def test_import(self): runner = ImportRunner(self.importer, 5) with patch("vulnerabilities.importers.DebianDataSource._fetch", return_value=self.mock_response): with patch( "vulnerabilities.importers.DebianDataSource.response_is_new", return_value=True): runner.run() assert models.Vulnerability.objects.count() == 3 assert models.VulnerabilityReference.objects.count() == 3 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 2 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 8 assert models.Package.objects.count() == 6 self.assert_for_package("librsync", "0.9.7-10", "jessie", cve_ids={"CVE-2014-8242"}) self.assert_for_package("librsync", "0.9.7-10", "buster", cve_ids={"CVE-2014-8242"}) self.assert_for_package("mimetex", "1.50-1.1", "stretch") self.assert_for_package("mimetex", "1.74-1", "stretch") self.assert_for_package("mimetex", "1.50-1.1", "buster") self.assert_for_package("mimetex", "1.76-1", "buster") assert models.Vulnerability.objects.filter( vulnerability_id__startswith="TEMP").count() == 0
def test_import(self, _): runner = ImportRunner(self.importer, 5) with patch('vulnerabilities.importers.NpmDataSource.versions', new=MOCK_VERSION_API): with patch('vulnerabilities.importers.NpmDataSource.set_api'): runner.run() assert models.Vulnerability.objects.count() == 3 assert models.VulnerabilityReference.objects.count() == 3 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 5 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 4 expected_package_count = sum( [len(v) for v in MOCK_VERSION_API.cache.values()]) assert models.Package.objects.count() == expected_package_count self.assert_for_package('jquery', {'3.4'}, {'3.8'}, '1518', vulnerability_id='CVE-2020-11022') # nopep8 self.assert_for_package('kerberos', {'0.5.8'}, {'1.2'}, '1514') self.assert_for_package('subtext', {'4.1.1', '7.0.0'}, {'3.7', '6.1.3', '7.0.5'}, '1476')
def test_import(self, _): runner = ImportRunner(self.importer, 5) with patch('vulnerabilities.importers.RustDataSource.crates_api', new=CratesVersionAPI(cache=self.crates_api_cache)): runner.run(cutoff_date=datetime.datetime( year=2020, month=3, day=18, tzinfo=datetime.timezone.utc)) self.assert_for_package('bitvec', 'RUSTSEC-2020-0007') self.assert_for_package('bumpalo', 'RUSTSEC-2020-0006') self.assert_for_package('flatbuffers', 'RUSTSEC-2019-0028') self.assert_for_package('hyper', 'RUSTSEC-2020-0008') # There is no data for cbox, because the advisory contains neither affected nor patched or # unaffected versions. assert models.Package.objects.filter(name='cbox').count() == 0
def _import_data(self, importers, cutoff_date): for importer in importers: self.stdout.write(f'Importing data from {importer.name}') batch_size = int(getattr(self, 'batch_size', 10)) ImportRunner(importer, batch_size).run(cutoff_date=cutoff_date) self.stdout.write( self.style.SUCCESS(f'Successfully imported data from {importer.name}'))
def test_import(self): runner = ImportRunner(self.importer, 5) with patch( 'vulnerabilities.importers.ArchlinuxDataSource._fetch', return_value=self.mock_response ): runner.run() assert models.Vulnerability.objects.count() == 6 assert models.VulnerabilityReference.objects.count() == 10 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 12 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 8 assert models.Package.objects.count() == 10 self.assert_for_package( 'squid', '4.10-2', cve_ids={'CVE-2020-11945', 'CVE-2019-12521', 'CVE-2019-12519'}, ) self.assert_for_package('openconnect', '1:8.05-1', cve_ids={'CVE-2020-12823'}) self.assert_for_package( 'wireshark-common', '2.6.0-1', cve_ids={'CVE-2018-11362', 'CVE-2018-11361'}, ) self.assert_for_package( 'wireshark-gtk', '2.6.0-1', cve_ids={'CVE-2018-11362', 'CVE-2018-11361'}, ) self.assert_for_package( 'wireshark-cli', '2.6.0-1', cve_ids={'CVE-2018-11362', 'CVE-2018-11361'}, ) self.assert_for_package( 'wireshark-qt', '2.6.0-1', cve_ids={'CVE-2018-11362', 'CVE-2018-11361'}, ) self.assert_for_package('wireshark-common', '2.6.1-1') self.assert_for_package('wireshark-gtk', '2.6.1-1') self.assert_for_package('wireshark-cli', '2.6.1-1') self.assert_for_package('wireshark-qt', '2.6.1-1')
