def test_can_lower_case_should_be_ok(self):
cve_str = "can-2011-0346"
self.assertTrue(CVEID.correct_cve_str(cve_str))
cve = CVEID(cve_str)
self.assertEqual(cve.get_year(), 2011)
self.assertEqual(cve.is_candidate(), True)
self.assertEqual(str(cve), cve_str)
def get_cve_by_cpe(cls, cpe_id):
""" Return list of CVE-ID by CPEID
@param cve_id: string with CPEID instance
@return: list of tuples (CVE-ID instance), Official name)
"""
if not isinstance(cpe_id, CPEID):
cpe_id = CPEID(cpe_id)
query = """
SELECT cve_id, summary
FROM vulnerabilities AS vulns
JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
JOIN products AS pr ON pr.id = concr_pr.product_id
WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s'
AND concr_pr.version='%s' AND concr_pr.pr_update='%s' AND concr_pr.edition='%s' AND language='%s'
""" % (cpe_id.get_part_info(), cpe_id.get_vendor_info(),
cpe_id.get_product_info(), cpe_id.get_version_info(),
cpe_id.get_update_info(), cpe_id.get_edition_info(),
cpe_id.get_language_info())
res = cls._cur.execute(query).fetchall()
ret = []
for row in res:
cve_id = CVEID(row[0])
#ret.append(str(cve_id))
ret.append((str(cve_id), str(row[1])))
return ret
def get_cpe_by_cve(cls, cve_id):
""" Return list of CPEID by CVE-ID
@param cve_id: string with CVE-ID or CVEID instance
@return: list of tuples (CPEID instance, Official name)
"""
if not isinstance(cve_id, CVEID):
cve_id = CVEID(cve_id)
sql = """
SELECT pr.part, pr.vendor, pr.product, concr_pr.version,
concr_pr.pr_update, concr_pr.edition, concr_pr.language,
pr.official_name
FROM vulnerabilities AS vulns
JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
JOIN products AS pr ON pr.id = concr_pr.product_id
WHERE cve_id='%s'
""" % cve_id
res = cls._cur.execute(sql).fetchall()
ret = []
for row in res:
cpeid = CPEID('', row['part'], row['vendor'], row['product'],
row['version'], row['pr_update'], row['edition'],
row['language'])
#ret.append((cpeid, row['official_name'])) old version
ret.append(str(cpeid))
return ret
def parseEntry(entry):
vulnObject = vuln.Vulnerability()
cve_id = entry.get('id')
vulnObject.cve = CVEID(cve_id)
for elem in entry:
if elem.tag == tag_dict['vuln:vulnerable-configuration']:
vulnObject.condition.conidtion_variants.append(
parseVulnConfig(elem))
elif elem.tag == tag_dict['vuln:vulnerable-software-list']:
vulnObject.products = parseVulnSoftwareList(elem)
elif elem.tag == tag_dict['vuln:cve-id']:
pass
elif elem.tag == tag_dict['vuln:published-datetime']:
vulnObject.published_datetime = parsePublishedDateTime(elem)
elif elem.tag == tag_dict['vuln:last-modified-datetime']:
vulnObject.last_modified_datetime = parseLastModifDateTime(elem)
elif elem.tag == tag_dict['vuln:cvss']:
vulnObject.cvss_base_metrics = parseCVSS(elem)
elif elem.tag == tag_dict['vuln:cwe']:
vulnObject.cwe = CWEID(elem.get('id'))
elif elem.tag == tag_dict['vuln:references']:
vulnObject.references.append(parseVulnerabilityReference(elem))
elif elem.tag == tag_dict['vuln:summary']:
vulnObject.summary = elem.text
#parse first 'cpe-lang:logical-test' (should be OR)
if entry.find(tag_dict['vuln:vulnerable-software-list']) is None:
vuln_conf_elem = entry.find(
tag_dict['vuln:vulnerable-configuration'])
vulnObject.products = parseVulnConfigSoftwareList(vuln_conf_elem)
if vulnObject.cve is None or \
vulnObject.products is None or \
len(vulnObject.products) == 0 or \
len(vulnObject.condition.conidtion_variants) == 0 or \
vulnObject.cvss_base_metrics is None:
return None
return vulnObject
def test_can_should_be_bad_name_2(self):
cve_str = "CANN-2011-0346"
self.assertFalse(CVEID.correct_cve_str(cve_str))
self.assertRaises(ValueError, CVEID, cve_str)
def test_cve_should_be_bad_number(self):
cve_str = "CVE-20110346"
self.assertFalse(CVEID.correct_cve_str(cve_str))
self.assertRaises(ValueError, CVEID, cve_str)
def test_cve_equal_should_be_ok(self):
cve_str = "CVE-2011-0346"
cve = CVEID(cve_str)
self.assertEqual(cve, CVEID(cve_str))
self.assertNotEqual(cve, CVEID("CVE-2010-0346"))
