Exemple #1
0
def test_section_header_unexpected_space_2():
    with pytest.raises(RuntimeError):
        Whitelist.load(
            io.StringIO("""
["broken-section 1.2"]
comment = "incorrect whitespace between package and version"
"""))
Exemple #2
0
def test_toml_missing_quote():
    t = io.StringIO("""\
[libxslt-2.0.1]
comment = "unquoted, triggers TOML's table syntax inadvertently"
""")
    with pytest.raises(RuntimeError):
        Whitelist.load(t)
Exemple #3
0
def test_merge_into_empty():
    wl = Whitelist()
    new = Whitelist.load(io.StringIO("""\
["libxslt"]
["audiofile-0.3.6"]
"""))
    wl.merge(new)
    assert set(wl.entries.keys()) == {'libxslt', 'audiofile-0.3.6'}
Exemple #4
0
def test_section_header_unexpected_space():
    with pytest.raises(RuntimeError):
        Whitelist.load(
            io.StringIO("""
["ok-section-1.0"]

[ "broken-section-1.1" ]
comment = "whitespace confuses TOML parser"
"""))
Exemple #5
0
def test_until_latest_wins(whitelist):
    new = Whitelist.load(
        io.StringIO("""\
["libxslt-2.0"]
until = "2018-03-02"

["audiofile-0.3.2"]
until = "2018-04-01"
"""))
    whitelist.merge(new)
    assert whitelist['libxslt-2.0'].until == datetime.date(2018, 3, 2)
    assert whitelist['audiofile-0.3.2'].until == datetime.date(2018, 4, 1)
Exemple #6
0
def test_merge(whitelist):
    new = Whitelist.load(
        io.StringIO("""\
["libxslt-2.0"]
until = "2018-02-25"
comment = "latest date wins"

["audiofile-0.3.6"]
cve = ["CVE-2017-6827", "CVE-2017-6839"]
comment = "new stuff should be appended"
issue_url = "https://github.com/NixOS/nixpkgs/issues/30959"

["libtasn1-4.12"]
cve = ["CVE-2017-10790"]
"""))
    whitelist.merge(new)
    assert len(whitelist) == 7

    libxslt = whitelist['libxslt-2.0']
    assert libxslt.until == datetime.date(2018, 3, 1)
    assert libxslt.comment == ['latest date wins']

    audiofile = whitelist['audiofile-0.3.6']
    assert audiofile.cve == {
        'CVE-2017-6827',
        'CVE-2017-6834',
        'CVE-2017-6828',
        'CVE-2017-6839',
    }
    assert audiofile.comment == [
        'some issues not fixed upstream',
        'new stuff should be appended',
    ]
    assert audiofile.issue_url == {
        'https://fb.flyingcircus.io/f/cases/26909/',
        'https://github.com/NixOS/nixpkgs/issues/30959',
    }

    libtasn1 = whitelist['libtasn1-4.12']
    assert libtasn1.cve == {'CVE-2017-10790'}
Exemple #7
0
def whitelist():
    return Whitelist.load(
        pkg_resources.resource_stream('vulnix',
                                      'tests/fixtures/whitelist.toml'))
Exemple #8
0
def test_neither_name_nor_cve():
    with pytest.raises(RuntimeError):
        Whitelist.load(io.StringIO('-\n  comment: invalid entry\n'))
Exemple #9
0
def test_from_toml(whitelist_toml):
    check_whitelist_entries(Whitelist.load(whitelist_toml))
Exemple #10
0
def test_section_header_alphanumeric():
    Whitelist.load(
        io.StringIO("""
[systemd-236]
comment = "section headers consisting only of alphanum chars are ok"
"""))
Exemple #11
0
def test_toml_malformed_url():
    with pytest.raises(ValueError):
        Whitelist.load(io.StringIO('["pkg"]\nissue_url = "foobar"'))
Exemple #12
0
def test_load_should_remove_timeed_out_rules(whitelist_toml):
    wl = Whitelist.load(whitelist_toml)
    assert 'libxslt-2.0' not in wl.entries
Exemple #13
0
def test_parse_until():
    wl = Whitelist.load(io.StringIO('["libarchive"]\nuntil = "2019-03-10"\n'))
    assert len(wl.entries) == 1
    assert wl.entries['libarchive'].until == datetime.date(2019, 3, 10)
Exemple #14
0
def whitelist():
    return Whitelist.load(pkg_resources.resource_stream(
        'vulnix', 'tests/fixtures/whitelist.toml'))