def test_invalid_repository_disabled_color(monkeypatch, table_only_cli_output_formatter): table_only_cli_output_formatter.opt.unresolved = True sysinfo = MockSysInfo() sysinfo.esm_infra_enabled = True run_repository_color_test(monkeypatch, table_only_cli_output_formatter, sysinfo, "CVE-2020-1011", False)
def test_ua_infra_unknown_text(monkeypatch, table_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_infra_enabled = None sr = filter_scan_results_by_cve_ids("CVE-2020-1010") (results_msg, return_code) = table_only_cli_output_formatter.format_output(sr, sysinfo) assert "(disabled)" not in results_msg
def test_ua_apps_disabled_text(monkeypatch, table_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = False sysinfo.esm_infra_enabled = True sr = filter_scan_results_by_cve_ids("CVE-2020-1009") (results_msg, return_code) = table_only_cli_output_formatter.format_output(sr, sysinfo) assert "(disabled)" in results_msg
def test_critical_color(monkeypatch, table_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = True sysinfo.esm_infra_enabled = True run_priority_color_test( monkeypatch, table_only_cli_output_formatter, sysinfo, "CVE-2020-1007", const.CRITICAL, )
def test_summary_esm_disabled_color(monkeypatch, summary_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = False sysinfo.esm_infra_enabled = False run_esm_color_code_test( monkeypatch, summary_only_cli_output_formatter, sysinfo, const.REPOSITORY_DISABLED_COLOR_CODE, "No", )
def test_summary_manifest_esm_unknown_color(monkeypatch, summary_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = None sysinfo.esm_infra_enabled = None run_esm_color_code_test( monkeypatch, summary_only_cli_output_formatter, sysinfo, const.REPOSITORY_UNKNOWN_COLOR_CODE, "Unknown", )
def test_summary_fixes_applied_color(monkeypatch, summary_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = True sysinfo.esm_infra_enabled = True run_fixes_not_applied_color_code_test( monkeypatch, summary_only_cli_output_formatter, sysinfo, const.REPOSITORY_ENABLED_COLOR_CODE, 0, )
def test_summary_fixes_unknown_color(monkeypatch, summary_only_cli_output_formatter): sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = None sysinfo.esm_infra_enabled = None run_fixes_not_applied_color_code_test( monkeypatch, summary_only_cli_output_formatter, sysinfo, const.REPOSITORY_UNKNOWN_COLOR_CODE, 3, unknown=True, )
def test_csv(): sr = filter_scan_results_by_cve_ids( ["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"]) opt = MockOpt() opt.priority = "all" opt.unresolved = True formatter = CSVOutputFormatter(opt, null_logger()) (results_msg, return_code) = formatter.format_output(sr, MockSysInfo()) expected_csv_results = "CVE ID,PRIORITY,PACKAGE,FIXED_VERSION,REPOSITORY" expected_csv_results += "\nCVE-2020-1000,low,pkg3,," expected_csv_results += ( "\nCVE-2020-1001,high,pkg1,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive") expected_csv_results += ( "\nCVE-2020-1001,high,pkg2,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive") expected_csv_results += ("\nCVE-2020-1005,low,pkg1,1:1.2.3-4+deb9u3,%s" % const.UA_APPS) expected_csv_results += ("\nCVE-2020-1005,low,pkg2,1:1.2.3-4+deb9u3,%s" % const.UA_APPS) expected_csv_results += ("\nCVE-2020-1005,low,pkg3,10.2.3-2ubuntu0.1,%s" % const.UA_INFRA) assert results_msg == expected_csv_results
def test_high_color(monkeypatch, table_only_cli_output_formatter): run_priority_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1001", const.HIGH, )
def test_medium_color(monkeypatch, table_only_cli_output_formatter): run_priority_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1003", const.MEDIUM, )
def test_negligible_color(monkeypatch, table_only_cli_output_formatter): run_priority_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1008", const.NEGLIGIBLE, )
