class DatabaseTest(): # so as to not interfere with actual CVEs, should be for next year _default_year = date.today().year + 1 def __init__(self): self.db = Database("/tmp/nvd_db.sqlite", empty=True) def insert_dummy_product(self, product_id): assert(type(product_id) is int) print "Inserting product", product_id self.db.product_insert(product_id, "vendor", "product") def insert_dummy_products(self, product_ids): assert(type(product_ids) is list) for pid in product_ids: self.insert_dummy_product(pid) def insert_dummy_vulnerability(self, cve_id): print("Inserting vulnerability CVE-%d-%d" % (self._default_year, cve_id)) self.db.vulnerability_insert(self._default_year, cve_id, "test cve, not real") def insert_dummy_vulnerabilities(self, count): for i in xrange(0, count): self.insert_dummy_vulnerability(i + 1) def insert_mapping(self, product_id, product_version, cve_id): self.db.vulnerability_product_insert(product_id, product_version, self._default_year, cve_id) def insert_mappings(self, product_id, product_version, cve_ids): assert(type(cve_ids) == list) for i in cve_ids: self.insert_mapping(product_id, product_version, i) def lookup(self, product_id, product_version): return self.db.product_get_vulnerabilities(product_id, product_version) @classmethod def version_to_string(product_version): return string.join(map(str, product_version), '.')
logger.info("Parsing %s.." % file) p = NVDFileParser(file, product_filter=products) vs = p.get_vulnerabilities() vulnerabilities.extend(vs) # --------------------------------- # # Insert products into database # # --------------------------------- # for i in xrange(len(products)): vendor = products[i][0] product = products[i][1] db.product_insert(i, vendor, product) for v in vulnerabilities: logger.info("Inserting vuln %s into database.." % v.id) db.vulnerability_insert(v.cve_year, v.cve_id, v.summary, len(v.dependencies) > 0) for product in v.products: for i in xrange(len(products)): if product.equalTo(products[i]): logger.info("\t> %s" % product) # Parse version string into array of integers vs = Util.parse_version(product.version) # Add vulnerability_product entry to map product & version to a vulnerability