def make_import_runner(added_advs=None, updated_advs=None): added_advs = added_advs or [] updated_advs = updated_advs or [] importer = MockImporter(data_source=MockDataSource( 2, added_advs=added_advs, updated_advs=updated_advs)) return ImportRunner(importer, 5)
def test_import(self): runner = ImportRunner(self.importer, 5) with patch("vulnerabilities.importers.ArchlinuxDataSource._fetch", return_value=self.mock_response): runner.run() assert models.Vulnerability.objects.count() == 6 assert models.VulnerabilityReference.objects.count() == 10 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 12 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 8 assert models.Package.objects.count() == 10 self.assert_for_package( "squid", "4.10-2", cve_ids={"CVE-2020-11945", "CVE-2019-12521", "CVE-2019-12519"}, ) self.assert_for_package("openconnect", "1:8.05-1", cve_ids={"CVE-2020-12823"}) self.assert_for_package( "wireshark-common", "2.6.0-1", cve_ids={"CVE-2018-11362", "CVE-2018-11361"}, ) self.assert_for_package( "wireshark-gtk", "2.6.0-1", cve_ids={"CVE-2018-11362", "CVE-2018-11361"}, ) self.assert_for_package( "wireshark-cli", "2.6.0-1", cve_ids={"CVE-2018-11362", "CVE-2018-11361"}, ) self.assert_for_package( "wireshark-qt", "2.6.0-1", cve_ids={"CVE-2018-11362", "CVE-2018-11361"}, ) self.assert_for_package("wireshark-common", "2.6.1-1") self.assert_for_package("wireshark-gtk", "2.6.1-1") self.assert_for_package("wireshark-cli", "2.6.1-1") self.assert_for_package("wireshark-qt", "2.6.1-1")
def test_import(self, _): runner = ImportRunner(self.importer, 5) with patch("vulnerabilities.importers.NpmDataSource.versions", new=MOCK_VERSION_API): with patch("vulnerabilities.importers.NpmDataSource.set_api"): runner.run() assert models.Vulnerability.objects.count() == 3 assert models.VulnerabilityReference.objects.count() == 3 assert models.PackageRelatedVulnerability.objects.all().count() == 4 assert models.Package.objects.count() == 8 self.assert_for_package( "jquery", {"3.4.0"}, {"3.8.0"}, "1518", vulnerability_id="CVE-2020-11022" ) # nopep8 self.assert_for_package("kerberos", {"0.5.8"}, {"1.2.0"}, "1514") self.assert_for_package("subtext", {"4.1.1", "7.0.0"}, {"6.1.3", "7.0.5"}, "1476")
def test_import(self, _): runner = ImportRunner(self.importer, 5) with patch( "vulnerabilities.importers.RustDataSource.crates_api", new=VersionAPI(cache=self.crates_api_cache), ): with patch("vulnerabilities.importers.RustDataSource.set_api"): runner.run(cutoff_date=datetime.datetime( year=2020, month=3, day=18, tzinfo=datetime.timezone.utc)) self.assert_for_package("bitvec", "RUSTSEC-2020-0007") self.assert_for_package("bumpalo", "RUSTSEC-2020-0006") self.assert_for_package("flatbuffers", "RUSTSEC-2019-0028") self.assert_for_package("hyper", "RUSTSEC-2020-0008") # There is no data for cbox, because the advisory contains neither affected nor patched or # unaffected versions. assert models.Package.objects.filter(name="cbox").count() == 0
def test_import(self, _): runner = ImportRunner(self.importer, 5) with patch("vulnerabilities.importers.NpmDataSource.versions", new=MOCK_VERSION_API): with patch("vulnerabilities.importers.NpmDataSource.set_api"): runner.run() assert models.Vulnerability.objects.count() == 3 assert models.VulnerabilityReference.objects.count() == 3 assert models.PackageRelatedVulnerability.objects.filter(is_vulnerable=False).count() == 5 assert models.PackageRelatedVulnerability.objects.filter(is_vulnerable=True).count() == 4 expected_package_count = sum([len(v) for v in MOCK_VERSION_API.cache.values()]) assert models.Package.objects.count() == expected_package_count self.assert_for_package( "jquery", {"3.4"}, {"3.8"}, "1518", vulnerability_id="CVE-2020-11022" ) # nopep8 self.assert_for_package("kerberos", {"0.5.8"}, {"1.2"}, "1514") self.assert_for_package("subtext", {"4.1.1", "7.0.0"}, {"3.7", "6.1.3", "7.0.5"}, "1476")
