def testCreatingFromXML(self):
"""
<_
id="http-coldfusionmx-path-leak"
title="Macromedia Coldfusion MX Server Path Leakage Vulnerability"
severity="3"
safe="true"
pciSeverity="2"
cvssScore="5.0"
cvssVector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)"
added="20041101T000000000"
modified="20090317T000000000"
/>
"""
vulnerability = VulnerabilitySummary.CreateFromXML(
as_xml(self.testCreatingFromXML.__doc__))
self.assertEqual(vulnerability.id, 'http-coldfusionmx-path-leak')
self.assertEqual(
vulnerability.title,
'Macromedia Coldfusion MX Server Path Leakage Vulnerability')
self.assertEqual(vulnerability.severity, 3)
self.assertEqual(vulnerability.pci_severity, 2)
self.assertEqual(vulnerability.cvss_score, 5.0)
self.assertEqual(vulnerability.cvss_vector,
'(AV:N/AC:L/Au:N/C:P/I:N/A:N)')
self.assertEqual(vulnerability.requires_credentials, False)
self.assertEqual(vulnerability.is_safe, True)
self.assertEqual(vulnerability.published, '')
self.assertEqual(vulnerability.added, '20041101T000000000')
self.assertEqual(vulnerability.modified, '20090317T000000000')
def _Execute_Fake(self, request):
try:
if self.XmlStringToReturnOnExecute:
return as_xml(self.XmlStringToReturnOnExecute)
return request # return the request as an answer
except Exception as ex:
raise NexposeConnectionException(
"Unable to execute the fake request: {0}!".format(ex), ex)
def testIfAnEmptyXmlElementResultsInDefaultValues(self):
vulnerability = VulnerabilitySummary.CreateFromXML(as_xml('<_ />'))
self.assertEqual(vulnerability.id, '')
self.assertEqual(vulnerability.title, '')
self.assertEqual(vulnerability.severity, 0)
self.assertEqual(vulnerability.pci_severity, 0)
self.assertEqual(vulnerability.cvss_score, 0)
self.assertEqual(vulnerability.cvss_vector, '')
self.assertEqual(vulnerability.requires_credentials, False)
self.assertEqual(vulnerability.is_safe, False)
self.assertEqual(vulnerability.published, '')
self.assertEqual(vulnerability.added, '')
self.assertEqual(vulnerability.modified, '')
def testCreatingFromXML(self):
"""
<_
title="RealNetworks Helix Universal Server Double Request Buffer Overflow"
severity="10"
safe="0"
requiresCredentials="1"
published="20021219T000000000"
pciSeverity="5"
modified="20110104T000000000"
id="http-helix-double-request-bof"
cvssVector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)"
cvssScore="7.5"
added="1099247400000"
>
<description><body><p>
Certain versions of RealNetworks Helix Universal
Server are susceptible to a remotely exploitable
buffer overflow condition when parsing two abnormally
long, successive GET requests. On Windows
platforms, this yields SYSTEM privilege; impact is
unknown for UNIX platforms.
</p></body></description>
<references>
<reference source="BID">http://www.securityfocus.com/bid/6454</reference>
<reference source="BID">http://www.securityfocus.com/bid/6456</reference>
<reference source="BID">http://www.securityfocus.com/bid/6458</reference>
<reference source="CERTVN">http://www.kb.cert.org/vuls/id/974689</reference>
</references>
<solution><body>
<p>Fix RealNetworks Helix Universal Server Double Request Buffer Overflow</p>
<p>Download and apply the patch from: <a href="http://www.service.real.com/help/faq/security/bufferoverrun12192002.html">http://www.service.real.com/help/faq/security/buffer overrun12192002.html</a></p>
<p />
<p>Install the patch at: <a href="http://www.service.real.com/help/faq/security/bufferoverrun12192002.html">http://www.service.real.com/help/faq/security/bufferoverrun12192002.html</a></p>
</body></solution>
</_>
"""
vulnerability = VulnerabilityDetail.CreateFromXML(
as_xml(self.testCreatingFromXML.__doc__))
self.assertEqual(vulnerability.id, 'http-helix-double-request-bof')
self.assertEqual(
vulnerability.title,
'RealNetworks Helix Universal Server Double Request Buffer Overflow'
)
self.assertEqual(vulnerability.severity, 10)
self.assertEqual(vulnerability.pci_severity, 5)
self.assertEqual(vulnerability.cvss_score, 7.5)
self.assertEqual(vulnerability.cvss_vector,
'(AV:N/AC:L/Au:N/C:P/I:P/A:P)')
self.assertEqual(vulnerability.requires_credentials, True)
self.assertEqual(vulnerability.is_safe, False)
self.assertEqual(vulnerability.published, '20021219T000000000')
self.assertEqual(vulnerability.added,
'1099247400000') # is this correct ?
self.assertEqual(vulnerability.modified, '20110104T000000000')
self.assertNotEqual(vulnerability.description, '')
self.assertIsInstance(vulnerability.description,
bytes) # incomplete test
self.assertEqual(len(vulnerability.references), 4) # incomplete test
self.assertNotEqual(vulnerability.solution, '')
self.assertIsInstance(vulnerability.description,
bytes) # incomplete test
