farol/farolluz: tests/testParseCVE.py annotate

annotate tests/testParseCVE.py @ 46:1b7f3f4f1238

Add the possibility to batch-import trees

author	Benoît Allard <benoit.allard@greenbone.net>
date	Tue, 30 Dec 2014 12:28:06 +0100
parents	b87f2a6e613a
children	6c320c3f3176

rev	line source
43 b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	1 import utils
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	2
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	3 from farolluz.parsers.cve import parse
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	4
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	5 FULL_CVE = """\
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	6 <entry xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" id="CVE-2014-7088">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	7 <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	8 <cpe-lang:logical-test operator="OR" negate="false">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	9 <cpe-lang:fact-ref name="cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~"/>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	10 </cpe-lang:logical-test>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	11 </vuln:vulnerable-configuration>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	12 <vuln:vulnerable-software-list>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	13 <vuln:product>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	14 cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	15 </vuln:product>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	16 </vuln:vulnerable-software-list>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	17 <vuln:cve-id>CVE-2014-7088</vuln:cve-id>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	18 <vuln:published-datetime>2014-10-18T21:55:17.027-04:00</vuln:published-datetime>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	19 <vuln:last-modified-datetime>2014-11-14T09:07:51.650-05:00</vuln:last-modified-datetime>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	20 <vuln:cvss>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	21 <cvss:base_metrics>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	22 <cvss:score>5.4</cvss:score>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	23 <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	24 <cvss:access-complexity>MEDIUM</cvss:access-complexity>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	25 <cvss:authentication>NONE</cvss:authentication>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	26 <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	27 <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	28 <cvss:availability-impact>PARTIAL</cvss:availability-impact>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	29 <cvss:source>http://nvd.nist.gov</cvss:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	30 <cvss:generated-on-datetime>2014-11-14T09:07:51.290-05:00</cvss:generated-on-datetime>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	31 </cvss:base_metrics>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	32 </vuln:cvss>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	33 <vuln:cwe id="CWE-310"/>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	34 <vuln:references reference_type="UNKNOWN" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	35 <vuln:source>CERT-VN</vuln:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	36 <vuln:reference href="http://www.kb.cert.org/vuls/id/582497" xml:lang="en">VU#582497</vuln:reference>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	37 </vuln:references>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	38 <vuln:references reference_type="UNKNOWN" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	39 <vuln:source>MISC</vuln:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	40 <vuln:reference href="https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	41 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	42 </vuln:reference>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	43 </vuln:references>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	44 <vuln:summary>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	45 The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	46 </vuln:summary>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	47 </entry>"""
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	48
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	49 CVE_NO_CVSS = """\
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	50 <entry xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" id="CVE-2014-9388">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	51 <vuln:cve-id>CVE-2014-9388</vuln:cve-id>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	52 <vuln:published-datetime>2014-12-17T14:59:08.587-05:00</vuln:published-datetime>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	53 <vuln:last-modified-datetime>2014-12-17T14:59:09.620-05:00</vuln:last-modified-datetime>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	54 <vuln:references reference_type="UNKNOWN" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	55 <vuln:source>CONFIRM</vuln:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	56 <vuln:reference href="https://www.mantisbt.org/bugs/view.php?id=17878" xml:lang="en">https://www.mantisbt.org/bugs/view.php?id=17878</vuln:reference>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	57 </vuln:references>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	58 <vuln:references reference_type="UNKNOWN" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	59 <vuln:source>CONFIRM</vuln:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	60 <vuln:reference href="https://www.mantisbt.org/bugs/changelog_page.php?version_id=191" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	61 https://www.mantisbt.org/bugs/changelog_page.php?version_id=191
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	62 </vuln:reference>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	63 </vuln:references>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	64 <vuln:references reference_type="UNKNOWN" xml:lang="en">
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	65 <vuln:source>MLIST</vuln:source>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	66 <vuln:reference href="http://seclists.org/oss-sec/2014/q4/955" xml:lang="en">[oss-security] 20141207 MantisBT 1.2.18 Released</vuln:reference>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	67 </vuln:references>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	68 <vuln:summary>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	69 bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	70 </vuln:summary>
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	71 </entry>"""
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	72
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	73 class testCVEParsing(utils.TestCase):
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	74
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	75 def test_Full(self):
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	76 self.doc = parse(FULL_CVE)
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	77 self._validate()
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	78
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	79 def test_no_CVSS(self):
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	80 self.doc = parse(CVE_NO_CVSS)
b87f2a6e613a Add CVE parsing (from OpenVAS GSA) Benoît Allard <benoit.allard@greenbone.net> parents: diff changeset	81 self._validate()

Mercurial > farol > farolluz

annotate tests/testParseCVE.py @ 46:1b7f3f4f1238