o Hcf.s @s ddlZddlZddlmZmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZmZddlmZddlmZmZddlmZmZddlmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4dd l5m6Z6dd l5m7Z8dd l9m:Z:dd l9m7Z;dd lZ>ddl?m@Z@mAZAddlBmCZCmDZDmEZEddlFmGZGddlHmIZIddlJmKZKddlLmMZMmNZNmOZOddlPmQZQddlRmSZSddlTmUZUddlVmWZWGdddZXddZYddZZde+fdd Z[d!e-fd"d#Z\d$e]d%e^d&eGfd'd(Z_d$e]d%e^d)e^d&eGfd*d+Z` did,ee]d-e]d.ead/ead0ee]d1e]f d2d3Zbd&eGd4e]d1e^fd5d6Zcdjd7d8Zdd&eGfd9d:Zed&eGd1e^fd;d<Zfd=ee]d1e]fd>d?Zgd&eGd%e^d1e^fd@dAZhd&eGd1e^fdBdCZid&eGdDe]d1e^fdEdFZjdDe]d&eGd%e^d1e^fdGdHZk Idkd-edJe]dKe]fdLdMZldNe]fdOdPZmdQeXdRe0fdSdTZndQeXdRe1fdUdVZodQeXdRe/fdWdXZpdQeXdRe$fdYdZZqdQeXdRe%fd[d\ZrdQeXdRe&fd]d^ZsdQeXdRe*fd_d`ZtdQeXdRe(fdadbZudQeXdRe'fdcddZvd!e+d%e^d&eGd1eeeeffdedfZwdgdhZxdS)lN)DictList NamedTupleOptionalSetTupleUnion)apt exceptionsmessagessystemutil)attach_with_tokenenable_entitlement_by_name) _initiate)MagicAttachRevokeOptions_revoke)MagicAttachWaitOptions_wait)CVE_OR_USN_REGEX FixStatusUnfixedPackagestatus_message)ESM_APPS_POCKETESM_INFRA_POCKETSTANDARD_UPDATES_POCKETFixPlanAptUpgradeStepFixPlanAttachStepFixPlanEnableStepFixPlanNoOpAlreadyFixedStepFixPlanNoOpLivepatchFixStepFixPlanNoOpStatusFixPlanNoOpStep FixPlanResult FixPlanStepFixPlanUSNResultFixPlanWarning"FixPlanWarningFailUpdatingESMCache&FixPlanWarningPackageCannotBeInstalled#FixPlanWarningSecurityIssueNotFixedNoOpAlreadyFixedDataNoOpLivepatchFixDataUSNAdditionalData)CVEFixPlanOptions)_plan)USNFixPlanOptions)ContractExpiryStatus _is_attached)NAME USAGE_TMPL)CLOUD_TYPE_TO_TITLEPRO_CLOUD_URLSget_cloud_type)UAConfig)PRINT_WRAP_WIDTH)entitlement_factory)ApplicabilityStatusCanEnableFailureUserFacingStatus)notices)Notice) PRO_HOME_PAGE)colorize_commandsc@sjeZdZdededeedefddZddZ dd eed ed e efd dZ deedefddZ d S) FixContexttitledry_run affected_pkgscfgcCsJd|_g|_t|_tj|_||_||_||_ ||_ d|_ d|_ d|_ dS)NrTF) pkg_index unfixed_pkgssetinstalled_pkgsrSYSTEM_NON_VULNERABLE fix_statusrBrDrCrEshould_print_pkg_header warn_package_cannot_be_installedfixed_by_livepatch)selfrBrCrDrErP2/usr/lib/python3/dist-packages/uaclient/cli/fix.py__init__Qs zFixContext.