benoit@43: import utils benoit@43: benoit@43: from farolluz.parsers.cve import parse benoit@43: benoit@43: FULL_CVE = """\ benoit@43: benoit@43: benoit@43: benoit@43: benoit@43: benoit@43: benoit@43: benoit@54: cpe:/a:jdm_lifestyle_project:jdm_lifestyle:6.4::~~~android~~ benoit@43: benoit@43: CVE-2014-7088 benoit@43: 2014-10-18T21:55:17.027-04:00 benoit@43: 2014-11-14T09:07:51.650-05:00 benoit@43: benoit@43: benoit@43: 5.4 benoit@43: ADJACENT_NETWORK benoit@43: MEDIUM benoit@43: NONE benoit@43: PARTIAL benoit@43: PARTIAL benoit@43: PARTIAL benoit@43: http://nvd.nist.gov benoit@43: 2014-11-14T09:07:51.290-05:00 benoit@43: benoit@43: benoit@43: benoit@43: benoit@43: CERT-VN benoit@43: VU#582497 benoit@43: benoit@43: benoit@43: MISC benoit@54: https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing benoit@43: benoit@43: benoit@43: The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. benoit@43: benoit@43: """ benoit@43: benoit@43: CVE_NO_CVSS = """\ benoit@43: benoit@43: CVE-2014-9388 benoit@43: 2014-12-17T14:59:08.587-05:00 benoit@43: 2014-12-17T14:59:09.620-05:00 benoit@43: benoit@43: CONFIRM benoit@43: https://www.mantisbt.org/bugs/view.php?id=17878 benoit@43: benoit@43: benoit@43: CONFIRM benoit@43: benoit@43: https://www.mantisbt.org/bugs/changelog_page.php?version_id=191 benoit@43: benoit@43: benoit@43: benoit@43: MLIST benoit@43: [oss-security] 20141207 MantisBT 1.2.18 Released benoit@43: benoit@43: benoit@43: bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. benoit@43: benoit@43: """ benoit@43: benoit@43: class testCVEParsing(utils.TestCase): benoit@43: benoit@43: def test_Full(self): benoit@43: self.doc = parse(FULL_CVE) benoit@43: self._validate() benoit@43: benoit@43: def test_no_CVSS(self): benoit@43: self.doc = parse(CVE_NO_CVSS) benoit@43: self._validate()