def test_get_year(self):
# Arrange
cve_id = 'CVE-2010-0000'
expected = 2010
# Act
actual = utilities.get_year(cve_id)
# Assert
self.assertEqual(expected, actual)
# Arrange
cve_id = 'CVE-2010-00000'
expected = 2010
# Act
actual = utilities.get_year(cve_id)
# Assert
self.assertEqual(expected, actual)
# Arrange
cve_id = 'CVE-201-0000'
# Assert
self.assertRaises(Exception, utilities.get_year, cve_id)
def test_get_year(self):
# Arrange
cve_id = "CVE-2010-0000"
expected = 2010
# Act
actual = utilities.get_year(cve_id)
# Assert
self.assertEqual(expected, actual)
# Arrange
cve_id = "CVE-2010-00000"
expected = 2010
# Act
actual = utilities.get_year(cve_id)
# Assert
self.assertEqual(expected, actual)
# Arrange
cve_id = "CVE-201-0000"
# Assert
self.assertRaises(Exception, utilities.get_year, cve_id)
def load(file_):
nvdxml = utilities.NvdXml()
session = Session()
reader = csv.reader(file_)
next(reader, None) # Ignoring the header
for row in reader:
debug(row)
cve = Cve(id=row[0], year=utilities.get_year(row[0]), product=row[1])
nvd_details = nvdxml.get_details(cve.id)
if nvd_details:
cve.cvss = Cvss()
cve.cvss.access_complexity = nvd_details['access-complexity']
cve.cvss.access_vector = nvd_details['access-vector']
cve.cvss.authentication = nvd_details['authentication']
cve.cvss.availability_impact = nvd_details['availability-impact']
cve.cvss.confidentiality_impact = nvd_details[
'confidentiality-impact'
]
cve.cvss.integrity_impact = nvd_details['integrity-impact']
cve.cvss.score = nvd_details['score']
cve.cvss.exploitability_subscore = nvd_details[
'exploitability-subscore'
]
cve.cvss.impact_subscore = nvd_details[
'impact-subscore'
]
cve.bounty = Bounty()
cve.bounty.amount = float(row[2].replace('$', '').replace(',', ''))
session.add(cve)
try:
session.commit()
except sqlalchemy.exc.IntegrityError as e:
error('{} is a duplicate.'.format(cve.id))
session.rollback()
else:
warning('{} was not found in NVD.'.format(cve.id))
def load(file_):
nvdxml = utilities.NvdXml()
session = Session()
reader = csv.reader(file_)
next(reader, None) # Ignoring the header
for row in reader:
debug(row)
cve = Cve(id=row[0], year=utilities.get_year(row[0]), product=row[1])
nvd_details = nvdxml.get_details(cve.id)
if nvd_details:
cve.cvss = Cvss()
cve.cvss.access_complexity = nvd_details['access-complexity']
cve.cvss.access_vector = nvd_details['access-vector']
cve.cvss.authentication = nvd_details['authentication']
cve.cvss.availability_impact = nvd_details['availability-impact']
cve.cvss.confidentiality_impact = nvd_details[
'confidentiality-impact']
cve.cvss.integrity_impact = nvd_details['integrity-impact']
cve.cvss.score = nvd_details['score']
cve.cvss.exploitability_subscore = nvd_details[
'exploitability-subscore']
cve.cvss.impact_subscore = nvd_details['impact-subscore']
cve.bounty = Bounty()
cve.bounty.amount = float(row[2].replace('$', '').replace(',', ''))
session.add(cve)
try:
session.commit()
except sqlalchemy.exc.IntegrityError as e:
error('{} is a duplicate.'.format(cve.id))
session.rollback()
else:
warning('{} was not found in NVD.'.format(cve.id))