def test_untriaged_color(monkeypatch, table_only_cli_output_formatter): run_priority_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1006", const.UNTRIAGED, )
def test_no_tty_no_color(monkeypatch, table_only_cli_output_formatter): monkeypatch.setattr(sys.stdout, "isatty", lambda: False) sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"]) (results_msg, return_code) = table_only_cli_output_formatter.format_output( sr, MockSysInfo()) assert "\u001b" not in results_msg
def test_no_patch_available_infra_experimental(cve_output_formatter): sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"]) sr.append(ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UA_INFRA),) cve_output_formatter.opt.experimental_mode = False msg, rc = cve_output_formatter.format_output(sr, MockSysInfo()) assert msg == "Vulnerable to CVE-2020-1000. There is no fix available, yet." assert rc == 3
def test_low_color(monkeypatch, table_only_cli_output_formatter): run_priority_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1005", const.LOW, )
def test_summary_priority_all(monkeypatch, summary_only_cli_output_formatter): monkeypatch.setattr(sys.stdout, "isatty", lambda: False) cof = summary_only_cli_output_formatter sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"]) (results_msg, return_code) = cof.format_output(sr, MockSysInfo()) assert re.search(r"CVE Priority\s+All", results_msg)
def test_suggestions_empty_no_experimental_infra_enabled( monkeypatch, suggestions_only_cli_output_formatter): cof = suggestions_only_cli_output_formatter cof.opt.priority = const.LOW cof.opt.experimental_mode = False sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = False sysinfo.esm_infra_enabled = True sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1010"]) (results_msg, return_code) = cof.format_output(sr, sysinfo) assert ( "additional security patch(es) are available if ESM for Infrastructure is enabled with\nUbuntu Advantage." not in results_msg)
def test_vulnerable_patch_available_infra(cve_output_formatter): sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"]) sr.append(ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UA_INFRA),) msg, rc = cve_output_formatter.format_output(sr, MockSysInfo()) assert ( msg == f"Vulnerable to CVE-2020-1000, but fixes are available from {const.UA_INFRA}." )
def test_ubuntu_repository_enabled_color(monkeypatch, table_only_cli_output_formatter): run_repository_color_test( monkeypatch, table_only_cli_output_formatter, MockSysInfo(), "CVE-2020-1001", True, )
def test_summary_experimental_filter(monkeypatch, summary_only_cli_output_formatter): monkeypatch.setattr(sys.stdout, "isatty", lambda: False) cof = summary_only_cli_output_formatter sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = False sysinfo.esm_infra_enabled = True cof.opt.experimental_mode = False sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"]) (results_msg, return_code) = cof.format_output(sr, sysinfo) assert "Vulnerabilities Fixable by ESM" not in results_msg # Disable this test for now # assert "UA Apps Enabled" not in results_msg # assert "UA Infra Enabled" not in results_msg assert "Available Fixes Not Applied" not in results_msg
def test_returns_json_light(): opt = MockOpt() opt.syslog_light = True formatter = MockSyslogOutputFormatter(opt, null_logger(), MockJSONOutputFormatter()) (results_msg, return_code) = formatter.format_output([], MockSysInfo()) assert results_msg == "5 vulnerabilites can be fixed by running `sudo apt upgrade`" assert return_code == 0
def test_return_code(): opt = MockOpt() json_output_formatter = MockJSONOutputFormatter() json_output_formatter.return_code = 1 formatter = SyslogOutputFormatter(opt, null_logger(), json_output_formatter) (results_msg, return_code) = formatter.format_output([], MockSysInfo()) assert return_code == 1
