forked from RedHatProductSecurity/osidb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconstants.py
135 lines (123 loc) · 5.3 KB
/
constants.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
"""
Exploits constants
"""
EXPLOITS_API_VERSION = "v1"
REPORT_EXPLOIT_SOURCES = ["CISA", "Metasploit"]
FIXED_AND_UNFIXABLE_TRACKER_RESOLUTIONS = [
# This list is used to make a decision if affect with DELEGATED resolution has to be
# considered unfixed.
"ERRATA",
"CANTFIX",
"NOTABUG",
"EOL",
"CURRENTRELEASE",
"CANTFIX",
"DUPLICATE",
"UPSTREAM",
"Done",
"Fixed",
]
# The following constants are a workaround for imitating
# "Red Hat Enterprise Linux 6 ELS Inclusion List" - https://access.redhat.com/articles/4997301
# "Red Hat Enterprise Linux 7 EUS Inclusion List" - https://access.redhat.com/node/4082531
# As these lists do not include source RPM / component names needed for exploit purposes, they
# cannot be used for automatic exclusion purposes. For that reason we have to imitate use of
# these lists with explicit exclusion list.
INCLUSION_LIST_PRODUCTS = ["rhel-6", "rhel-7"]
NOT_INCLUSION_LIST_COMPONENTS = [
"webkitgtk",
"webkitgtk3",
"webkitgtk4",
"firefox",
"thunderbird",
"flash-plugin",
"php-pear",
]
# A list of completely unsupported products (no security fixes ever regardless of severity).
# It is incomplete, based on work done in https://issues.redhat.com/browse/PSINSIGHTS-480 .
# It is a good enough solution until proper component registry or another system can provide
# this type of information.
UNSUPPORTED_PRODUCTS = [
"brms-5",
"ceph-1.3", # Confirmed by mdale
"ceph-2", # Confirmed by mdale
# CEPH 3 is in ELS up to June 27, 2023
"cnv-1", # Confirmed by mdale
"devtools-eclipse",
"eap-5", # ELS2
# https://access.redhat.com/support/policy/updates/jboss_notes/
"jdg-6",
"mrg-2",
"openshift-enterprise-1",
"openshift-enterprise-2",
"openshift-enterprise-3.2", # Confirmed by mdale
"openshift-enterprise-3.3", # Confirmed by mdale
"openshift-enterprise-3.4", # Confirmed by mdale
"openshift-enterprise-3.5", # Confirmed by mdale
"openshift-enterprise-3.6", # Confirmed by mdale
"openshift-enterprise-3.7", # Confirmed by mdale
"openshift-enterprise-3.9", # Confirmed by mdale
"openshift-enterprise-3.10", # Confirmed by mdale
# OpenShift 3.11 is in Maintenance Support up to Jun 2022
"openstack-3",
"openstack-4",
"openstack-7", # Confirmed by mdale
"openstack-8", # Confirmed by mdale
"openstack-8-optools", # Confirmed by mdale
"openstack-9", # Confirmed by mdale
"openstack-9-optools", # Confirmed by mdale
"openstack-10", # Confirmed by mdale
"openstack-12", # Confirmed by mdale
# OpenStack 13 is in ELS up to June 27, 2023
"openstack-14", # Confirmed by mdale
"openstack-15", # Confirmed by mdale
"rhel-3",
"rhel-4",
"rhel-4.7.z",
"rhel-5",
"rhel-5",
"rhel-5.3.z",
"rhel-5.4.z",
"rhel-5.6.z",
"rhel-5.9.z",
"rhel-br-8", # Build process only? BUILDROOT compose?
"sam-1", # From Product Pages
"soap-5",
"springboot-1",
"wfk-2",
# JBoss Operations Network 3 is in Migration support up to Jun 2022
# Przemyslaw Roguski analysis
"openshift-hosted-osd3", # OSD3 (full name: openshift-hosted-osd3) is EOL based on
# https://access.redhat.com/articles/5254001
"openshift-hosted-osio3", # similarly to OSD3, OSIO3 (openshift-hosted-osio3)
"jbews-2", # jbews-2 is EOL in ELS2 support only
# (https://access.redhat.com/support/policy/updates/jboss_notes#p_jws)
"fsw-6", # fsw-6 is EOL in ELS2 support only
# (https://access.redhat.com/support/policy/updates/jboss_notes#p_fusesw)
"cfme-5", # cfme-5 is in Maintenance support phase 2, where is only
# technical support
# (https://access.redhat.com/support/policy/updates/cloudforms)
"cfme-5.2",
"cfme-5.3",
"rhn_satellite_5", # rhn_satellite_5 is already EOL
# (https://access.redhat.com/support/policy/updates/satellite/)
]
# Data sources:
# * Table sfm2_psmodule contains short strings and also full names of the products
# * https://access.redhat.com/product-life-cycles/update_policies
# * Product Pages
# Supported:
# qci-1 | Red Hat Quickstart Cloud Installer
# rhui-3 | Red Hat Update Infrastructure for Cloud Providers
# openshift-hosted-aro4 | Azure Red Hat Openshift | Product Pages
# openshift-4
# ossm-1 | OpenShift Service Mesh 1 | https://access.redhat.com/support/policy/updates/openshift/#ossm
# SUPPORTED (notes)
# -
# openshift-hosted-osio3 ooss Red Hat OpenShift.IO v3 openshift-hosted None None https://access.redhat.com/support/policy/updates/openshift/online/
# openshift-hosted-osd3 ooss Red Hat OpenShift Dedicated v3 openshift-hosted None None https://access.redhat.com/support/policy/updates/openshift/online/
# openshift-online-3 defer Red Hat OpenShift Online 3 (Historic) openshift-online None None https://access.redhat.com/support/policy/updates/openshift/online/
# https://docs.openshift.com/container-platform/3.10/welcome/index.html says
# "The latest supported version of version 3 is [3.11]."
# Product Pages say 3.11 is in Maintenance
# so hopefully they are all basically the same thing and any openshift 3.11 is still supported