__init__cCsR|jr'tjt|jjt|jdt|jd}tt j |t ddddSdS)N, )countpkgs F)widthsubsequent_indentreplace_whitespace) rDr SECURITY_AFFECTED_PKGS pluralizelenformatjoinsortedprinttextwrapfillr8)rOmsgrPrPrQprint_fix_headerds"zFixContext.print_fix_headerN source_pkgsstatuspocketcCs8|jrtt|||jt|j|rt|ndddSdS)N)pkg_listrfrFnum_pkgs pocket_source)rLr`_format_packages_messagerFr\rDget_pocket_description)rOrerfrgrPrPrQprint_pkg_headeruszFixContext.print_pkg_headerrUunfixed_reasoncCs"|D] }|jt||dqdS)N)pkgrn)rGappendr)rOrUrnrorPrPrQadd_unfixed_packagess  zFixContext.add_unfixed_packagesN) __name__ __module__ __qualname__strboolrr7rRrdrrmrqrPrPrPrQrAPs(  rAcCs(|jdtjd}|jtdt|dS)Nfixhelp)action) add_parserr CLI_ROOT_FIX set_defaults action_fix fix_parser) subparsers parser_fixrPrPrQr|s  r|cCs`tjtdd|_d|_tj|_tj|j _ |j dtj d|j ddtj d|j d dtjd|S) z1Build or extend an arg parser for fix subcommand.z"fix |)namecommandrxsecurity_issueryz --dry-run store_true)r{rzz --no-related)r3r]r2usageprogr CLI_FIX_DESC description CLI_FLAGS _optionalsrB add_argument CLI_FIX_ISSUECLI_FIX_DRY_RUNCLI_FIX_NO_RELATED)parserrPrPrQrs rcvecCs8dj|j|jdd|jg}td|dS)N{issue}: {description}issuerz! - https://ubuntu.com/security/{} )r]rBupperrr`r^)rlinesrPrPrQprint_cve_headers  rfix_plancCs|j}dj|j|jdg}|j}t|trK|jr5| t j |jD]}| dt j j j|dq#n|jrK| t j|jD] }| d|qAtd|dS)Nrrz - {})rz - r)target_usn_planr]rBrradditional_data isinstancer,associated_cvesrpr SECURITY_FOUND_CVESurlsSECURITY_CVE_PAGEassociated_launchpad_bugsSECURITY_FOUND_LAUNCHPAD_BUGSr`r^)r target_usnrrrlp_bugrPrPrQprint_usn_headers*      rrrCrEcCsztt|gd|d}|jjdj}|r$|jr$tjt |j pd|jdt |jjdt t |jjd||\}}|S)N)cvesoptionsrErunexpected-error named_msg)cve_planr- cves_datarerrorrcr AnonymousUbuntuProErrorr NamedMessagecoderr`execute_fix_plan)rrCrErrrf_rPrPrQfix_cves   r no_relatedcCstt|gd|d}|jjdjj}|r%|jr%tjt |j pd|jdt |jjdt dt jj|dt|jjdj||\}}|tjtjfvrO|S|jjdj}|rZ|r\|St dt jjdd d |Dd t dt ji} |D]} t d | jt| ||| | j<t qzt t jt||t jd d} |D]=} | | j\} } t| | jt jd | tjkrt dt jjddd} | tjkr| D]}|j rt d|j!|j qd} q| rt dt j"j|d|S)N)usnsrrrrr)issue_idz - css|]}|jVqdSrr)rB).0usnrPrPrQ szfix_usn..) related_usnsz- {})contextF- fix operation operationTz - {}: {})#usn_planr/ usns_datarrrrcr rr rrrr`SECURITY_FIXING_REQUESTED_USNr]rrrJSYSTEM_NOT_AFFECTEDrelated_usns_planSECURITY_RELATED_USNSr^SECURITY_FIXING_RELATED_USNSrBSECURITY_USN_SUMMARY_handle_fix_status_messageFIX_ISSUE_CONTEXT_REQUESTEDFIX_ISSUE_CONTEXT_RELATEDSYSTEM_VULNERABLE_UNTIL_REBOOTENABLE_REBOOT_REQUIRED_TMPLSYSTEM_STILL_VULNERABLErnroSECURITY_RELATED_USN_ERROR)rrCrrErrtarget_usn_statusrrrelated_usn_statusrelated_usn_planfailure_on_related_usnrfrG