OwlCyberSecurity - MANAGER

Edit File: vulnerability.py

"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
import logging
from collections import defaultdict
from urllib.parse import urljoin
from urllib.request import Request

from defence360agent.api.server import API, APIError
from defence360agent.internals.iaid import (
    IndependentAgentIDAPI,
    IAIDTokenError,
)

logger = logging.getLogger(__name__)

class VulnerabilityAPI(API):
    URL = urljoin(API._BASE_URL, "/api/patch/vulnerabilities")
    _STUB_VULNERABILITY_INFO = {"cveId": "", "app": "", "type": "", "name": ""}

@classmethod
    async def get_details(cls, ids: list) -> dict:
        """
        Get vulnerabilities details for specific *ids*.
        More details in DEF-32152
        """
        info = defaultdict(cls._STUB_VULNERABILITY_INFO.copy)
        if not ids:
            return info

try:
            token = await IndependentAgentIDAPI.get_token()
        except IAIDTokenError as exc:
            logger.error(
                "Can't get iaid token: %s. "
                "Return default vulnerabilities details.",
                exc,
            )
            return info

url = cls.URL + f"?ids={','.join(ids)}"
        request = Request(
            url,
            headers={"X-Auth": token, "Content-Type": "application/json"},
        )
        try:
            result = await cls.async_request(request)
        except APIError as exc:
            logger.error(
                "Failed to get vulnerabilities details: %s. "
                "Return default vulnerabilities details.",
                exc,
            )
            return info

info.update(result["vulnerabilities"])
        return info