def test_import(self, *_): runner = ImportRunner(self.importer, 5) runner.run() assert models.Vulnerability.objects.count() == 7 assert models.VulnerabilityReference.objects.count() == 1 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 8 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 0 assert models.Package.objects.count() == 5 self.assert_for_package('cacti', '1.2.8-r0', cve_ids={'CVE-2019-17358'}, arch='armv7') self.assert_for_package('cacti', '1.2.8-r0', cve_ids={'CVE-2019-17358'}, arch='x86_64') self.assert_for_package('xen', '4.12.1-r0', vuln_ref='XSA-295', arch='x86_64') self.assert_for_package('ansible', '2.9.3-r0', cve_ids={'CVE-2019-14904', 'CVE-2019-14905'}, arch='x86_64') self.assert_for_package( 'ansible', '2.8.6-r0', cve_ids={'CVE-2019-14846', 'CVE-2019-14856', 'CVE-2019-14858'}, arch='x86_64')
def _import_data(self, importers, cutoff_date): failed_importers = [] for importer in importers: self.stdout.write(f"Importing data from {importer.name}") batch_size = int(getattr(self, "batch_size", 10)) try: ImportRunner(importer, batch_size).run(cutoff_date=cutoff_date) self.stdout.write( self.style.SUCCESS(f"Successfully imported data from {importer.name}") ) except Exception: failed_importers.append(importer.name) traceback.print_exc() self.stdout.write( self.style.ERROR(f"Failure to import data from {importer.name}. Continuing...") ) if failed_importers: raise CommandError(f"{len(failed_importers)} failed!: {','.join(failed_importers)}")
def test_import(self): runner = ImportRunner(self.importer, 5) with patch("vulnerabilities.importers.SafetyDbDataSource._fetch", return_value=self.mock_response): # nopep8 with patch("vulnerabilities.importers.SafetyDbDataSource.set_api"): runner.run() assert models.Vulnerability.objects.count() == 9 assert models.VulnerabilityReference.objects.count() == 9 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 18 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 18 expected_package_count = sum( [len(v) for v in MOCK_VERSION_API.cache.values()]) assert models.Package.objects.count() == expected_package_count self.assert_by_vulnerability( "pyup.io-37863", "ampache", {"2.0"}, {"5.2.1"}, cve_ids={"CVE-2019-12385", "CVE-2019-12386"}, ) self.assert_by_vulnerability( "pyup.io-25713", "django", {"1.8", "1.4.19", "1.5.1", "1.6.9"}, {"1.8.14", "1.4.22"}, cve_ids={"CVE-2015-2317"}, ) self.assert_by_vulnerability( "pyup.io-25721", "django", {"1.8.14"}, {"1.8", "1.4.19", "1.5.1", "1.6.9", "1.4.22"}, cve_ids={"CVE-2016-6186"}, ) self.assert_by_vulnerability( "pyup.io-38115", "zulip", {"2.0"}, {"2.1.1", "2.1.2", "2.1.3"}, ) self.assert_by_vulnerability( "pyup.io-38114", "zulip", {"2.0", "2.1.1"}, {"2.1.2", "2.1.3"}, cve_ids={"CVE-2019-19775", "CVE-2015-2104"}, ) self.assert_by_vulnerability( "pyup.io-38200", "zulip", {"2.0", "2.1.1", "2.1.2"}, {"2.1.3"}, cve_ids={"CVE-2020-9444", "CVE-2020-10935"}, )
def test_import(self): runner = ImportRunner(self.importer, 5) with patch('vulnerabilities.importers.SafetyDbDataSource._fetch', return_value=self.mock_response): # nopep8 with patch('vulnerabilities.importers.SafetyDbDataSource.set_api'): runner.run() assert models.Vulnerability.objects.count() == 9 assert models.VulnerabilityReference.objects.count() == 9 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=False).count() == 18 assert models.PackageRelatedVulnerability.objects.filter( is_vulnerable=True).count() == 18 expected_package_count = sum([len(v) for v in MOCK_VERSION_API.cache.values()]) assert models.Package.objects.count() == expected_package_count self.assert_by_vulnerability( 'pyup.io-37863', 'ampache', {'2.0'}, {'5.2.1'}, cve_ids={'CVE-2019-12385', 'CVE-2019-12386'}, ) self.assert_by_vulnerability( 'pyup.io-25713', 'django', {'1.8', '1.4.19', '1.5.1', '1.6.9'}, {'1.8.14', '1.4.22'}, cve_ids={'CVE-2015-2317'}, ) self.assert_by_vulnerability( 'pyup.io-25721', 'django', {'1.8.14'}, {'1.8', '1.4.19', '1.5.1', '1.6.9', '1.4.22'}, cve_ids={'CVE-2016-6186'}, ) self.assert_by_vulnerability( 'pyup.io-38115', 'zulip', {'2.0'}, {'2.1.1', '2.1.2', '2.1.3'}, ) self.assert_by_vulnerability( 'pyup.io-38114', 'zulip', {'2.0', '2.1.1'}, {'2.1.2', '2.1.3'}, cve_ids={'CVE-2019-19775', 'CVE-2015-2104'}, ) self.assert_by_vulnerability( 'pyup.io-38200', 'zulip', {'2.0', '2.1.1', '2.1.2'}, {'2.1.3'}, cve_ids={'CVE-2020-9444', 'CVE-2020-10935'}, )