class TestVulnerability(unittest.TestCase):
def setUp(self) -> None:
self.v1 = Vulnerability()
self.v1.set_vector("AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L")
self.v1.set_metric("E", "P")
self.v1.set_metric("RL", "T")
self.v1.set_metric("RC", "X")
self.v1.set_metric("MAC", "H")
self.v1.set_metric("MUI", "R")
self.v1.set_metric("MI", "N")
# AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:T/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:H/MPR:X/MUI:R/MS:X/MC:X/MI:N/MA:X 4.3 3.9 3.1
self.v2 = Vulnerability()
self.v2.set_vector("AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L")
self.v2.set_metric("RL", "U")
self.v2.set_metric("CR", "L")
self.v2.set_metric("IR", "L")
self.v2.set_metric("MAV", "A")
self.v2.set_metric("MAC", "H")
self.v2.set_metric("MPR", "N")
self.v2.set_metric("MUI", "R")
self.v2.set_metric("MS", "U")
# AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:X/RL:U/RC:X/CR:L/IR:L/AR:X/MAV:A/MAC:H/MPR:N/MUI:R/MS:U/MC:X/MI:X/MA:X 2.6 2.6 2.6
self.v3 = Vulnerability()
self.v3.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H")
self.v3.set_metric("E", "P")
self.v3.set_metric("AR", "H")
self.v3.set_metric("MPR", "H")
self.v3.set_metric("MUI", "N")
self.v3.set_metric("MS", "U")
# AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:X/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:H/MUI:N/MS:U/MC:X/MI:X/MA:X 5.8 5.5 6.0
self.v4 = Vulnerability()
self.v4.set_vector("AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H")
self.v4.set_metric("E", "P")
self.v4.set_metric("RL", "U")
self.v4.set_metric("AR", "H")
self.v4.set_metric("MUI", "R")
self.v4.set_metric("MS", "U")
self.v4.set_metric("MC", "L")
self.v4.set_metric("MI", "N")
self.v4.set_metric("MA", "N")
# AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:U/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:X/MUI:R/MS:U/MC:L/MI:N/MA:N 6.1 5.8 3.0
self.v5 = Vulnerability()
self.v5.set_vector("AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H")
self.v5.set_metric("E", "P")
self.v5.set_metric("RL", "O")
self.v5.set_metric("IR", "M")
self.v5.set_metric("MAV", "N")
self.v5.set_metric("MAC", "H")
self.v5.set_metric("MC", "L")
self.v5.set_metric("MA", "N")
# AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H/E:P/RL:O/RC:X/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:X/MUI:X/MS:X/MC:L/MI:X/MA:N 7.7 6.9 3.6
self.v6 = Vulnerability()
self.v6.set_vector("AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H")
self.v6.set_metric("RL", "W")
self.v6.set_metric("RC", "R")
self.v6.set_metric("IR", "M")
self.v6.set_metric("MAV", "N")
self.v6.set_metric("MAC", "H")
self.v6.set_metric("MPR", "L")
self.v6.set_metric("MUI", "N")
self.v6.set_metric("MC", "L")
self.v6.set_metric("MI", "L")
self.v6.set_metric("MA", "L")
# AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:X/RL:W/RC:R/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:L/MUI:N/MS:X/MC:L/MI:L/MA:L 6.3 5.9 4.7
self.v7 = Vulnerability()
self.v7.set_vector("AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N")
self.v7.set_metric("RL", "U")
self.v7.set_metric("RC", "U")
self.v7.set_metric("MAV", "N")
self.v7.set_metric("MUI", "N")
self.v7.set_metric("MA", "L")
# AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:X/RL:U/RC:U/CR:X/IR:X/AR:X/MAV:N/MAC:X/MPR:X/MUI:N/MS:X/MC:X/MI:X/MA:L 6.5 6.0 7.6
self.v8 = Vulnerability()
self.v8.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H")
self.v8.set_metric("E", "F")
self.v8.set_metric("RL", "T")
self.v8.set_metric("IR", "L")
self.v8.set_metric("MAV", "N")
self.v8.set_metric("MAC", "L")
self.v8.set_metric("MUI", "N")
self.v8.set_metric("MC", "L")
self.v8.set_metric("MI", "N")
self.v8.set_metric("MA", "L")
# AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:T/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:N/MS:X/MC:L/MI:N/MA:L 7.0 6.6 5.1
self.v9 = Vulnerability()
