Esempio n. 1
0
    def test_url_is_not_404(self):
        all_urls = set()
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_vuln = DBVuln.from_id(vuln_id)

            if db_vuln.wasc:
                for wasc_id in db_vuln.wasc:
                    all_urls.add(db_vuln.get_wasc_url(wasc_id))

            if db_vuln.cwe:
                for cwe_id in db_vuln.cwe:
                    all_urls.add(db_vuln.get_cwe_url(cwe_id))

            for _, _, link in db_vuln.get_owasp_top_10_references():
                all_urls.add(link)

            for reference in db_vuln.references:
                all_urls.add(reference.url)

        session = requests.Session()
        for url in all_urls:
            if self.url_is_404(session, url):
                invalid.append(url)

        self.assertEqual(invalid, [])
Esempio n. 2
0
    def test_url_is_not_404(self):
        all_urls = set()
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_vuln = DBVuln.from_id(vuln_id)

            if db_vuln.wasc:
                for wasc_id in db_vuln.wasc:
                    all_urls.add(db_vuln.get_wasc_url(wasc_id))

            if db_vuln.cwe:
                for cwe_id in db_vuln.cwe:
                    all_urls.add(db_vuln.get_cwe_url(cwe_id))

            for _, _, link in db_vuln.get_owasp_top_10_references():
                all_urls.add(link)

            for reference in db_vuln.references:
                all_urls.add(reference.url)

        session = requests.Session()
        for url in all_urls:
            if self.url_is_404(session, url):
                invalid.append(url)

        self.assertEqual(invalid, [])
Esempio n. 3
0
    def set_vulndb_id(self, vulndb_id):
        if vulndb_id is None:
            self._vulndb_id = None
            return

        if not DBVuln.is_valid_id(vulndb_id):
            all_db_ids = DBVuln.get_all_db_ids()
            msg = ('Invalid vulnerability DB id %s. There are %s entries in'
                   ' the vulnerability database but none is the specified one.')
            args = (vulndb_id, len(all_db_ids))
            raise ValueError(msg % args)

        self._vulndb_id = vulndb_id
Esempio n. 4
0
    def set_vulndb_id(self, vulndb_id):
        if vulndb_id is None:
            self._vulndb_id = None
            return

        if not DBVuln.is_valid_id(vulndb_id):
            all_db_ids = DBVuln.get_all_db_ids()
            msg = ('Invalid vulnerability DB id %s. There are %s entries in'
                   ' the vulnerability database but none is the specified one.')
            args = (vulndb_id, len(all_db_ids))
            raise ValueError(msg % args)

        self._vulndb_id = vulndb_id
Esempio n. 5
0
    def test_no_multiple_spaces(self):
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_vuln = DBVuln.from_id(vuln_id)

            if '  ' in db_vuln.fix_guidance:
                invalid.append((db_vuln.db_file, 'fix_guidance'))

            if '  ' in db_vuln.description:
                invalid.append((db_vuln.db_file, 'description'))

        self.assertEqual(invalid, [])
Esempio n. 6
0
    def test_no_multiple_spaces(self):
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_vuln = DBVuln.from_id(vuln_id)

            if '  ' in db_vuln.fix_guidance:
                invalid.append((db_vuln.db_file, 'fix_guidance'))

            if '  ' in db_vuln.description:
                invalid.append((db_vuln.db_file, 'description'))

        self.assertEqual(invalid, [])
Esempio n. 7
0
    def test_id_match(self):
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_path_file = DBVuln.get_file_for_id(vuln_id)
            json_data = json.loads(file(db_path_file).read())
            json_id = json_data['id']

            db_file = os.path.split(db_path_file)[1]

            if not db_file.startswith('%s-' % json_id):
                invalid.append(db_file)

        self.assertEqual(invalid, [])
Esempio n. 8
0
    def test_id_match(self):
        invalid = []

        for vuln_id in DBVuln.get_all_db_ids():
            db_path_file = DBVuln.get_file_for_id(vuln_id)
            json_data = json.loads(file(db_path_file).read())
            json_id = json_data['id']

            db_file = os.path.split(db_path_file)[1]

            if not db_file.startswith('%s-' % json_id):
                invalid.append(db_file)

        self.assertEqual(invalid, [])
Esempio n. 9
0
###
# Name:    VulnDB_Json_serpico
# Description: Script to Parse VulnDB to Serpico Vulnerability Findings
# Author:      SAINTz
# Twitter: @__SAINTz__
# Version:     0.1 - 17 August 2018
# License:     GNU/GPL
##

import json
from vulndb import DBVuln

DB_IDs = DBVuln.get_all_db_ids()

export_json = []
for x in DB_IDs:
    dbv = DBVuln.from_id(x)
    data_tmp = {
        "affected_hosts": "null",
        "affected_users": 10,
        "approved": "true",
        "damage": 10,
        "discoverability": 10,
        "dread_total": 0,
        "effort": "Planned",
        "exploitability": 10,
        "id": dbv.id,
        "overview": "<paragraph>" + dbv.description + "</paragraph>",
        "poc": "<paragraph></paragraph>",
        "references": dbv.references,
        "remediation": "<paragraph>" + dbv.fix_guidance + "</paragraph>",