)superrRr-r6valuerarQrarM __class__s r9rRzFixPlanAptUpgradeStep.__init__us( ;#:#:#@#@N r8) r0r1r2r"r$rXr#rTrVrR __classcell__rgs@r9r`r`ns@ k?+ fn% g|$F sr8r`cfeZdZedeedeedeegZdedeedefdZ y) AttachDatareasonrequired_servicerZc.||_||_||_yrOrlrZrm)rQrlrZrms r9rRzAttachData.__init__s . 0r8N r0r1r2r"r$r%rTrUrrRr7r8r9rkrkzsO h(  /2 ?!;<F 11/3Cy1LO1r8rkc\eZdZedeedeedegZdedeffd Z xZ S)FixPlanAttachSteprLrarMcft|tjj|||_yrc)rdrRr-r3rerarfs r9rRzFixPlanAttachStep.__init__( ;#5#5#;#;5I r8) r0r1r2r"r$rkr#rTrVrRrhris@r9rrrr@ k?+ fj! g|$F  3r8rrcReZdZedeedeegZdedeefdZ y) EnableDataservicerZc ||_||_yrOrxrZ)rQrxrZs r9rRzEnableData.__init__s .r8Nrpr7r8r9rwrws: i) ?!;<F /3/c/r8rwc\eZdZedeedeedegZdedeffd Z xZ S)FixPlanEnableSteprLrarMcft|tjj|||_yrc)rdrRr-r4rerarfs r9rRzFixPlanEnableStep.__init__rtr8) r0r1r2r"r$rwr#rTrVrRrhris@r9r|r|rur8r|c,eZdZedegZdefdZy)NoOpDatastatusc||_yrOr)rQrs r9rRzNoOpData.__init__s  r8Nr0r1r2r"r$rTrUrRr7r8r9rrs h(F#r8rc\eZdZedeedeedegZdedeffd Z xZ S)FixPlanNoOpSteprLrarMcft|tjj|||_yrc)rdrRr-r5rerarfs r9rRzFixPlanNoOpStep.__init__s( ;#3#3#9#9G r8) r0r1r2r"r$rr#rTrVrRrhris@r9rrs@ k?+ fh g|$F r8rcLeZdZedeedegZdedeffd ZxZS)NoOpLivepatchFixDatar patch_versionc4t||||_yNr)rdrRr)rQrrrgs r9rRzNoOpLivepatchFixData.__init__s '*r8) r0r1r2r"r$rTrUrRrhris@r9rrs6 h( o/F +#+c++r8rc\eZdZedeedeedegZdedeffd Z xZ S)FixPlanNoOpLivepatchFixSteprLrarMc(t|||yN)rarMrdrRrfs r9rRz$FixPlanNoOpLivepatchFixStep.__init__ d%0r8) r0r1r2r"r$rr#rTrVrRrhris@r9rrB k?+ f*+ g|$F 1 41S11r8rcreZdZedeedeeedegZdedeedeffd Z xZ S)NoOpAlreadyFixedDatarrZr[cBt||||_||_yr)rdrRrZr[)rQrrZr[rgs r9rRzNoOpAlreadyFixedData.__init__s$ '. r8) r0r1r2r"r$r%rTrUrrRrhris@r9rrsT h( ?!;< h(F /3CyBEr8rc\eZdZedeedeedegZdede ffd Z xZ S)FixPlanNoOpAlreadyFixedSteprLrarMc(t|||yrrrfs r9rRz$FixPlanNoOpAlreadyFixedStep.__init__rr8) r0r1r2r"r$rr#rTrrVrRrhris@r9rrrr8rc@eZdZedeedegZdedefdZ y)FixPlanWarning warning_typerMc ||_||_yrOrrM)rQrrMs r9rRzFixPlanWarning.__init__s( r8NrSr7r8r9rrs0 no. g|$F Cr8rcReZdZedeeedegZdeedefdZ y)SecurityIssueNotFixedDatarZrc ||_||_yrOrZr)rQrZrs r9rRz"SecurityIssueNotFixedData.