def test_serialize_all_values(self):
reference_date = datetime.now()
schema = VulnerabilitySchema()
vuln = Vulnerability(id="1234",
title="Multiple XSS",
reported_type="XSS",
created_at=reference_date,
updated_at=reference_date + timedelta(days=6))
vuln.add_affected_version(VersionRange(fixed_in="1.3"))
vuln.add_unaffected_version(VersionRange(fixed_in="2.4"))
vuln.references.append(
Reference(type="other", url="http://example.com/test"))
data = serialize(schema, vuln, indent=None)[0]
self.assertIn(reference_date.strftime("%Y-%m-%d"), data)
self.assertIn(
(reference_date + timedelta(days=6)).strftime("%Y-%m-%d"), data)
self.assertIn('"reported_type": "XSS"', data)
self.assertIn('1.3', data)
self.assertIn('example.com', data)
out, errors = schema.loads(data)
self.assertEqual("1.3", out.affected_versions[0].fixed_in)
self.assertEqual("2.4", out.unaffected_versions[0].fixed_in)
self.assertEqual("other", out.references[0].type)
def test_vulnerability_introduced_in_only(self):
v = Vulnerability(id="1")
v.add_affected_version(VersionRange(introduced_in="2.0"))
self.assertFalse(v.applies_to("1.0"))
self.assertFalse(v.applies_to("1.9"))
self.assertFalse(v.applies_to("2.0-beta3"))
self.assertTrue(v.applies_to("2.0"))
self.assertTrue(v.applies_to("2.1"))
def test_multiple_ranges(self):
v = Vulnerability(id="1")
v.add_affected_version(VersionRange(fixed_in="1.2"))
v.add_affected_version(VersionRange(fixed_in="1.3"))
self.assertEqual(v.affected_versions, [
VersionRange(fixed_in="1.2"),
VersionRange(fixed_in="1.3"),
])
def test_added_fix_conflicts_with_known_information(self):
v = Vulnerability(id="1")
v.add_affected_version(VersionRange(fixed_in="1.5"))
v.add_affected_version(
VersionRange(introduced_in="2.0", fixed_in="2.5"))
v.add_affected_version(VersionRange(fixed_in="1.3"))
v.add_affected_version(VersionRange(fixed_in="2.3"))
v.add_affected_version(VersionRange(introduced_in="2.3"))
self.assertEqual(v.affected_versions, [
VersionRange(fixed_in="1.5"),
VersionRange(introduced_in="2.0", fixed_in="2.5"),
])
def test_multiple_ranges(self):
v = Vulnerability(id="1")
v.add_affected_version(
VersionRange(introduced_in="1.0", fixed_in="1.2"))
v.add_affected_version(
VersionRange(introduced_in="2.0", fixed_in="2.3"))
v.add_affected_version(
VersionRange(introduced_in="3.0", fixed_in="3.1"))
self.assertFalse(v.applies_to("0.9"))
self.assertTrue(v.applies_to("2.1"))
self.assertTrue(v.applies_to("3.0"))
self.assertFalse(v.applies_to("3.1"))
def test_unaffected_versions(self):
v = Vulnerability(id="1")
v.unaffected_versions = [
VersionRange(introduced_in="6.0", fixed_in="6.1.2"),
VersionRange(introduced_in="7.0", fixed_in="7.0.7"),
]
v.add_affected_version(VersionRange(fixed_in="1.5"))
v.add_affected_version(
VersionRange(introduced_in="6.0", fixed_in="6.1.2"))
v.add_affected_version(VersionRange(fixed_in="6.1.1"))
self.assertEqual(v.affected_versions, [
VersionRange(fixed_in="1.5"),
])
def test_vulnerability_fixed_in_only(self):
v = Vulnerability(id="1")
v.add_affected_version(VersionRange(fixed_in="1.0"))
self.assertFalse(v.applies_to("1.1"))
self.assertFalse(v.applies_to("1.0"))
self.assertTrue(v.applies_to("0.9"))