self.v9.set_vector("AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N")
self.v9.set_metric("E", "U")
self.v9.set_metric("RL", "O")
self.v9.set_metric("IR", "L")
self.v9.set_metric("MAV", "N")
self.v9.set_metric("MAC", "L")
self.v9.set_metric("MUI", "R")
self.v9.set_metric("MI", "L")
# AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:R/MS:X/MC:X/MI:L/MA:X 2.1 1.9 2.6
self.v10 = Vulnerability()
self.v10.set_vector("AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N")
self.v10.set_metric("RL", "W")
self.v10.set_metric("IR", "L")
self.v10.set_metric("CR", "H")
self.v10.set_metric("MAV", "N")
self.v10.set_metric("MAC", "H")
self.v10.set_metric("MPR", "H")
self.v10.set_metric("MUI", "R")
self.v10.set_metric("MC", "L")
self.v10.set_metric("MI", "N")
self.v10.set_metric("MA", "N")
# AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:X/RL:W/RC:X/CR:H/IR:L/AR:X/MAV:N/MAC:H/MPR:H/MUI:R/MS:X/MC:L/MI:N/MA:N 6.7 6.5 3.4
self.v11 = Vulnerability()
self.v11.set_vector("AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
self.v11.set_metric("E", "P")
self.v11.set_metric("RL", "T")
self.v11.set_metric("RC", "R")
self.v11.set_metric("CR", "H")
self.v11.set_metric("IR", "H")
self.v11.set_metric("AR", "H")
self.v11.set_metric("MAV", "A")
self.v11.set_metric("MAC", "H")
self.v11.set_metric("MPR", "L")
self.v11.set_metric("MUI", "R")
self.v11.set_metric("MS", "C")
self.v11.set_metric("MC", "H")
self.v11.set_metric("MI", "H")
self.v11.set_metric("MA", "H")
def test_enter_wrong_metric_for_base_score(self):
v_wrong = Vulnerability()
self.assertRaises(ValueError, v_wrong.set_vector,
"AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:X/A:L")
def test_enter_wrong_order_for_base_score(self):
v_wrong = Vulnerability()
self.assertRaises(ValueError, v_wrong.set_vector,
"AV:A/AC:H/PR:L/UI:R/S:U/C:L/A:L")
def test_enter_more_more_than_base_score(self):
v_wrong = Vulnerability()
self.assertRaises(ValueError, v_wrong.set_vector,
"AV:A/AC:H/PR:L/UI:R/S:U/C:L:I:X/A:L/MAV/AC")
def test_enter_base_score_in_wrong_order(self):
v_wrong = Vulnerability()
self.assertRaises(ValueError, v_wrong.set_vector,
"AV:A/AC:H/PR:L/UI:R/S:U/I:L/C:L/A:L")
def test_enter_wrong_metric_value(self):
v_wrong = Vulnerability()
self.assertRaises(ValueError, v_wrong.set_metric, "AV", "K")
def test_enter_wrong_metric_key(self):
v_wrong = Vulnerability()
self.assertRaises(KeyError, v_wrong.set_metric, "AX", "N")
def test_get_environmental_score(self):
self.assertEqual(self.v1.get_env_score(), 3.1)
self.assertEqual(self.v2.get_env_score(), 2.6)
self.assertEqual(self.v3.get_env_score(), 6.0)
self.assertEqual(self.v4.get_env_score(), 3.0)
self.assertEqual(self.v5.get_env_score(), 3.6)
self.assertEqual(self.v6.get_env_score(), 4.7)
self.assertEqual(self.v7.get_env_score(), 7.6)
self.assertEqual(self.v8.get_env_score(), 5.1)
self.assertEqual(self.v9.get_env_score(), 2.6)
self.assertEqual(self.v10.get_env_score(), 3.4)
self.assertEqual(self.v11.get_env_score(), 6.7)
def test_get_temporal_score(self):
self.assertEqual(self.v1.get_temp_score(), 3.9)
self.assertEqual(self.v2.get_temp_score(), 2.6)
self.assertEqual(self.v3.get_temp_score(), 5.5)
self.assertEqual(self.v4.get_temp_score(), 5.8)
self.assertEqual(self.v5.get_temp_score(), 6.9)
self.assertEqual(self.v6.get_temp_score(), 5.9)
self.assertEqual(self.v7.get_temp_score(), 6.0)
self.assertEqual(self.v8.get_temp_score(), 6.6)
self.assertEqual(self.v9.get_temp_score(), 1.9)
self.assertEqual(self.v10.get_temp_score(), 6.5)
self.assertEqual(self.v11.get_temp_score(), 8.5)
def test_get_base_score(self):
self.assertEqual(self.v1.get_base_score(), 4.3)
self.assertEqual(self.v2.get_base_score(), 2.6)
self.assertEqual(self.v3.get_base_score(), 5.8)
