def test_cpe1(self, init_testenv): if init_testenv != "Initialized": exit('nvd - TestNvdCpe initialization failed, exiting') # Read flat file as a string to return as mock http response try: with open( "data/official-cpe-dictionary_v2.3.xml.base.zip", "rb" ) as myfile: mybuf = myfile.read() except Exception as e: print(e) mybuf = None # Set up mock http response to return test file responses.add( responses.GET, gbls.url_cpe, body=mybuf, status=200, content_type='application/x-zip-compressed' ) # target cpe file my_cpe = gbls.nvddir + gbls.cpe_filename # if file already exists, then timestamp the file with old date in the # past to force "download" if os.path.isfile(my_cpe): s = "01/12/2011" my_tm_stamp = time.mktime( datetime.datetime.strptime( s, "%d/%m/%Y" ).timetuple() ) os.utime( my_cpe, (my_tm_stamp, my_tm_stamp) ) # "Download" the test zip file cpe = nvd.NvdCpe() cpe.download_cpe() # Check that extracted file matches the baseline version assert filecmp.cmp( my_cpe, 'data/official-cpe-dictionary_v2.3.base.xml', False )
def test_run(): init_testenv() # Read in and process hosts baseline test i/p file hosts = sccm.SccmHosts() hosts.read(mydir='data/df_sys_base.csv') hosts.save() gbls.ad_vip_grps = 'data/ps-ad-vip.csv' # Invoke Input plugin for customized I/P data plugin1 = gbls.plugin_manager.getPluginByName(gbls.PLUGINIP) plugin1.plugin_object.modify_hosts(hosts) df_hosts = hosts.get() df_hosts.to_pickle('data/df_sys_base.pck') print('Hosts file initialized') # Read in sccm software inventory files sft = sccm.SccmSoft() sft.read( mydir_x86='data/df_v_gs_add_rem_base_x86.csv', mydir_x64='data/df_v_gs_add_rem_base_x64.csv', ) df_sft = sft.get() df_sft.to_pickle('data/df_v_gs_add_rem_base.pck') print('Software file initialized') # use edited CPE file to produce a packed dataframe for baseline # comparison # Convert the i/p XML file to a dataframe cpe = nvd.NvdCpe() cpe.read(my_cpe='data/official-cpe-dictionary_v2.3.base.xml') df_cpe = cpe.get() df_cpe.to_pickle('data/df_cpe4_base.pck') print('NVD CPE file initialized') # use CVE I/P file to produce a packed dataframe for baseline # comparison cve = nvd.NvdCve() df_cve = cve.read(my_dir='data/') df_cve = cve.get() df_cve.to_pickle("data/df_cve_base.pck") print('NVD CVE file initialized') # Force error see o/p assert False
def test_cpe2(self, init_testenv): if init_testenv != "Initialized": exit('nvd - Initialization failed, exiting') # Convert the i/p XML file to a dataframe cpe = nvd.NvdCpe() cpe.read(my_cpe='data/official-cpe-dictionary_v2.3.base.xml') df_cpe_processed = cpe.get() # load up base dframe for comparison cpe.load(mypck="data/df_cpe4_base.pck") df_cpe_base = cpe.get() # Check calculated dframe against base dframe assert df_cpe_base.equals(df_cpe_processed)
def init_matching(self): print('init_matching: Initialize for matching.') sft = sccm.SccmSoft() sft.load(mydir='data/df_match_sccm.pck') df_sft = sft.get() print ('Match tests: Software inventory file initialized') cpe = nvd.NvdCpe() cpe.load(mypck='data/df_match_cpe4.pck') df_cpe = cpe.get() print ('Match tests: NVD CPE file initialized') # Load cve dframe cve = nvd.NvdCve() cve.load(mypck="data/df_cve_base.pck") df_cve = cve.get() print ('Match tests: NVD CVE file initialized') # Vendor matching baseline comparison dframe match_vendor_base = matchven.MatchVendor() match_vendor_base.load(mypck='data/df_match_vendor_baseline.pck') df_match_vendor_base = match_vendor_base.get() print ('Match tests: Vendor match baseline dframe initialized') # Software matching baseline comparison dframe match_soft_base = matchsft.MatchSoft() match_soft_base.load(mypck='data/df_match_sft_baseline.pck') df_match_sft_base = match_soft_base.get() print ('Match tests: Software match baseline dframe initialized') return ( df_sft, df_cpe, df_cve, df_match_vendor_base, df_match_sft_base )
def test_run(): init_testenv() # initialize data for match tests cpe = nvd.NvdCpe() cpe.read(my_cpe='data/match_official-cpe-dictionary_v2.3.xml') df_cpe = cpe.get() df_cpe.to_pickle('data/df_match_cpe4.pck') print ('Match tests: NVD CPE file initialized') sft = sccm.SccmSoft() sft.read( mydir_x86='data/df_match_sccm_86.csv', mydir_x64='data/df_match_sccm_64.csv', ) df_sft = sft.get() df_sft.to_pickle('data/df_match_sccm.pck') print ('Match tests: Software file initialized') # Run vendor matching match_vendor = matchven.MatchVendor() match_vendor.match( df_cpe, df_sft ) df_match_vendor = match_vendor.get() df_match_vendor.to_pickle('data/df_match_vendor_baseline.pck') print ('Match tests: Vendor match dframe initialized') # Run software matching. # - First load cve dframe cve_base = nvd.NvdCve() cve_base.load(mypck="data/df_cve_base.pck") df_cve = cve_base.get() match_soft = matchsft.MatchSoft() match_soft.match( df_match_vendor, df_sft, df_cpe ) df_match_sft = match_soft.get() df_match_sft.to_pickle('data/df_match_sft_baseline.pck') print ('Match tests: Software match dframe initialized') # Match vulns to software # - First load hosts dframe hosts_base = sccm.SccmHosts() hosts_base.load(mydir="data/df_sys_base.pck") df_hosts = hosts_base.get() match_vulns = vulns.MatchVulns() match_vulns.data_merge( df_cve, df_match_sft, df_sft, df_hosts ) df_match_vulns = match_vulns.get() df_match_vulns.to_pickle('data/df_match_vulns_baseline.pck') print ('Match tests: Vuln match dframe initialized') # Force error see o/p assert False