def test_parse_from_text_both_versions(self):
v1 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'
v2 = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = 'xxx. ' + v1 + ' ' + v2 + '. xxx'
e = set()
e.add(CVSS3(v1))
e.add(CVSS2(v2))
self.assertEqual(set(parser.parse_cvss_from_text(i)), e)
def get_cvss(self, cvss):
if cvss:
for cvss_item in cvss:
vector = cvss_item['vector']
cvss_objects = cvss_parser.parse_cvss_from_text(vector)
if len(cvss_objects) > 0 and type(cvss_objects[0]) == CVSS3:
return vector
return None
def test_parse_from_text_optional_sentence_cases(self):
# Missing space after end of sentence and before vector
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'
i = '.' + v
e = [CVSS3(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# End of sentence
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'
i = v + '.'
e = [CVSS3(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Missing space after dot before vector
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'
i = 'xxx.' + v
e = [CVSS3(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_multiple_vectors_same_cvss(self):
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'
e = [CVSS3(v)]
i = 'Title: {0}\nThis is an overview of {0} problem.\nLinks: {0}'.format(
v)
self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_cvss3(self):
i = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'
e = [CVSS3(i)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Truncated vector
i = 'CVSS:3'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0/'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0/AV:N'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0/AV:X'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0/AV:ZZZ'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N'
e = [CVSS3(i)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Missing mandatory prefix
i = 'AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
v1 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'
v2 = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'
i = ' '.join([v1, v2])
e = set()
e.add(CVSS3(v1))
e.add(CVSS3(v2))
self.assertEqual(set(parser.parse_cvss_from_text(i)), e)
# Correct text
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'
i = 'xxx ' + v
e = [CVSS3(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'
i = v + ' xxx'
e = [CVSS3(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_multiple_vectors_same_cvss(self):
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
e = [CVSS2(v)]
i = 'Title: {0}\nThis is an overview of {0} problem.\nLinks: {0}'.format(
v)
self.assertEqual(parser.parse_cvss_from_text(i), e)
def test_parse_from_text_cvss2(self):
"""
Tests for parsing CVSS from text.
"""
i = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
e = [CVSS2(i)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:U/RC:C/CDP:LM/TD:L/IR:H/AR:M'
e = [CVSS2(i)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = 'AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H'
e = [CVSS2(i)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Bad value
i = 'AV:N/AC:L/Au:N/C:C/I:C/A:X'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Truncated vector
i = 'AV:N/AC:'
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
i = ''
e = []
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Correct parsing
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = 'xxx ' + v
e = [CVSS2(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = v + ' xxx'
e = [CVSS2(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# End of sentence
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = v + '.'
e = [CVSS2(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Missing space after dot before vector
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = 'xxx.' + v
e = [CVSS2(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
# Missing space after dot after vector
v = 'AV:N/AC:L/Au:N/C:C/I:C/A:C'
i = v + '.xxx'
e = [CVSS2(v)]
self.assertEqual(parser.parse_cvss_from_text(i), e)