def test_returns_json(): opt = MockOpt() opt.syslog = True formatter = SyslogOutputFormatter(opt, null_logger(), MockJSONOutputFormatter()) (results_msg, return_code) = formatter.format_output([], MockSysInfo()) assert results_msg == expected_output assert return_code == 0
def test_csv_show_links_header(): opt = MockOpt() opt.priority = "all" opt.unresolved = True opt.show_links = True formatter = CSVOutputFormatter(opt, null_logger()) (results_msg, return_code) = formatter.format_output([], MockSysInfo()) assert "URL" in results_msg
def test_always_show_links(): sr = filter_scan_results_by_cve_ids(["CVE-2020-1004", "CVE-2020-1005"]) opt = MockOpt() opt.unresolved = True opt.show_links = False formatter = JSONOutputFormatter(opt, null_logger()) (results_msg, return_code) = formatter.format_output(sr, MockSysInfo()) assert const.UCT_URL % "CVE-2020-1004" in results_msg assert const.UCT_URL % "CVE-2020-1005" in results_msg
def test_summary_nounresolved(monkeypatch, summary_only_cli_output_formatter): monkeypatch.setattr(sys.stdout, "isatty", lambda: False) cof = summary_only_cli_output_formatter cof.opt.priority = const.LOW cof.opt.unresolved = False sysinfo = MockSysInfo() sysinfo.esm_apps_enabled = False sysinfo.esm_infra_enabled = False sr = filter_scan_results_by_cve_ids([ "CVE-2020-1001", "CVE-2020-1002", "CVE-2020-1003", "CVE-2020-1005", "CVE-2020-1009", "CVE-2020-1010", ]) (results_msg, return_code) = cof.format_output(sr, sysinfo) assert re.search(r"Ubuntu Release\s+bionic", results_msg) assert re.search(r"Installed Packages\s+100", results_msg) assert re.search(r"CVE Priority\s+low or higher", results_msg) assert re.search(r"Unique Packages Fixable by Patching\s+6", results_msg) assert re.search(r"Unique CVEs Fixable by Patching\s+5", results_msg) assert re.search(r"Vulnerabilities Fixable by Patching\s+10", results_msg) assert re.search(r"Vulnerabilities Fixable by %s\s+6" % const.UA_APPS, results_msg) assert re.search(r"Vulnerabilities Fixable by %s\s+2" % const.UA_INFRA, results_msg) # Disabling for now # assert re.search(r"UA Apps Enabled\s+No", results_msg) # assert re.search(r"UA Infra Enabled\s+No", results_msg) assert re.search(r"Fixes Available by `apt-get upgrade`\s+2", results_msg) assert re.search(r"Available Fixes Not Applied by `apt-get upgrade`\s+8", results_msg)
def test_vulnerable_patch_available_repository(cve_output_formatter): sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"]) sr.append( ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UBUNTU_ARCHIVE), ) msg, rc = cve_output_formatter.format_output(sr, MockSysInfo()) expected_msg = ( "Vulnerable to CVE-2020-1000, but fixes are available from " "the Ubuntu Archive." ) assert msg == expected_msg assert rc == 4
def run_json_format_test(indent): sr = filter_scan_results_by_cve_ids( ["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"]) opt = MockOpt() opt.priority = "all" opt.unresolved = True formatter = JSONOutputFormatter(opt, null_logger(), indent=indent) (results_msg, return_code) = formatter.format_output(sr, MockSysInfo()) expected_output = json.dumps(sample_output, indent=indent, sort_keys=False) assert results_msg == expected_output
def test_no_results_no_header(monkeypatch): header_regex = r"CVE ID\s+PRIORITY\s+PACKAGE\s+FIXED VERSION\s+REPOSITORY" monkeypatch.setattr(sys.stdout, "isatty", lambda: False) cof = CLIOutputFormatter(MockOpt(), null_logger()) sysinfo = MockSysInfo() cof.opt.experimental_mode = True cof.opt.unresolved = False sr = filter_scan_results_by_cve_ids(["CVE-2020-1003"]) (results_msg, return_code) = cof.format_output(sr, sysinfo) assert not re.search(header_regex, results_msg)