Python OSVSecurityAdvisory Examples

Programming Language: Python

Namespace/Package Name: skjold.sources.osv

Examples at hotexamples.com: 6

Python OSVSecurityAdvisory - 6 examples found. These are the top rated real world Python examples of skjold.sources.osv.OSVSecurityAdvisory extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

using(6)

Frequently Used Methods

using (6)

Example #1

Show file

File: test_osv.py Project: twu/skjold

def test_osv_advisory_with_vulnerable_package_via_osv_api() -> None:
    vulnerabilities = _osv_dev_api_request("jinja2", "2.11.2")
    assert vulnerabilities[0]

    obj = OSVSecurityAdvisory.using(vulnerabilities[0])
    assert obj.identifier == "PYSEC-2021-66"
    assert obj.package_name == "jinja2"
    assert obj.summary.startswith(
        "This affects the package jinja2 from 0.0.0 and before 2.11.3.")

    assert obj.is_affected("0.0.0")
    assert obj.is_affected("2.11.2")
    assert not obj.is_affected("2.11.3")

Example #2

Show file

File: test_osv.py Project: twu/skjold

def test_osv_advisory_with_introduced_and_fixed() -> None:
    obj = OSVSecurityAdvisory.using(
        osv_advisory_yml("introduced-and-fixed.yaml"))

    assert obj.package_name == "package"
    assert obj.identifier == "PYSEC-0000-0"
    assert obj.source == "osv"
    assert obj.severity == "UNKNOWN"
    assert obj.url == "https://www.pypi.org"
    assert obj.references == ["https://www.pypi.org", "https://www.python.org"]
    assert obj.vulnerable_versions == "<1.1.0,>=1.0.0"
    assert obj.summary == "Too much cheese in the cheeseshop!"

    assert obj.is_affected("1.0.0")
    assert obj.is_affected("1.0.20")
    assert not obj.is_affected("0.9.0")
    assert not obj.is_affected("1.1.0")
    assert not obj.is_affected("2.0.0")

Example #3

Show file

File: pypa.py Project: twu/skjold

    def populate_from_cache(self) -> None:
        self._advisories = defaultdict(list)
        with tarfile.TarFile.open(self.path, mode="r:gz") as archive:
            pypi_advisories = filter(
                lambda obj: "/vulns/" in obj.name and obj.name.endswith(".yaml"
                                                                        ),
                archive.getmembers(),
            )

            for obj in list(pypi_advisories):
                obj_fh = archive.extractfile(obj.name)
                if obj_fh:
                    doc = yaml.load(obj_fh, Loader=yaml.SafeLoader)
                    advisory = OSVSecurityAdvisory.using(doc)
                    self._advisories[advisory.package_name.lower()].append(
                        advisory)
                else:  # pragma: no cover
                    raise SkjoldException(
                        f"Unable to extract '{obj.name}' from source archive.")

Example #4

Show file

File: test_osv.py Project: twu/skjold

def test_ensure_osv_advisory_from_yaml_with_no_cvss_vector() -> None:
    obj = OSVSecurityAdvisory.using(osv_advisory_yml("PYSEC-2021-54.yaml"))

    assert obj.package_name == "salt"
    assert obj.identifier == "PYSEC-2021-54"
    assert obj.source == "osv"
    assert obj.severity == "UNKNOWN"
    assert obj.url == "https://github.com/saltstack/salt/releases"
    assert obj.references == [
        "https://github.com/saltstack/salt/releases",
        "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/",
        "https://security.gentoo.org/glsa/202103-01",
    ]
    assert (
        obj.vulnerable_versions ==
        "<2015.8.10||<2015.8.13,>=2015.8.11||<2016.3.4,>=2016.3.0||<2016.3.6,>=2016.3.5||<2016.3.8,>=2016.3.7||<2016.11.3,>=2016.11.0||<2016.11.5,>=2016.11.4||<2016.11.10,>=2016.11.7||<2017.7.8,>=2017.7.0||<2019.2.0rc1,>=2018.3.0rc1||<2019.2.5,>=2019.2.0||<2019.2.8,>=2019.2.6||<3000.6,>=3000||<3001.4,>=3001||<3002.5,>=3002"
    )
    assert obj.summary.startswith(
        "In SaltStack Salt before 3002.5, eauth tokens")

Example #5

Show file

File: test_osv.py Project: twu/skjold

def test_osv_advisory_ensure_marked_affected_by_default(
        package_version: str) -> None:
    obj = OSVSecurityAdvisory.using({"package": {"name": "package"}})
    assert obj.package_name == "package"
    assert obj.is_affected(package_version)

Example #6

Show file

File: test_osv.py Project: twu/skjold

def test_ensure_is_affected(doc: Any, package_name: str, package_version: str,
                            is_vulnerable: bool) -> None:
    obj = OSVSecurityAdvisory.using(doc)
    assert obj.package_name == "package"
    assert len(obj.vulnerable_version_range) == len(doc["affects"]["versions"])
    assert obj.is_affected(package_version) is is_vulnerable