def not_updated_cve(self): with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle: CveFactory.process(handle) NotificationCache.clear() with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle: CveFactory.process(handle) self.assertEqual(NotificationCache.get(), [])
def test_update(self): cve = models.Cve.objects.get(id='CVE-2017-0008') cve.last_modified_date = None cve.save() cache.clear() factory = CveFactory() with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle: factory.process(handle) self.assertEqual([('CVE-2017-0008', False)], NotificationCache.get()) self.assertEqual(factory.updated, 1)
def test_call_create(self): cve = models.Cve.objects.get(id='CVE-2017-0008') self.assertEqual(cve.base_score_v2, 4.3) self.assertEqual(cve.base_score_v3, 4.3) self.assertEqual(cve.cwe.id, 'CWE-200') self.assertEqual( cve.summary, 'Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive ' 'information from process memory via a crafted web site, aka "Internet Explorer Information ' 'Disclosure Vulnerability." This vulnerability is different from those described in ' 'CVE-2017-0009 and CVE-2017-0059.') self.assertEquals(str(cve.published_date), '2017-03-17 00:59:00+00:00') self.assertEquals(str(cve.last_modified_date), '2017-07-12 01:29:00+00:00') self.assertEqual(json.loads(cve.references), [ { 'source': 'BID', 'url': 'http://www.securityfocus.com/bid/96073' }, { 'source': 'SECTRACK', 'url': 'http://www.securitytracker.com/id/1038008', }, { 'source': 'CONFIRM', 'url': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008' } ]) self.assertEqual(cve.cpe.count(), 3) self.assertEqual(cve.cpe.filter(name='cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*').count(), 1) self.assertEqual(cve.cpe.filter(name='cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*').count(), 1) self.assertEqual(cve.cpe.filter(name='cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*').count(), 1) self.assertEqual(cve.access_vector_v2, metrics.AccessVectorV2.NETWORK.value) self.assertEqual(cve.access_complexity_v2, metrics.AccessComplexityV2.MEDIUM.value) self.assertEqual(cve.authentication_v2, metrics.AuthenticationV2.NONE.value) self.assertEqual(cve.confidentiality_impact_v2, metrics.ImpactV2.PARTIAL.value) self.assertEqual(cve.integrity_impact_v2, metrics.ImpactV2.NONE.value) self.assertEqual(cve.availability_impact_v2, metrics.ImpactV2.NONE.value) self.assertEqual(cve.attack_vector_v3, metrics.AttackVectorV3.NETWORK.value) self.assertEqual(cve.attack_complexity_v3, metrics.AttackComplexityV3.LOW.value) self.assertEqual(cve.privileges_required_v3, metrics.PrivilegesRequiredV3.NONE.value) self.assertEqual(cve.user_interaction_v3, metrics.UserInteractionV3.REQUIRED.value) self.assertEqual(cve.scope_v3, metrics.ScopeV3.UNCHANGED.value) self.assertEqual(cve.confidentiality_impact_v3, metrics.ImpactV3.LOW.value) self.assertEqual(cve.integrity_impact_v3, metrics.ImpactV3.NONE.value) self.assertEqual(cve.availability_impact_v3, metrics.ImpactV3.NONE.value) self.assertEqual(cve.get_privileges_required_v3_value(), 0.85) self.assertEqual([('CVE-2017-0008', True), ('CVE-2017-0002', True)], NotificationCache.get())
def update_cve_cwe(): NotificationCache.initial_update(not Cve.objects.exists()) (update_cwe.si() | group( update_cve.si(year) for year in range(START_YEAR, datetime.now().year + 1)) | update_exploits.si() | send_notifications.si())()
def send_notifications(): LOGGER.info("All update done") cves = NotificationCache.get() if not NotificationCache.is_initial_update() and cves: knowledge_base_update_finished.send(sender=None, cves=cves) NotificationCache.clear()
def initial_update_test(self): NotificationCache.initial_update(not models.Cve.objects.exists()) self.assertTrue(NotificationCache.is_initial_update())
def update_cache(self): with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle: CveFactory.process(handle) self.assertEqual(NotificationCache.get(), [('CVE-2017-0002', True), ('CVE-2017-0008', True)])
def tearDown(self): NotificationCache.clear()
def _cve_saved(**kwargs): NotificationCache.set(kwargs['instance'].id, kwargs['created'])