Example #1
0
def test_should_not_load_arbitrary_code():
    with tempfile.NamedTemporaryFile(prefix='security_breach') as b:
        with tempfile.NamedTemporaryFile(prefix='evil_eval', mode='w') as f:
            print("""
Derive(envVars={{'name': str((lambda: open('{}', 'w').write('shellcode'))())}})
""".format(b.name), file=f)
            f.flush()
            with pytest.raises(NameError):
                load(f.name)
            assert os.path.getsize(b.name) == 0
Example #2
0
def test_should_not_load_arbitrary_code():
    with tempfile.NamedTemporaryFile(prefix='security_breach') as b:
        with tempfile.NamedTemporaryFile(prefix='evil_eval', mode='w') as f:
            print("""
Derive(envVars={{'name': str((lambda: open('{}', 'w').write('shellcode'))())}})
""".format(b.name), file=f)
            f.flush()
            with pytest.raises(NameError):
                load(f.name)
            assert os.path.getsize(b.name) == 0
Example #3
0
def test_patches_with_multiple_cves():
    deriv = load(fix('audiofile-0.3.6.drv'))
    assert {
        'CVE-2015-7747',
        'CVE-2017-6827',
        'CVE-2017-6828',
        'CVE-2017-6829',
        'CVE-2017-6830',
        'CVE-2017-6831',
        'CVE-2017-6832',
        'CVE-2017-6833',
        'CVE-2017-6834',
        'CVE-2017-6835',
        'CVE-2017-6836',
        'CVE-2017-6837',
        'CVE-2017-6838',
        'CVE-2017-6839',
    } == deriv.patched()
Example #4
0
def test_patches_with_multiple_cves():
    deriv = load(fix('audiofile-0.3.6.drv'))
    assert {
        'CVE-2015-7747',
        'CVE-2017-6827',
        'CVE-2017-6828',
        'CVE-2017-6829',
        'CVE-2017-6830',
        'CVE-2017-6831',
        'CVE-2017-6832',
        'CVE-2017-6833',
        'CVE-2017-6834',
        'CVE-2017-6835',
        'CVE-2017-6836',
        'CVE-2017-6837',
        'CVE-2017-6838',
        'CVE-2017-6839',
    } == deriv.patched()
Example #5
0
def test_ignore_patched_cves_during_check(nvd_modified):
    """Test for CVE-2016-9844 which is listed but has a patch."""
    deriv = load(fix('unzip-6.0.drv'))
    deriv.check(nvd_modified)
    assert set() == deriv.affected_by
Example #6
0
def test_guess_cves_from_fetchpatch():
    deriv = load(fix('cpio-2.12.drv'))
    assert {'CVE-2015-1197', 'CVE-2016-2037'} == deriv.patched()
Example #7
0
def test_guess_cves_from_direct_patches_bzip2():
    deriv = load(fix('bzip2-1.0.6.0.1.drv'))
    assert {'CVE-2016-3189'} == deriv.patched()
Example #8
0
def test_load_drv_explicit_version():
    d = load(fix('cyrus-sasl-2.5.10.drv'))
    assert d.pname == 'cyrus-sasl'
    assert d.version == '2.5.10'
Example #9
0
def test_structured_attrs():
    d = load(fix('structured-attrs-1.drv'))
    assert d.name == 'structured-attrs-1'
Example #10
0
def drv(fixture):
    return load(
        pkg_resources.resource_filename(
            'vulnix', 'tests/fixtures/{}.drv'.format(fixture)))
Example #11
0
def test_ignore_patched_cves_during_check(nvd_modified):
    """Test for CVE-2016-9844 which is listed but has a patch."""
    deriv = load(fix('unzip-6.0.drv'))
    deriv.check(nvd_modified)
    assert set() == deriv.affected_by
Example #12
0
def test_guess_cves_from_fetchpatch():
    deriv = load(fix('cpio-2.12.drv'))
    assert {'CVE-2015-1197', 'CVE-2016-2037'} == deriv.patched()
Example #13
0
def test_guess_cves_from_direct_patches_bzip2():
    deriv = load(fix('bzip2-1.0.6.0.1.drv'))
    assert {'CVE-2016-3189'} == deriv.patched()
Example #14
0
def test_load_drv_explicit_version():
    d = load(fix('cyrus-sasl-2.5.10.drv'))
    assert d.pname == 'cyrus-sasl'
    assert d.version == '2.5.10'
Example #15
0
def test_structured_attrs():
    d = load(fix('structured-attrs-1.drv'))
    assert d.name == 'structured-attrs-1'