__init__s. r8Nr^r7r8r9rrs: ?!;< h(F 49cr8rc\eZdZedeedeedegZdedeffd Z xZ S)#FixPlanWarningSecurityIssueNotFixedrrMracft|tjj|||_yNr)rdrRrFrHrerarQrMrargs r9rRz,FixPlanWarningSecurityIssueNotFixed.__init__s0 '@@FF   r8) r0r1r2r"r$r#rrTrVrRrhris@r9rrsB no. g|$ f/0F ,Er8rc eZdZedeedeedeedeeedegZdededededeef dZ y)PackageCannotBeInstalledDatar*binary_package_versionr)related_source_packagesr[cJ||_||_||_||_||_yrO)r)r*rr[r)rQr*rr)r[rs r9rRz%PackageCannotBeInstalledData.__init__s+-,&<# '>$r8Nrpr7r8r9rrs 0 &8 0 '?)CD h( F ? ?!$ ?  ?  ?"&c ?r8rc\eZdZedeedeedegZdede ffd Z xZ S)&FixPlanWarningPackageCannotBeInstalledrrMracft|tjj|||_yr)rdrRrFrGrerars r9rRz/FixPlanWarningPackageCannotBeInstalled.__init__6s0 'CCII   r8) r0r1r2r"r$r#rrTrVrrRrhris@r9rr/sB no. g|$ f/0F ,Hr8rc@eZdZedeedegZdedefdZy)FailUpdatingESMCacheDatatitlecodec ||_||_yrOrr)rQrrs r9rRz!FailUpdatingESMCacheData.__init__Ds  r8Nrr7r8r9rr>s0 g' fo&F Cr8rc\eZdZedeedeedegZdedeffd Z xZ S)"FixPlanWarningFailUpdatingESMCacherrMracft|tjj|||_yr)rdrRrFrIrerars r9rRz+FixPlanWarningFailUpdatingESMCache.__init__Ps0 '??EE   r8) r0r1r2r"r$r#rrTrVrRrhris@r9rrIsB no. g|$ f./F ,Dr8rcJeZdZedeededgZdedeefdZy) FixPlanErrormsgrFrequiredc ||_||_yrOrr)rQrrs r9rRzFixPlanError.__init__^s r8N) r0r1r2r"r$rTrUr rRr7r8r9rrXs6 e_% fo6F s(3-r8rc eZdZy)AdditionalDataN)r0r1r2r7r8r9rrcsr8rcdeZdZedeeedeegZdeedeefdZ y)USNAdditionalDataassociated_cvesassociated_launchpad_bugsc ||_||_yrOrr)rQrrs r9rRzUSNAdditionalData.__init__ns /)B&r8Nr^r7r8r9rrgsO ?!;< )9_+EFF CcC$(9 Cr8rceZdZedeedededeedeededeeedeeded eded e dgZ d d d de de de ede ed e ed e de e de e e fd Zy ) FixPlanResultr descriptionFrexpected_statusaffected_packagesplanwarningserroradditional_dataN)rrct||_||_||_||_||_||_||_||_yrOrrrrrrrr) rQrrrrrrrrs r9rRzFixPlanResult.__init__s@ &.!2    .r8)r0r1r2r"r$r%rKrrrrTrUrr rRr7r8r9rrxs g' m_u= 1 !9_#=N fi ,- j)N3eD g|e4 %@ F(&*15// / ; / ~& / %/(/c]/$DI./r8rcVeZdZedeedeedgZdedeefdZy)FixPlanUSNResulttarget_usn_planrelated_usns_planFrc ||_||_yrOrr)rQrrs r9rRzFixPlanUSNResult.__init__s /!2r8N) r0r1r2r"rr%rTrrRr7r8r9rrsD / !9]#;eLF 3'3 . 