benoit@43: import utils
benoit@43:
benoit@43: from farolluz.parsers.cve import parse
benoit@43:
benoit@43: FULL_CVE = """\
benoit@43:
benoit@43:
benoit@43:
benoit@43:
benoit@43:
benoit@43:
benoit@43:
benoit@54: cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~
benoit@43:
benoit@43: CVE-2014-7088
benoit@43: 2014-10-18T21:55:17.027-04:00
benoit@43: 2014-11-14T09:07:51.650-05:00
benoit@43:
benoit@43:
benoit@43: 5.4
benoit@43: ADJACENT_NETWORK
benoit@43: MEDIUM
benoit@43: NONE
benoit@43: PARTIAL
benoit@43: PARTIAL
benoit@43: PARTIAL
benoit@43: http://nvd.nist.gov
benoit@43: 2014-11-14T09:07:51.290-05:00
benoit@43:
benoit@43:
benoit@43:
benoit@43:
benoit@43: CERT-VN
benoit@43: VU#582497
benoit@43:
benoit@43:
benoit@43: MISC
benoit@54: https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
benoit@43:
benoit@43:
benoit@43: The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
benoit@43:
benoit@43: """
benoit@43:
benoit@43: CVE_NO_CVSS = """\
benoit@43:
benoit@43: CVE-2014-9388
benoit@43: 2014-12-17T14:59:08.587-05:00
benoit@43: 2014-12-17T14:59:09.620-05:00
benoit@43:
benoit@43: CONFIRM
benoit@43: https://www.mantisbt.org/bugs/view.php?id=17878
benoit@43:
benoit@43:
benoit@43: CONFIRM
benoit@43:
benoit@43: https://www.mantisbt.org/bugs/changelog_page.php?version_id=191
benoit@43:
benoit@43:
benoit@43:
benoit@43: MLIST
benoit@43: [oss-security] 20141207 MantisBT 1.2.18 Released
benoit@43:
benoit@43:
benoit@43: bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
benoit@43:
benoit@43: """
benoit@43:
benoit@43: class testCVEParsing(utils.TestCase):
benoit@43:
benoit@43: def test_Full(self):
benoit@43: self.doc = parse(FULL_CVE)
benoit@43: self._validate()
benoit@43:
benoit@43: def test_no_CVSS(self):
benoit@43: self.doc = parse(CVE_NO_CVSS)
benoit@43: self._validate()