SOFA Integration

Integration with SOFA for CVE tracking and OS version currency analysis.

SOFA Data Models

Pydantic data models used in conjunction with SOFA functionality.

CVE Info

CVE information with exploitation status.

class CVEInfo(*, cve_id: str, actively_exploited: bool)[source]

Bases: BaseModel

CVE information with exploitation status.

Parameters:

  • cve_id (str) – CVE identifier

  • actively_exploited (bool) – Whether the CVE is actively exploited

field cve_id: str [Required]

CVE identifier (e.g., CVE-2024-12345)

field actively_exploited: bool [Required]

Whether CVE is actively exploited

model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

Security Release

Details about a security release for an OS version.

class SecurityRelease(*, update_name: str, product_version: str, release_date: str, cves: dict[str, bool] = <factory>, actively_exploited_cves: list[str] = <factory>, unique_cves_count: int = 0, days_since_previous: int | None = None)[source]

Bases: BaseModel

Security release information.

Parameters:

  • update_name (str) – Name of the security update

  • product_version (str) – Product version number

  • release_date (str) – Release date in ISO format

  • cves (dict[str, bool]) – Dictionary of CVE IDs to exploitation status

  • actively_exploited_cves (list[str]) – List of actively exploited CVE IDs

  • unique_cves_count (int) – Number of unique CVEs addressed

  • days_since_previous (int | None) – Days since previous release

field update_name: str [Required]
field product_version: str [Required]
field release_date: str [Required]
field cves: dict[str, bool] [Optional]
field actively_exploited_cves: list[str] [Optional]
field unique_cves_count: int = 0
field days_since_previous: int | None = None
model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

OSVersion Information

Information about a specific macOS version family.

class OSVersionInfo(*, os_version: str, latest_version: str, latest_build: str, latest_release_date: str, security_releases: list[~jamfmcp.sofa.SecurityRelease] = <factory>, all_cves: set[str] = <factory>, actively_exploited_cves: set[str] = <factory>)[source]

Bases: BaseModel

Operating system version information.

Parameters:

  • os_version (str) – OS version name (e.g., “Sequoia 15”)

  • latest_version (str) – Latest available product version

  • latest_build (str) – Latest build number

  • latest_release_date (str) – Latest release date

  • security_releases (list[SecurityRelease]) – List of security releases for this OS version

  • all_cves (set[str]) – Set of all CVEs affecting this OS version

  • actively_exploited_cves (set[str]) – Set of actively exploited CVEs

field os_version: str [Required]
field latest_version: str [Required]
field latest_build: str [Required]
field latest_release_date: str [Required]
field security_releases: list[SecurityRelease] [Optional]
field all_cves: set[str] [Optional]
field actively_exploited_cves: set[str] [Optional]
model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

SOFA Feed

The complete SOFA feed data structure.

class SOFAFeed(*, update_hash: str, os_versions: dict[str, ~jamfmcp.sofa.OSVersionInfo] = <factory>, last_updated: ~datetime.datetime = <factory>)[source]

Bases: BaseModel

Complete SOFA feed data structure.

Parameters:

  • update_hash (str) – Feed update hash

  • os_versions (dict[str, OSVersionInfo]) – Dictionary of OS versions to their information

  • last_updated (datetime) – When the feed was last processed

field update_hash: str [Required]
field os_versions: dict[str, OSVersionInfo] [Optional]
field last_updated: datetime [Optional]
model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

Core Functions

Feed Retrieval

async get_sofa_feed() dict[str, Any][source]

Retrieve the SOFA macOS data feed from the official endpoint.

Returns:

Raw SOFA feed data as dictionary

Return type:

dict[str, Any]

Raises:

  • aiohttp.ClientError – If there’s an error fetching the feed

  • ValueError – If the response is not valid JSON

Feed Parsing

parse_sofa_feed(feed_data: dict[str, Any]) SOFAFeed[source]

Parse raw SOFA feed data into structured models.

Parameters:

feed_data (dict[str, Any]) – Raw SOFA feed data from API

Returns:

Parsed and structured SOFA feed

Return type:

SOFAFeed

Raises:

ValueError – If feed data is invalid or missing required fields

CVE Analysis

get_cves_for_version(sofa_feed: SOFAFeed, current_version: str, os_family: str = 'Tahoe 26') tuple[set[str], set[str]][source]

Get CVEs that affect a specific OS version.

Identifies which CVEs affect the current version by looking at security releases that came after the current version was released.

Parameters:

  • sofa_feed (SOFAFeed) – Parsed SOFA feed data

  • current_version (str) – Current OS version (e.g., “15.1.0”)

  • os_family (str) – OS family to check (e.g., “Sequoia 15”)

Returns:

Tuple of (all_affecting_cves, actively_exploited_cves)

Return type:

tuple[set[str], set[str]]

Raises:

ValueError – If OS family not found in feed

Version Currency

get_version_currency_info(sofa_feed: SOFAFeed, current_version: str, os_family: str = 'Tahoe 26') dict[str, Any][source]

Determine how current/behind an OS version is compared to latest.

Parameters:

  • sofa_feed (SOFAFeed) – Parsed SOFA feed data

  • current_version (str) – Current OS version (e.g., “15.1.0”)

  • os_family (str) – OS family to check (e.g., “Sequoia 15”)

Returns:

Dictionary with currency information and scoring metrics

Return type:

dict[str, Any]

Raises:

ValueError – If OS family not found in feed

Feed Conversion

The SOFA module is also responsible for data feed into Pydantic data models.

SOFA Feed Structure (example)

{
    "UpdateHash": "abc123def456",
    "OSVersions": [
        {
            "OSVersion": "Sonoma 14",
            "Latest": {
                "ProductVersion": "14.2.1",
                "Build": "23C71",
                "ReleaseDate": "2023-12-19"
            },
            "SecurityReleases": [
                {
                    "UpdateName": "macOS Sonoma 14.2.1",
                    "ProductVersion": "14.2.1",
                    "ReleaseDate": "2023-12-19",
                    "CVEs": {
                        "CVE-2023-42916": {},
                        "CVE-2023-42917": {}
                    },
                    "ActivelyExploitedCVEs": [
                        "CVE-2023-42916",
                        "CVE-2023-42917"
                    ],
                    "UniqueCVEsCount": 2,
                    "DaysSincePreviousRelease": 7
                }
            ]
        }
    ]
}

Parsed Feed

The example used above would be converted into an OSVersionInfo object:

OSVersionInfo(
    os_version="Sonoma 14",
    latest_version="14.2.1",
    latest_build="23C71",
    latest_release_date="2023-12-19",
    security_releases=[
        SecurityRelease(
            update_name="macOS Sonoma 14.2.1",
            product_version="14.2.1",
            release_date="2023-12-19",
            cves={"CVE-2023-42916": {}, "CVE-2023-42917": {}},
            actively_exploited_cves=["CVE-2023-42916", "CVE-2023-42917"],
            unique_cves_count=2,
            days_since_previous=7
        )
    ],
    all_cves={"CVE-2023-42916", "CVE-2023-42917"},
    actively_exploited_cves={"CVE-2023-42916", "CVE-2023-42917"}
)

See also