def BuildCve(self, cve_id, cpes, published_date): return cve_scan.Cve(cve_id, description=None, cpes=cpes, score=None, severity=None, published_date=dt.date.fromisoformat(published_date), last_modified_date=None)
def test_parse_cve_json(self): cve_json = { 'CVE_Items': [ { 'cve': { 'CVE_data_meta': { 'ID': 'CVE-2020-1234' }, 'description': { 'description_data': [{ 'value': 'foo' }] } }, 'configurations': { 'nodes': [{ 'cpe_match': [{ 'cpe23Uri': 'cpe:2.3:a:foo:bar:1.2.3' }], }], }, 'impact': { 'baseMetricV3': { 'cvssV3': { 'baseScore': 3.4, 'baseSeverity': 'LOW' } } }, 'publishedDate': '2020-03-17T00:59Z', 'lastModifiedDate': '2020-04-17T00:59Z' }, { 'cve': { 'CVE_data_meta': { 'ID': 'CVE-2020-1235' }, 'description': { 'description_data': [{ 'value': 'bar' }] } }, 'configurations': { 'nodes': [{ 'cpe_match': [{ 'cpe23Uri': 'cpe:2.3:a:foo:bar:1.2.3' }], 'children': [ { 'cpe_match': [{ 'cpe23Uri': 'cpe:2.3:a:foo:baz:3.2.3' }] }, { 'cpe_match': [{ 'cpe23Uri': 'cpe:2.3:a:foo:*:*' }, { 'cpe23Uri': 'cpe:2.3:a:wat:bar:1.2.3' }] }, ], }], }, 'impact': { 'baseMetricV3': { 'cvssV3': { 'baseScore': 9.9, 'baseSeverity': 'HIGH' } } }, 'publishedDate': '2020-03-18T00:59Z', 'lastModifiedDate': '2020-04-18T00:59Z' }, ] } cves = {} cpe_revmap = defaultdict(set) cve_scan.ParseCveJson(cve_json, cves, cpe_revmap) self.maxDiff = None self.assertDictEqual( cves, { 'CVE-2020-1234': cve_scan.Cve(id='CVE-2020-1234', description='foo', cpes=set([self.BuildCpe('cpe:2.3:a:foo:bar:1.2.3')]), score=3.4, severity='LOW', published_date=dt.date(2020, 3, 17), last_modified_date=dt.date(2020, 4, 17)), 'CVE-2020-1235': cve_scan.Cve(id='CVE-2020-1235', description='bar', cpes=set( map(self.BuildCpe, [ 'cpe:2.3:a:foo:bar:1.2.3', 'cpe:2.3:a:foo:baz:3.2.3', 'cpe:2.3:a:foo:*:*', 'cpe:2.3:a:wat:bar:1.2.3' ])), score=9.9, severity='HIGH', published_date=dt.date(2020, 3, 18), last_modified_date=dt.date(2020, 4, 18)) }) self.assertDictEqual(cpe_revmap, { 'cpe:2.3:a:foo:*:*': {'CVE-2020-1234', 'CVE-2020-1235'}, 'cpe:2.3:a:wat:*:*': {'CVE-2020-1235'} })