unfixed_pkgrPrPrQfix_usns        rrhrfrFrirjreturnc Cs|sdSg}g}|D]}|d7}|d||||q tjddd|ddt|tdd }d |t||S) z;Format the packages and status to an user friendly message.z{}/{}z{} {}:(rS)rVrWrXz{} {})rpr]rarbr^r_r8r) rhrfrFrirj msg_indexsrc_pkgssrc_pkg msg_headerrPrPrQrkGs  rktokenc Cs\ttdd|ggz t||ddWdStjy-}z t|jWYd}~dSd}~ww)ztAttach to an Ubuntu Pro subscription with a given token. :return: True if attach performed without errors. proattachT)r allow_enableNF)r`r@rr UbuntuProErrorrc)rErerrrPrPrQ_run_ua_attachcs rcCs>t\}}|tvrttjjt|t|ddSdS)z:Alert the user when running Pro on cloud with PRO support.)rBcloud_specific_urlN) r6r5keysr`r SECURITY_USE_PRO_TMPLr]r4get) cloud_typerrPrPrQ*_inform_ubuntu_pro_existence_if_applicableqs  rc Csttjt|d}tdtjj|jdt|jd}zt ||d}Wn t j yD}zttj t |jd}t||d|d}~wwtdtjt||jS)N)rEr) user_code) magic_tokenr)r`r CLI_MAGIC_ATTACH_INITrCLI_MAGIC_ATTACH_SIGN_INr]rrrrr MagicAttachTokenErrorCLI_MAGIC_ATTACH_FAILEDrrCLI_MAGIC_ATTACH_PROCESSINGrcontract_token)rE initiate_resp wait_options wait_resperevoke_optionsrPrPrQ_perform_magic_attach}s.      rcCshtttjtjtjgdd}|dkrdS|dkr t|S|dkr2ttjt d}t ||SdS) zZPrompt for attach to a subscription or token. :return: True if attach performed. )sac valid_choicesrFrr> T) rr`r *SECURITY_UPDATE_NOT_INSTALLED_SUBSCRIPTIONr prompt_choicesSECURITY_FIX_ATTACH_PROMPTrPROMPT_ENTER_TOKENinputr)rEchoicerrPrPrQ_prompt_for_attachs   rrGcCs4t|}tjtj|j|dt|dt ddS)zFormat the list of unfixed packages into an message. :returns: A string containing the message output for the unfixed packages. rS)rirUrVr) r\rarbr SECURITY_PKG_STILL_AFFECTEDr[r]r^r_r8)rGnum_pkgs_unfixedrPrPrQ_format_unfixed_packages_msgs r cCs4t|j}|r|tjjkr|rttjdSdSdS)zuCheck if the Ubuntu Pro subscription is expired. :returns: True if subscription is expired and not renewed. FT)r1contract_statusr0EXPIREDvaluer`r (SECURITY_DRY_RUN_UA_EXPIRED_SUBSCRIPTION)rErCcontract_expiry_statusrPrPrQ_check_subscription_is_expireds   rcCsddl}ddlm}tttjtjtj j t dddgd}|dkrFttj t d}ttd d gg||jd d d |t||SdS)zdPrompt for attach a new subscription token to the user. :return: True if attach performed. rN)cli)urlrrrrrdetachTr) assume_yesr]F)argparseuaclientrrr`r %SECURITY_UPDATE_NOT_INSTALLED_EXPIREDr rSECURITY_FIX_RENEW_PROMPTr]r?PROMPT_EXPIRED_ENTER_TOKENrr@ action_detach Namespacer)rErrrrrPrPrQ_prompt_for_new_tokens"     rservicecCsttjj|dtjtjj|dddgd}|dkrFttdd|ggt||dd\}}|sD|d urDt |t rD|j d urDt|j j |Sd S) zMPrompt for enable a pro service. :return: True if enable performed. rrrrrenableT)rErrNF) r`r SECURITY_SERVICE_DISABLEDr]r rSECURITY_FIX_ENABLE_PROMPTr@rrr;messagerc)rErrretreasonrPrPrQ_prompt_for_enables&    r'cCst||d}||}|rR|\}}|tjkrdS|\}}|tjkrH|r4tdtj j |j ddSt ||j r       r2rrrcCs|tjkr |rtjj||d}ntjj|d}tt|dS|tj kr@|r0tj j||d}ntj j|d}tt|dS|tj kr`|rPtj j||d}ntjj|d}tt|dS|rktj j||d}ntjj|d}tt|dS)N)rrr)rrJr %SECURITY_ISSUE_RESOLVED_ISSUE_CONTEXTr]SECURITY_ISSUE_RESOLVEDr`r handle_unicode_charactersr'SECURITY_ISSUE_UNAFFECTED_ISSUE_CONTEXTSECURITY_ISSUE_UNAFFECTEDr)SECURITY_ISSUE_NOT_RESOLVED_ISSUE_CONTEXTSECURITY_ISSUE_NOT_RESOLVED)rfrrrcrPrPrQr9s6   rrgcCs.|tkrtjS|tkrtjS|tkrtjS|Srr)rr 'SECURITY_UBUNTU_STANDARD_UPDATES_POCKETrSECURITY_UA_INFRA_POCKETrSECURITY_UA_APPS_POCKET)rgrPrPrQrl^srl fix_contextstepcCsh|j|jjd|jjdd|_tjj|jj|jj d}t d||j |jj g|dd|_ tj|_dS)NreleasedrerfrgF)packageversionrrUrnT)rmdatarelated_source_packagesrgrLr FIX_CANNOT_INSTALL_PACKAGEr]binary_packagebinary_package_versionr`rqsource_packagerMrrrK)r>r?warn_msgrPrPrQ)_execute_package_cannot_be_installed_stepis    rLcCsR|j|jj|jjd|jt|jj7_|j|jjt|jjdtj |_ dS)N)rerfrD) rmrEsource_packagesrfrFr\rqrrrrKr>r?rPrPrQ&_execute_security_issue_not_fixed_steps  rOcCs,tr ttjdStdtjddS)Nr)r we_are_currently_rootr`r CLI_FIX_FAIL_UPDATING_ESM_CACHE(CLI_FIX_FAIL_UPDATING_ESM_CACHE_NON_ROOTrNrPrPrQ%_execute_fail_updating_esm_cache_stepsrSc Csh|j|jjd|jjd|jt|jj7_|jjs)|js#tt j t j |_ dStsE|jsEtt jt j|_ |j|jjt jddSttgdgdt|jjg|jrat j |_ dSzttjgd|jjddid Wn,ty}z t|d t|}t|t j|_ |j|jj|dWYd}~dSd}~wwt j |_ d |_|j|jjdS) Nr@rArD)r updatez&&)r install--only-upgrade-y)zapt-getrUrVrWDEBIAN_FRONTENDnoninteractive)cmdoverride_env_varsrcT)rmrErMrgrFr\binary_packagesrMr`r SECURITY_UPDATE_INSTALLEDrrJrKr rPrCSECURITY_APT_NON_ROOTrrqr@r_r run_apt_update_commandrun_apt_command ExceptiongetattrrvrLrIrT)r>r?rrcrPrPrQ_execute_apt_upgrade_stepsl      rccCs|jjdkrtnt}|j|jjd|dd|_t|jj sD|j r(t dt j nHt|jsCtj|_|j|jjt jj|jjdddSn,t|j|j drp|j rUt t jnt|jsptj|_|j|jjt jj|jjdddStj|_dS) N esm-infrar@rAFrr