def BuildCve(self, cve_id, cpes, published_date):
return cve_scan.Cve(cve_id,
description=None,
cpes=cpes,
score=None,
severity=None,
published_date=dt.date.fromisoformat(published_date),
last_modified_date=None)
def test_parse_cve_json(self):
cve_json = {
'CVE_Items': [
{
'cve': {
'CVE_data_meta': {
'ID': 'CVE-2020-1234'
},
'description': {
'description_data': [{
'value': 'foo'
}]
}
},
'configurations': {
'nodes': [{
'cpe_match': [{
'cpe23Uri': 'cpe:2.3:a:foo:bar:1.2.3'
}],
}],
},
'impact': {
'baseMetricV3': {
'cvssV3': {
'baseScore': 3.4,
'baseSeverity': 'LOW'
}
}
},
'publishedDate': '2020-03-17T00:59Z',
'lastModifiedDate': '2020-04-17T00:59Z'
},
{
'cve': {
'CVE_data_meta': {
'ID': 'CVE-2020-1235'
},
'description': {
'description_data': [{
'value': 'bar'
}]
}
},
'configurations': {
'nodes': [{
'cpe_match': [{
'cpe23Uri': 'cpe:2.3:a:foo:bar:1.2.3'
}],
'children': [
{
'cpe_match': [{
'cpe23Uri': 'cpe:2.3:a:foo:baz:3.2.3'
}]
},
{
'cpe_match': [{
'cpe23Uri': 'cpe:2.3:a:foo:*:*'
}, {
'cpe23Uri': 'cpe:2.3:a:wat:bar:1.2.3'
}]
},
],
}],
},
'impact': {
'baseMetricV3': {
'cvssV3': {
'baseScore': 9.9,
'baseSeverity': 'HIGH'
}
}
},
'publishedDate': '2020-03-18T00:59Z',
'lastModifiedDate': '2020-04-18T00:59Z'
},
]
}
cves = {}
cpe_revmap = defaultdict(set)
cve_scan.ParseCveJson(cve_json, cves, cpe_revmap)
self.maxDiff = None
self.assertDictEqual(
cves, {
'CVE-2020-1234':
cve_scan.Cve(id='CVE-2020-1234',
description='foo',
cpes=set([self.BuildCpe('cpe:2.3:a:foo:bar:1.2.3')]),
score=3.4,
severity='LOW',
published_date=dt.date(2020, 3, 17),
last_modified_date=dt.date(2020, 4, 17)),
'CVE-2020-1235':
cve_scan.Cve(id='CVE-2020-1235',
description='bar',
cpes=set(
map(self.BuildCpe, [
'cpe:2.3:a:foo:bar:1.2.3', 'cpe:2.3:a:foo:baz:3.2.3',
'cpe:2.3:a:foo:*:*', 'cpe:2.3:a:wat:bar:1.2.3'
])),
score=9.9,
severity='HIGH',
published_date=dt.date(2020, 3, 18),
last_modified_date=dt.date(2020, 4, 18))
})
self.assertDictEqual(cpe_revmap, {
'cpe:2.3:a:foo:*:*': {'CVE-2020-1234', 'CVE-2020-1235'},
'cpe:2.3:a:wat:*:*': {'CVE-2020-1235'}
})