self.assertEqual(self.v4.get_base_score(), 6.1)
self.assertEqual(self.v5.get_base_score(), 7.7)
self.assertEqual(self.v6.get_base_score(), 6.3)
self.assertEqual(self.v7.get_base_score(), 6.5)
self.assertEqual(self.v8.get_base_score(), 7.0)
self.assertEqual(self.v9.get_base_score(), 2.1)
self.assertEqual(self.v10.get_base_score(), 6.7)
self.assertEqual(self.v11.get_base_score(), 9.8)
def test_total_score(self):
self.assertEqual(self.v1.get_total_score(), 3.1)
self.assertEqual(self.v2.get_total_score(), 2.6)
self.assertEqual(self.v3.get_total_score(), 6.0)
self.assertEqual(self.v4.get_total_score(), 3.0)
self.assertEqual(self.v5.get_total_score(), 3.6)
self.assertEqual(self.v6.get_total_score(), 4.7)
self.assertEqual(self.v7.get_total_score(), 7.6)
self.assertEqual(self.v8.get_total_score(), 5.1)
self.assertEqual(self.v9.get_total_score(), 2.6)
self.assertEqual(self.v10.get_total_score(), 3.4)
self.assertEqual(self.v11.get_total_score(), 6.7)
class Controller:
"""
Controller of the Model View Controller
...
Attributes
----------
model: Vulnerability
a variable to save all information about the Vulnerability
username: str
username is required for login
password: str
password is required for login
msg: str
msg is required for the login View
Methods
-------
says(sound=None)
Prints the animals name and what sound it makes
gui_loop(self)
the main loop of the calculator application, the root is a Tk Window
start(self)
authentication that is required to get access to the program
check_auth_gui(self)
is checking if a auth.json (contains userdata) is in the template folder. if true
the programm will start with the login window otherwise with the sign up window
set_user(self, user):
setting the current user
set_password(self, password):
setting the current password
set_msg(self, msg):
setting the message that is required
print_json(self)
creates an .json file. the name of the file is the same as for model.get_name().
the file is saved inside the output folder.
print_txt(self)
creates an .json file. the name of the file is the same as for model.get_name().
the file is saved inside the output folder.
get_vector(self) -> str
return the CVSS 3.1 Vector
set_metric(self, base_string, value=None)
is changing the values of the vector. if the value is None (default) the program is
got the base score from the view and is setting it for the model. otherwise
its just a single metric which sets the value for the base_string
get_metric(self, env): -> str
returns the value of the selected metric BASE, ENV, TEMP
get_base_score(self):
returns the base_score
get_env_score(self):
return the environmental score
get_temp_score(self):
return the temp score
set_asset(self):
set the name of the asset
set_vul(self):
set the name of the vulnerability
get_user(self):
get the name of the user
get_password(self):
get the name of the password
"""
def __init__(self):
self._model = Vulnerability()
self.username = ""
self.password = ""
self.msg = ""
self.check_auth = False
def gui_loop(self):
root = Tk()
#get_credentials(root, self)
root.resizable(False, False)
root.title('cvsslator')
self._view = CreationView(root, self)
root.mainloop()
def start(self):
self.msg = "LOGIN"
self.check_auth_gui()
def check_auth_gui(self):
if os.path.isfile('../templates/auth.json'):
GetCredentials(self, self.msg)
if self.username == "" and self.password == "":
return False
else:
hash_object = hashlib.sha256(self.password.encode('ascii'))
hash_password = str(hash_object.hexdigest())
with open('../templates/auth.json') as auth:
credentials = json.load(auth)
if self.username == credentials[
'user'] and hash_password == credentials['password']:
self.username = ""
self.password = ""
self.gui_loop()
return True
else:
self.username = ""
self.password = ""
self.msg = "Unknown Combination!"