rD)rErC)rErequired_servicerrrmrMrLr1rE is_attachedrCr`r SECURITY_DRY_RUN_UA_NOT_ATTACHEDrrrrKrqSECURITY_UA_SERVICE_REQUIREDr]rrr$SECURITY_UA_SERVICE_WITH_EXPIRED_SUBrJr>r?rgrPrPrQ_execute_attach_stepsL       rkcCst|jjdkrtnt}|j|jjd|dd|_t|jj|j|j s7|j |jjt j j |jjddtj|_dStjS)Nrdr@rAFr rD)rErrrrmrMrLr2rErCrqr %SECURITY_UA_SERVICE_NOT_ENABLED_SHORTr]rrrKrJrjrPrPrQ_execute_enable_steps0 rmcCs*|jjtjjkrttjtj |_ dSdSrr) rErfr! NOT_AFFECTEDrr`r SECURITY_NO_AFFECTED_PKGSrrrKrNrPrPrQ_execute_noop_not_affected_step)s  rpcCs4t|jtrttjj|j|jjdd|_ dSdS)N)rrCT) rrEr+r`r CVE_FIXED_BY_LIVEPATCHr]rB patch_versionrNrNrPrPrQ%_execute_noop_fixed_by_livepatch_step1s  rscCsLt|jtr$|j|jjd|jjdttj|j t |jj7_ dSdS)Nr@rA) rrEr*rmrMrgr`r r]rFr\rNrPrPrQ _execute_noop_already_fixed_step>s  rtcCsg|j|j}t|j||jpg|d}|t|dddD]t}t|tr,t ||t|t r6t ||t|t r@t ||t|trRt|||jtjkrRnCt|trdt|||jtjkrdn1t|trvt|||jtjkrvnt|trt||t|trt||t|trt||q t|jrttt t!dd|jDtj"|_|jtjkrt#j$|j%drtj&|_t'j(j)dd }t|t*j+t,j-dd |j.st/|j|j|j|jfS) N)rBrCrDrEcSs|jSrr)order)xrPrPrQ[sz"execute_fix_plan..)keycSsg|]}|jqSrP)ro)rrrPrPrQ sz$execute_fix_plan..)rIrr)0planwarningsrArBaffected_packagesrdr_rr(rLr)rOr'rSrrcrKrrJrrkrrmr"rpr rsrrtr`rGr listrHrr should_rebootrIrr rr]r=addr>ENABLE_REBOOT_REQUIREDrNr)rrCrE full_planr>r? reboot_msgrPrPrQrKs                        rcKsjtt|jstj|jd|jrttj d|j vr(t |j|j|}|jSt |j|j|j |}|jS)Nr3r)rematchrrr InvalidSecurityIssueIdFormatrCr`r SECURITY_DRY_RUN_WARNINGlowerrrr exit_code)argsrEkwargsrfrPrPrQrs rrr)rN)r)yrratypingrrrrrrrrr r r r r uaclient.actionsrr+uaclient.api.u.pro.attach.magic.initiate.v1r)uaclient.api.u.pro.attach.magic.revoke.v1rr'uaclient.api.u.pro.attach.magic.wait.v1rr'uaclient.api.u.pro.security.fix._commonrrrr/uaclient.api.u.pro.security.fix._common.plan.v1rrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,+uaclient.api.u.pro.security.fix.cve.plan.v1r-r.r+uaclient.api.u.pro.security.fix.usn.plan.v1r/r(uaclient.api.u.pro.status.is_attached.v1r0r1uaclient.cli.constantsr2r3uaclient.clouds.identityr4r5r6uaclient.configr7uaclient.defaultsr8uaclient.entitlementsr9(uaclient.entitlements.entitlement_statusr:r;r<uaclient.filesr=uaclient.files.noticesr>uaclient.messages.urlsr?uaclient.statusr@rAr|rrrrvrwrrintrkrrrrr rrr'r2rrlrLrOrSrcrkrmrprsrtrrrPrPrPrQs$  X           ?  l    - %      > / !      R