3r8rc eZdZ ddedeedeeefdZdedeee ffdZ d e deee ffd Z d ed eefd Z deee ffdZdefdZedZy)FixPlanNrrrcd|_||_||_||_g|_g|_d|_t|_y)N) rMrrr fix_steps fix_warningsrrr)rQrrrs r9rRzFixPlan.__init__sC   &!2 -/r8rLracd}|tjk(r,t|jtj |}n|tj k(r+t|jtj |}n|tjk(rd|vr+t|jtj |}nd|vr+t|jtj |}nUt|jtj |}n*t!|jt"j |}|j$j'||xjdz c_y)NrMrarrZr)r-r3rrrMrk from_dictr4r|rwr5rrrrrrr`rXrappend)rQrLrafix_steps r9 register_stepzFixPlan.register_steps$   ** *(jjz';';D'AH+,, ,(jjz';';D'AH+** *$&6**+?+I+I$+O#d*6**+?+I+I$+O+**8+=+=d+C-jj~'?'?'EH h' a r8rcd}|tjk(r+t|jtj |}nh|tj k(r+t|jtj |}n*t|jtj |}|jj||xjdz c_y)Nrr) rFrHrrMrrrGrrrrrr)rQrra fix_warnings r9register_warningzFixPlan.register_warnings >BB B=jj.88>K^GG G@jj1;;DAK =jj-77=K   - a r8 error_msg error_codec(t|||_y)Nr)rr)rQrrs r9register_errorzFixPlan.register_errors!ijA r8rc$tdi||_yNr7)rrrQrs r9register_additional_dataz FixPlan.register_additional_datas-@@r8returnc|jryt|jdk(r\t|jdtr?|jdj j dk(rttjS|jrttjSttjS)Nrrrr<) rlenr isinstancerrarrUrSYSTEM_NOT_AFFECTEDrSYSTEM_STILL_VULNERABLESYSTEM_NON_VULNERABLErQs r9 _get_statuszFixPlan._get_statuss ::  1 $4>>!,o>q!&&--1FFy445 5   y889 9y667 7r8c t|j|j|j|j|j |j |j|jS)Nr) rrrrrrrrrrs r9fix_planzFixPlan.fix_plan sT**(( ,,."44&&** 00  r8rO)r0r1r2rUr rrRr-rrrrFrrrrpropertyrr7r8r9rrs 26 0 0c] 0$DI. 0##38n#J*26sCx.0BB#BAS#XA 8S 8    r8rc"eZdZdeeeffdZy) USNFixPlanrc$tdi||_yr)rrrs r9rz#USNFixPlan.register_additional_datas0C?Cr8N)r0r1r2rrUrrr7r8r9rrsDS#XDr8rrrrcb|rd|jvrt|||St|||S)Ncverrr)lowerrrrs r9 get_fix_planrsB EU[[]*#/  + r8issue_idclientrc |j|}|j|}||fS#tj$r,}|jdk(rtj ||d}~wwxYw)N)cve_id)detailsr)get_cve get_noticesr SecurityAPIErrorrSecurityIssueNotFound)rrrusnses r9 _get_cve_datar2sonnHn-!!(!3 9  & & 66S=22HE Es$*A)'A$$A)c |j|}t||}|j dstjd|d||fS#tj$r,}|jdk(rtj ||d}~wwxYw)N) notice_idrr release_packagesz+metadata defines no fixed package versions.)rissue extra_info) get_noticerr r rr responseSecurityAPIMetadataError)rrusnrrs r9 _get_usn_datarAs(3V, <<* +11C  9  & & 66S=22HE EsA B 'BB  binary_pkgscheck_esm_cacheclg}g}t|D]}tj|j|}|r?tj|j |dkr|j |je|j t|j|j|j ||fS)N)rr)r)r*r+) sortedr get_pkg_candidate_version binary_pkgversion_compare fixed_versionrr( source_pkg)rr upgrade_pkgs unfixed_pkgsr!candidate_versions r9_get_upgradable_pkgsr(XsLL[) 99  ! !?  ##((*;    5 5 6   #-#8#8#-#8#8&44 *  %%r8pkg_status_groupusn_released_pkgsinstalled_pkgsc tt}tt}|D]\}}||jj||f||j D]\}}|j |i} || vr| j |ij dd} t j| |dkDsY||jjt||| ||fS)Nr+rr)r$r!r#) rlist pocket_sourceritemsgetr r"r) r)r*r+binary_pocket_pkgssrc_pocket_pkgssrc_pkg pkg_statusr!r+usn_released_srcr#s r9,_get_upgradable_package_candidates_by_pocketr6ws %T*!$'O/ 00188':9NO#1'#:#@#@#B  J044WbA !11,00R@DD2M""=':Q>":#;#;<CC$#*#-&3 & . ..r8rc|js |jS|jD]7}|jj}|D]}||vs|jccS9|jdjS)Nr)noticesrrkeysr)rr+noticeusn_pkgspkgs r9_get_cve_descriptionr=ss ;;++$**//1 $Cn$||# $$ ;;q>  r8cfgcdt|\}}|rTt|}|jtjt j j|d|jSt|}t} t||\}}t%||} t'|i} t)||} t+|| | | || S#tjtjf$rI} t|}|j| j | j"|jcYd} ~ Sd} ~ wwxYw) Nr)rrrLrar>rrrr)rinstalled_packages beta_pockets)rissue_descriptionaffected_pkg_statusr*r+r>)rrrr-r5r;r?rerrrrr r r rrmsg_coderrr=_generate_fix_plan) rr>livepatch_cve_statusrrrr+rrrrIr*cve_descriptions r9 _fix_plan_cverNs8*G+'-h/!&&+>>DD!.     # &F8:N!!8FC TB NC 2+3?O )/+%   ! ((## ! h/!%%AJJG   !s<C#D/&>D*$D/*D/c Rt|}t} t||\}}t||}t|gi} |jsgn |j|jsgn |jd} t!||j"|| ||| } g} |D]}t||}t|gi} |jsgn |j|jsgn |jd} | j%t!|j&|j"|| ||| t| | S#tjtj f$rT}t |}|j|j|jt|jgcYd}~Sd}~wwxYw) NrBrCr@rDr)rrErFr)rrHrIr*r+r>r)rrrr r r rrrrJrrrrcves_ids referencesrKrrid) rr>rr+r related_usnsrrrIr*rrrs r9 _fix_plan_usnrTs # &F8:N  )8FK\9 NC B&)\\2s||nnB#..O)))/+% 'O < G E *-r3<<..cnn    "%))$7"3- /   4 '+ y ((##    h/!%%AJJG$--    sD//#F&A F!F&!F&c0|rtjt|s_t|}tj j |}|j|j|j|jS|j}t||S)Nr@r rD) rematchrrrINVALID_SECURITY_ISSUEformatrrnamerupperrNrr>rrs r9 fix_plan_cver]sv 288$4h?h/--44h4G#''chhG   ~~H 3 ''r8cF|rtjt|sjt|}tj j |}|j|j|jt|jgS|j}t||S)Nr@r rDr)rVrWrrrrXrYrrrZrrr[rTr\s r9 fix_plan_usnr_)s 288$4h?h/--44h4G#''chhG$--   ~~H 3 ''r8r[c|tjk(rtS|tjk(rtS|tj k(rt S|SrO)r'SECURITY_UBUNTU_STANDARD_UPDATES_POCKETSTANDARD_UPDATES_POCKETSECURITY_UA_INFRA_POCKETESM_INFRA_POCKETSECURITY_UA_APPS_POCKETESM_APPS_POCKET)r[s r9get_pocket_short_namerg7sC AAA&& 844 4 833 3 r8esm_cache_updatedc|rf|sdt|jsOtj}|yt j t j}||z }|jdkDryy)NTF) r is_attachedr get_apt_cache_datetimernowrutcdays)rrhr>last_apt_updatermtime_since_updates r9_should_update_esm_cacherrBs` !S!