def test_import(self):
runner = ImportRunner(self.importer, 5)
with patch("vulnerabilities.importers.DebianDataSource._fetch",
return_value=self.mock_response):
with patch(
"vulnerabilities.importers.DebianDataSource.response_is_new",
return_value=True):
runner.run()
assert models.Vulnerability.objects.count() == 3
assert models.VulnerabilityReference.objects.count() == 3
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 2
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 8
assert models.Package.objects.count() == 6
self.assert_for_package("librsync",
"0.9.7-10",
"jessie",
cve_ids={"CVE-2014-8242"})
self.assert_for_package("librsync",
"0.9.7-10",
"buster",
cve_ids={"CVE-2014-8242"})
self.assert_for_package("mimetex", "1.50-1.1", "stretch")
self.assert_for_package("mimetex", "1.74-1", "stretch")
self.assert_for_package("mimetex", "1.50-1.1", "buster")
self.assert_for_package("mimetex", "1.76-1", "buster")
assert models.Vulnerability.objects.filter(
vulnerability_id__startswith="TEMP").count() == 0
def test_import(self, _):
runner = ImportRunner(self.importer, 5)
with patch('vulnerabilities.importers.NpmDataSource.versions',
new=MOCK_VERSION_API):
with patch('vulnerabilities.importers.NpmDataSource.set_api'):
runner.run()
assert models.Vulnerability.objects.count() == 3
assert models.VulnerabilityReference.objects.count() == 3
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 5
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 4
expected_package_count = sum(
[len(v) for v in MOCK_VERSION_API.cache.values()])
assert models.Package.objects.count() == expected_package_count
self.assert_for_package('jquery', {'3.4'}, {'3.8'},
'1518',
vulnerability_id='CVE-2020-11022') # nopep8
self.assert_for_package('kerberos', {'0.5.8'}, {'1.2'}, '1514')
self.assert_for_package('subtext', {'4.1.1', '7.0.0'},
{'3.7', '6.1.3', '7.0.5'}, '1476')
def test_import(self, _):
runner = ImportRunner(self.importer, 5)
with patch('vulnerabilities.importers.RustDataSource.crates_api',
new=CratesVersionAPI(cache=self.crates_api_cache)):
runner.run(cutoff_date=datetime.datetime(
year=2020, month=3, day=18, tzinfo=datetime.timezone.utc))
self.assert_for_package('bitvec', 'RUSTSEC-2020-0007')
self.assert_for_package('bumpalo', 'RUSTSEC-2020-0006')
self.assert_for_package('flatbuffers', 'RUSTSEC-2019-0028')
self.assert_for_package('hyper', 'RUSTSEC-2020-0008')
# There is no data for cbox, because the advisory contains neither affected nor patched or
# unaffected versions.
assert models.Package.objects.filter(name='cbox').count() == 0
def _import_data(self, importers, cutoff_date):
for importer in importers:
self.stdout.write(f'Importing data from {importer.name}')
batch_size = int(getattr(self, 'batch_size', 10))
ImportRunner(importer, batch_size).run(cutoff_date=cutoff_date)
self.stdout.write(
self.style.SUCCESS(f'Successfully imported data from {importer.name}'))
def test_import(self):
runner = ImportRunner(self.importer, 5)
with patch(
'vulnerabilities.importers.ArchlinuxDataSource._fetch',
return_value=self.mock_response
):
runner.run()
assert models.Vulnerability.objects.count() == 6
assert models.VulnerabilityReference.objects.count() == 10
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 12
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 8
assert models.Package.objects.count() == 10
self.assert_for_package(
'squid',
'4.10-2',
cve_ids={'CVE-2020-11945', 'CVE-2019-12521', 'CVE-2019-12519'},
)
self.assert_for_package('openconnect', '1:8.05-1', cve_ids={'CVE-2020-12823'})
self.assert_for_package(
'wireshark-common',
'2.6.0-1',
cve_ids={'CVE-2018-11362', 'CVE-2018-11361'},
)
self.assert_for_package(
'wireshark-gtk',
'2.6.0-1',
cve_ids={'CVE-2018-11362', 'CVE-2018-11361'},
)
self.assert_for_package(
'wireshark-cli',
'2.6.0-1',
cve_ids={'CVE-2018-11362', 'CVE-2018-11361'},
)
self.assert_for_package(
'wireshark-qt',
'2.6.0-1',
cve_ids={'CVE-2018-11362', 'CVE-2018-11361'},
)
self.assert_for_package('wireshark-common', '2.6.1-1')
self.assert_for_package('wireshark-gtk', '2.6.1-1')
self.assert_for_package('wireshark-cli', '2.6.1-1')
self.assert_for_package('wireshark-qt', '2.6.1-1')
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(data_source=MockDataSource(
2, added_advs=added_advs, updated_advs=updated_advs))
return ImportRunner(importer, 5)
def test_import(self):
runner = ImportRunner(self.importer, 5)
with patch("vulnerabilities.importers.ArchlinuxDataSource._fetch",
return_value=self.mock_response):
runner.run()
assert models.Vulnerability.objects.count() == 6
assert models.VulnerabilityReference.objects.count() == 10
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 12