self.check_auth_gui()
return False
else:
CreateUser(self)
if self.check_auth:
hash_object = hashlib.sha256(self.password.encode('ascii'))
hash_password = str(hash_object.hexdigest())
credentials = {
'user': self.username,
'password': hash_password
}
with open('../templates/auth.json', 'w') as auth:
json.dump(credentials, auth)
self.username = ""
self.password = ""
self.gui_loop()
return "set"
else:
return False
def set_user(self, username):
self.username = username
def set_password(self, password):
self.password = password
def set_msg(self, msg):
self.msg = msg
def print_json(self):
with open('../templates/template_output_json.json') as out:
try:
JSON_OUT = json.load(out)
except json.decoder.JSONDecodeError:
return False
JSON_OUT['asset_name'] = self._model.get_asset_name()
JSON_OUT['vuln_name'] = self._model.get_vulnerability_name()
JSON_OUT['vektor'] = self._model.get_vector()
JSON_OUT['base_score'] = self._model.get_base_score()
JSON_OUT['temp_score'] = self._model.get_temp_score()
JSON_OUT['env_score'] = self._model.get_env_score()
JSON_OUT['total_score'] = self._model.get_total_score()
if self._model.get_asset_name() != "N/D":
create_name = '../output/' + self._model.get_asset_name(
) + '_output.json'
else:
create_name = "../output/unknown_output.json"
with open(create_name, 'w') as out2:
out2.write(json.dumps(JSON_OUT, indent=4))
return True
def print_txt(self):
with open('../templates/template_output_txt.txt', 'r') as file:
TXT_OUT = file.read()
TXT_OUT = TXT_OUT.replace('$asset_name$',
self._model.get_asset_name())
TXT_OUT = TXT_OUT.replace('$vul_name$',
self._model.get_vulnerability_name())
TXT_OUT = TXT_OUT.replace('$vektor$',
str(self._model.get_vector()))
TXT_OUT = TXT_OUT.replace('$base_score$',
str(self._model.get_base_score()))
TXT_OUT = TXT_OUT.replace('$temp_score$',
str(self._model.get_temp_score()))
TXT_OUT = TXT_OUT.replace('$env_score$',
str(self._model.get_env_score()))
TXT_OUT = TXT_OUT.replace('$total_score$',
str(self._model.get_total_score()))
if self._model.get_asset_name() != "N/D":
create_name = '../output/' + self._model.get_asset_name(
) + '_output.txt'
else:
create_name = "../output/unknown_output.txt"
with open(create_name, 'w') as output:
output.write(TXT_OUT)
def get_vector(self):
return self._model.get_vector()
def set_metric(self, base_string, value=None):
if value == None:
self._model.set_vector(base_string)
else:
self._model.set_metric(base_string, value)
def get_metric(self, type):
if type == "BASE":
return self._model.get_base_vector()
elif type == "TEMP":
return self._model.get_temp_vector()
elif type == "ENV":
return self._model.get_env_vector()
else:
pass
def get_base_score(self):
return self._model.get_base_score()
def get_env_score(self):
return self._model.get_env_score()
def get_temp_score(self):
return self._model.get_temp_score()
def set_vul(self, value):
if value == "":
self._model.set_asset_name("N/D")
else:
self._model.set_vulnerability_name(value)
def set_asset(self, value):
if value == "":
self._model.set_asset_name("N/D")
else:
self._model.set_asset_name(value)
def get_user(self):
return self.username
def get_password(self):
return self.password
