Mercurial > farol > farolluz
annotate tests/testParseCVE.py @ 49:3fd16093536e
merged
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 12:31:50 +0100 |
parents | b87f2a6e613a |
children | 6c320c3f3176 |
rev | line source |
---|---|
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
1 import utils |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
2 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
3 from farolluz.parsers.cve import parse |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
4 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
5 FULL_CVE = """\ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
6 <entry xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" id="CVE-2014-7088"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
7 <vuln:vulnerable-configuration id="http://nvd.nist.gov/"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
8 <cpe-lang:logical-test operator="OR" negate="false"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
9 <cpe-lang:fact-ref name="cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~"/> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
10 </cpe-lang:logical-test> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
11 </vuln:vulnerable-configuration> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
12 <vuln:vulnerable-software-list> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
13 <vuln:product> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
14 cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
15 </vuln:product> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
16 </vuln:vulnerable-software-list> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
17 <vuln:cve-id>CVE-2014-7088</vuln:cve-id> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
18 <vuln:published-datetime>2014-10-18T21:55:17.027-04:00</vuln:published-datetime> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
19 <vuln:last-modified-datetime>2014-11-14T09:07:51.650-05:00</vuln:last-modified-datetime> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
20 <vuln:cvss> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
21 <cvss:base_metrics> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
22 <cvss:score>5.4</cvss:score> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
23 <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
24 <cvss:access-complexity>MEDIUM</cvss:access-complexity> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
25 <cvss:authentication>NONE</cvss:authentication> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
26 <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
27 <cvss:integrity-impact>PARTIAL</cvss:integrity-impact> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
28 <cvss:availability-impact>PARTIAL</cvss:availability-impact> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
29 <cvss:source>http://nvd.nist.gov</cvss:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
30 <cvss:generated-on-datetime>2014-11-14T09:07:51.290-05:00</cvss:generated-on-datetime> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
31 </cvss:base_metrics> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
32 </vuln:cvss> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
33 <vuln:cwe id="CWE-310"/> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
34 <vuln:references reference_type="UNKNOWN" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
35 <vuln:source>CERT-VN</vuln:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
36 <vuln:reference href="http://www.kb.cert.org/vuls/id/582497" xml:lang="en">VU#582497</vuln:reference> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
37 </vuln:references> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
38 <vuln:references reference_type="UNKNOWN" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
39 <vuln:source>MISC</vuln:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
40 <vuln:reference href="https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
41 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
42 </vuln:reference> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
43 </vuln:references> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
44 <vuln:summary> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
45 The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
46 </vuln:summary> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
47 </entry>""" |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
48 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
49 CVE_NO_CVSS = """\ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
50 <entry xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" id="CVE-2014-9388"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
51 <vuln:cve-id>CVE-2014-9388</vuln:cve-id> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
52 <vuln:published-datetime>2014-12-17T14:59:08.587-05:00</vuln:published-datetime> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
53 <vuln:last-modified-datetime>2014-12-17T14:59:09.620-05:00</vuln:last-modified-datetime> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
54 <vuln:references reference_type="UNKNOWN" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
55 <vuln:source>CONFIRM</vuln:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
56 <vuln:reference href="https://www.mantisbt.org/bugs/view.php?id=17878" xml:lang="en">https://www.mantisbt.org/bugs/view.php?id=17878</vuln:reference> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
57 </vuln:references> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
58 <vuln:references reference_type="UNKNOWN" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
59 <vuln:source>CONFIRM</vuln:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
60 <vuln:reference href="https://www.mantisbt.org/bugs/changelog_page.php?version_id=191" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
61 https://www.mantisbt.org/bugs/changelog_page.php?version_id=191 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
62 </vuln:reference> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
63 </vuln:references> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
64 <vuln:references reference_type="UNKNOWN" xml:lang="en"> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
65 <vuln:source>MLIST</vuln:source> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
66 <vuln:reference href="http://seclists.org/oss-sec/2014/q4/955" xml:lang="en">[oss-security] 20141207 MantisBT 1.2.18 Released</vuln:reference> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
67 </vuln:references> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
68 <vuln:summary> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
69 bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
70 </vuln:summary> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
71 </entry>""" |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
72 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
73 class testCVEParsing(utils.TestCase): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
74 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
75 def test_Full(self): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
76 self.doc = parse(FULL_CVE) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
77 self._validate() |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
78 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
79 def test_no_CVSS(self): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
80 self.doc = parse(CVE_NO_CVSS) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
81 self._validate() |