--446  "ll8<<(/1  ! !A % r8)rrHrIc t|}tt}d} t||t t|j } |r| j ||dk(rG| jtjdtjji| jSt||} t | jD]R\} } | dk7r8| j!t"j$| Dcgc]\}}| c}}| dCt'| ||\}}T|s | jSt(j*t(j,t(j.fD]\}||}|}|Dcgc]\}}| }}}t1|}|s@|r=| jtjtj2j||d o|t(j*k7}t5|| |r t7j8|d } tK||\}}|rL|D]G}| j!t"jL|jN|jP|jR||dI|t(j*k7r |t(j,k(rd}nd}tU|jVs&| jtjXd||dnntU|jZ}|t\j^jk7r<| jtjXt`jbj|dte|jfxsg}|r|Dcgc]}|jHc}ng} || vr$| jtjh||d| jtjj|||d_| jScc}}wcc}}w#t:$rw}t(j<j?tA|d tC| }| j!t"jD|jF|jHd Yd}~Ld}~wwxYwcc}w)NFrrrrAreleasedr)rra)rrZr[Tr)rr)r*rr)rr[r&r'rBro)rlrZrzr])6rrr-rrr9rrr-r5r;r>rerrr/rrFrHr6rrarcrergr=rrr update_esm_caches ExceptionE_UPDATING_ESM_CACHErYgetattrrUrIrrZr(rGr*r+r)rrkr3contract_statusrACTIVErArCrenabled_servicesr4r6)!rrHrIr*r+r>rcountr2rhrpkg_status_groups status_valuer)r3_r1r[ pkg_src_groupr source_pkgs pocket_namerrrr%r& unfixed_pkgservice_to_checkcontract_expiry_statusr{rxenabled_services_namess! r9rKrKXs # $E!$'O% &9&>&>&@!ABH ))/: z!&&-::@@A     3.+11B1H1H1J*K& & : %  % %+DD3C($.GQ(+  & = ! "*     88))((l  (/ (0 1>?:7Aw? ?+F3 &&).."3"A"A"G"G+6"-'  hFF F  $O5F L %%c*$(!&: & " l +  ))!/!K!K*5*D*D2=2E2E*5*D*D3>"- *   XEE E:::#. #- $00&&)00"8+6,<'*6c):)J)J&)-A-H-H-N-NN**"-"4"4&9&J&J&P&P/:+ 15FFL" $.>>'> #  '==&&)00#3+6' !--#/#.%  Kl \   C(4@. $99@@!!UCF3A ))!/!G!G!* )* t?s+9 O 4 O1OQ Q"A,QQ)NN)aenumrV collectionsrrrtypingrrrr r r uaclientr r r'uaclient.api.u.pro.security.fix._commonrrrrrrrrrrrrrr-uaclient.api.u.pro.status.enabled_services.v1r(uaclient.api.u.pro.status.is_attached.v1rruaclient.configr uaclient.data_typesr!r"r#r$r%rbrdrfrUr(uniqueEnumr-r;rArFrKrXr`rkrrrwr|rrrrrrrrrrrrrrrrrrrrrrrboolr(r6r=rNrTr]r_rgrrrKr7r8r9rs #'??.. L%- 3 3 HSM" $))   2 2 2 2$))2 2 8TYY8 8 *Z& K  1 1  //  z k +8+1/1 8 1/1Z  . ?:?2 ^ z  : Z CC"/J/D 3z 3 m m `DD"&-1 # S *&     3S > + 3S >.&&'&& 49d>* *+&>/5&6!678/Cc4S>&9!::;/d38n,-/<    d38n,-  -C-h-=-`FCFhF3CFR(3(X(-( (3 (X (2B (#  <hhhc#334 h Cc4S>&9!::; h d38n,- h hhr8