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 8
assert models.Package.objects.count() == 10
self.assert_for_package(
"squid",
"4.10-2",
cve_ids={"CVE-2020-11945", "CVE-2019-12521", "CVE-2019-12519"},
)
self.assert_for_package("openconnect",
"1:8.05-1",
cve_ids={"CVE-2020-12823"})
self.assert_for_package(
"wireshark-common",
"2.6.0-1",
cve_ids={"CVE-2018-11362", "CVE-2018-11361"},
)
self.assert_for_package(
"wireshark-gtk",
"2.6.0-1",
cve_ids={"CVE-2018-11362", "CVE-2018-11361"},
)
self.assert_for_package(
"wireshark-cli",
"2.6.0-1",
cve_ids={"CVE-2018-11362", "CVE-2018-11361"},
)
self.assert_for_package(
"wireshark-qt",
"2.6.0-1",
cve_ids={"CVE-2018-11362", "CVE-2018-11361"},
)
self.assert_for_package("wireshark-common", "2.6.1-1")
self.assert_for_package("wireshark-gtk", "2.6.1-1")
self.assert_for_package("wireshark-cli", "2.6.1-1")
self.assert_for_package("wireshark-qt", "2.6.1-1")
def test_import(self, _):
runner = ImportRunner(self.importer, 5)
with patch("vulnerabilities.importers.NpmDataSource.versions", new=MOCK_VERSION_API):
with patch("vulnerabilities.importers.NpmDataSource.set_api"):
runner.run()
assert models.Vulnerability.objects.count() == 3
assert models.VulnerabilityReference.objects.count() == 3
assert models.PackageRelatedVulnerability.objects.all().count() == 4
assert models.Package.objects.count() == 8
self.assert_for_package(
"jquery", {"3.4.0"}, {"3.8.0"}, "1518", vulnerability_id="CVE-2020-11022"
) # nopep8
self.assert_for_package("kerberos", {"0.5.8"}, {"1.2.0"}, "1514")
self.assert_for_package("subtext", {"4.1.1", "7.0.0"}, {"6.1.3", "7.0.5"}, "1476")
def test_import(self, _):
runner = ImportRunner(self.importer, 5)
with patch(
"vulnerabilities.importers.RustDataSource.crates_api",
new=VersionAPI(cache=self.crates_api_cache),
):
with patch("vulnerabilities.importers.RustDataSource.set_api"):
runner.run(cutoff_date=datetime.datetime(
year=2020, month=3, day=18, tzinfo=datetime.timezone.utc))
self.assert_for_package("bitvec", "RUSTSEC-2020-0007")
self.assert_for_package("bumpalo", "RUSTSEC-2020-0006")
self.assert_for_package("flatbuffers", "RUSTSEC-2019-0028")
self.assert_for_package("hyper", "RUSTSEC-2020-0008")
# There is no data for cbox, because the advisory contains neither affected nor patched or
# unaffected versions.
assert models.Package.objects.filter(name="cbox").count() == 0
def test_import(self, _):
runner = ImportRunner(self.importer, 5)
with patch("vulnerabilities.importers.NpmDataSource.versions", new=MOCK_VERSION_API):
with patch("vulnerabilities.importers.NpmDataSource.set_api"):
runner.run()
assert models.Vulnerability.objects.count() == 3
assert models.VulnerabilityReference.objects.count() == 3
assert models.PackageRelatedVulnerability.objects.filter(is_vulnerable=False).count() == 5
assert models.PackageRelatedVulnerability.objects.filter(is_vulnerable=True).count() == 4
expected_package_count = sum([len(v) for v in MOCK_VERSION_API.cache.values()])
assert models.Package.objects.count() == expected_package_count
self.assert_for_package(
"jquery", {"3.4"}, {"3.8"}, "1518", vulnerability_id="CVE-2020-11022"
) # nopep8
self.assert_for_package("kerberos", {"0.5.8"}, {"1.2"}, "1514")
self.assert_for_package("subtext", {"4.1.1", "7.0.0"}, {"3.7", "6.1.3", "7.0.5"}, "1476")
def test_import(self, *_):
runner = ImportRunner(self.importer, 5)
runner.run()
assert models.Vulnerability.objects.count() == 7
assert models.VulnerabilityReference.objects.count() == 1
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 8
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 0
assert models.Package.objects.count() == 5
self.assert_for_package('cacti',
'1.2.8-r0',
cve_ids={'CVE-2019-17358'},
arch='armv7')
self.assert_for_package('cacti',
'1.2.8-r0',
cve_ids={'CVE-2019-17358'},
arch='x86_64')
self.assert_for_package('xen',
'4.12.1-r0',
vuln_ref='XSA-295',
arch='x86_64')
self.assert_for_package('ansible',
'2.9.3-r0',
cve_ids={'CVE-2019-14904', 'CVE-2019-14905'},
arch='x86_64')
self.assert_for_package(
'ansible',
'2.8.6-r0',
cve_ids={'CVE-2019-14846', 'CVE-2019-14856', 'CVE-2019-14858'},
arch='x86_64')
def _import_data(self, importers, cutoff_date):
failed_importers = []
for importer in importers:
self.stdout.write(f"Importing data from {importer.name}")
batch_size = int(getattr(self, "batch_size", 10))
try:
ImportRunner(importer, batch_size).run(cutoff_date=cutoff_date)
self.stdout.write(
self.style.SUCCESS(f"Successfully imported data from {importer.name}")
)
except Exception:
failed_importers.append(importer.name)
traceback.print_exc()
self.stdout.write(
self.style.ERROR(f"Failure to import data from {importer.name}. Continuing...")
