def test_extract_summary_with_single_summary(self): expected_summary = ( "Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools " "before 0.4 make it easier for context-dependent attackers to perform memory-related " "attacks such as buffer overflows via a large size value, which causes less memory to " "be allocated than expected.") cve_item = self.nvd_data["CVE_Items"][0] assert len(cve_item["cve"]["description"]["description_data"]) == 1 found_summary = NVDDataSource.extract_summary(cve_item) assert found_summary == expected_summary
def test_extract_summary_with_multiple_summary(self): expected_summary = ( "SHA-1 is not collision resistant, which makes it easier for context-dependent " "attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1" " in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing " "this SHA-1 issue; the existence of an identifier is not, by itself, a technology " "recommendation.") cve_item = self.nvd_data["CVE_Items"][1] assert len(cve_item["cve"]["description"]["description_data"]) > 1 found_summary = NVDDataSource.extract_summary(cve_item) assert found_summary == expected_summary
def test_extract_cpes(self): expected_cpes = { "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*", "cpe:2.3:h:google:chrome:*:*:*:*:*:*:*:*", "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*", } found_cpes = set() for cve_item in self.nvd_data["CVE_Items"]: found_cpes.update(NVDDataSource.extract_cpes(cve_item)) assert expected_cpes == found_cpes
def setUpClass(cls): data_source_cfg = {"etags": {}} cls.data_src = NVDDataSource(1, config=data_source_cfg) with open(TEST_DATA) as f: cls.nvd_data = json.load(f)