def test_parse_from_text_both_versions(self): v1 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H' v2 = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = 'xxx. ' + v1 + ' ' + v2 + '. xxx' e = set() e.add(CVSS3(v1)) e.add(CVSS2(v2)) self.assertEqual(set(parser.parse_cvss_from_text(i)), e)
def get_cvss(self, cvss): if cvss: for cvss_item in cvss: vector = cvss_item['vector'] cvss_objects = cvss_parser.parse_cvss_from_text(vector) if len(cvss_objects) > 0 and type(cvss_objects[0]) == CVSS3: return vector return None
def test_parse_from_text_optional_sentence_cases(self): # Missing space after end of sentence and before vector v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H' i = '.' + v e = [CVSS3(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) # End of sentence v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H' i = v + '.' e = [CVSS3(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) # Missing space after dot before vector v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H' i = 'xxx.' + v e = [CVSS3(v)] self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_multiple_vectors_same_cvss(self): v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H' e = [CVSS3(v)] i = 'Title: {0}\nThis is an overview of {0} problem.\nLinks: {0}'.format( v) self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_cvss3(self): i = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H' e = [CVSS3(i)] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) # Truncated vector i = 'CVSS:3' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0/' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0/AV:N' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0/AV:X' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0/AV:ZZZ' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N' e = [CVSS3(i)] self.assertEqual(parser.parse_cvss_from_text(i), e) # Missing mandatory prefix i = 'AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) v1 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H' v2 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N' i = ' '.join([v1, v2]) e = set() e.add(CVSS3(v1)) e.add(CVSS3(v2)) self.assertEqual(set(parser.parse_cvss_from_text(i)), e) # Correct text v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H' i = 'xxx ' + v e = [CVSS3(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H' i = v + ' xxx' e = [CVSS3(v)] self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_multiple_vectors_same_cvss(self): v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' e = [CVSS2(v)] i = 'Title: {0}\nThis is an overview of {0} problem.\nLinks: {0}'.format( v) self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_cvss2(self): """ Tests for parsing CVSS from text. """ i = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' e = [CVSS2(i)] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:U/RC:C/CDP:LM/TD:L/IR:H/AR:M' e = [CVSS2(i)] self.assertEqual(parser.parse_cvss_from_text(i), e) i = 'AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H' e = [CVSS2(i)] self.assertEqual(parser.parse_cvss_from_text(i), e) # Bad value i = 'AV:N/AC:L/Au:N/C:C/I:C/A:X' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) # Truncated vector i = 'AV:N/AC:' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) i = '' e = [] self.assertEqual(parser.parse_cvss_from_text(i), e) # Correct parsing v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = 'xxx ' + v e = [CVSS2(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = v + ' xxx' e = [CVSS2(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) # End of sentence v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = v + '.' e = [CVSS2(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) # Missing space after dot before vector v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = 'xxx.' + v e = [CVSS2(v)] self.assertEqual(parser.parse_cvss_from_text(i), e) # Missing space after dot after vector v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C' i = v + '.xxx' e = [CVSS2(v)] self.assertEqual(parser.parse_cvss_from_text(i), e)