)
if failed_importers:
raise CommandError(f"{len(failed_importers)} failed!: {','.join(failed_importers)}")
def test_import(self):
runner = ImportRunner(self.importer, 5)
with patch("vulnerabilities.importers.SafetyDbDataSource._fetch",
return_value=self.mock_response): # nopep8
with patch("vulnerabilities.importers.SafetyDbDataSource.set_api"):
runner.run()
assert models.Vulnerability.objects.count() == 9
assert models.VulnerabilityReference.objects.count() == 9
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 18
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 18
expected_package_count = sum(
[len(v) for v in MOCK_VERSION_API.cache.values()])
assert models.Package.objects.count() == expected_package_count
self.assert_by_vulnerability(
"pyup.io-37863",
"ampache",
{"2.0"},
{"5.2.1"},
cve_ids={"CVE-2019-12385", "CVE-2019-12386"},
)
self.assert_by_vulnerability(
"pyup.io-25713",
"django",
{"1.8", "1.4.19", "1.5.1", "1.6.9"},
{"1.8.14", "1.4.22"},
cve_ids={"CVE-2015-2317"},
)
self.assert_by_vulnerability(
"pyup.io-25721",
"django",
{"1.8.14"},
{"1.8", "1.4.19", "1.5.1", "1.6.9", "1.4.22"},
cve_ids={"CVE-2016-6186"},
)
self.assert_by_vulnerability(
"pyup.io-38115",
"zulip",
{"2.0"},
{"2.1.1", "2.1.2", "2.1.3"},
)
self.assert_by_vulnerability(
"pyup.io-38114",
"zulip",
{"2.0", "2.1.1"},
{"2.1.2", "2.1.3"},
cve_ids={"CVE-2019-19775", "CVE-2015-2104"},
)
self.assert_by_vulnerability(
"pyup.io-38200",
"zulip",
{"2.0", "2.1.1", "2.1.2"},
{"2.1.3"},
cve_ids={"CVE-2020-9444", "CVE-2020-10935"},
)
def test_import(self):
runner = ImportRunner(self.importer, 5)
with patch('vulnerabilities.importers.SafetyDbDataSource._fetch', return_value=self.mock_response): # nopep8
with patch('vulnerabilities.importers.SafetyDbDataSource.set_api'):
runner.run()
assert models.Vulnerability.objects.count() == 9
assert models.VulnerabilityReference.objects.count() == 9
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=False).count() == 18
assert models.PackageRelatedVulnerability.objects.filter(
is_vulnerable=True).count() == 18
expected_package_count = sum([len(v) for v in MOCK_VERSION_API.cache.values()])
assert models.Package.objects.count() == expected_package_count
self.assert_by_vulnerability(
'pyup.io-37863',
'ampache',
{'2.0'},
{'5.2.1'},
cve_ids={'CVE-2019-12385', 'CVE-2019-12386'},
)
self.assert_by_vulnerability(
'pyup.io-25713',
'django',
{'1.8', '1.4.19', '1.5.1', '1.6.9'},
{'1.8.14', '1.4.22'},
cve_ids={'CVE-2015-2317'},
)
self.assert_by_vulnerability(
'pyup.io-25721',
'django',
{'1.8.14'},
{'1.8', '1.4.19', '1.5.1', '1.6.9', '1.4.22'},
cve_ids={'CVE-2016-6186'},
)
self.assert_by_vulnerability(
'pyup.io-38115',
'zulip',
{'2.0'},
{'2.1.1', '2.1.2', '2.1.3'},
)
self.assert_by_vulnerability(
'pyup.io-38114',
'zulip',
{'2.0', '2.1.1'},
{'2.1.2', '2.1.3'},
cve_ids={'CVE-2019-19775', 'CVE-2015-2104'},
)
self.assert_by_vulnerability(
'pyup.io-38200',
'zulip',
{'2.0', '2.1.1', '2.1.2'},
{'2.1.3'},
cve_ids={'CVE-2020-9444', 'CVE-2020-10935'},
)