def test_read_path_empty(self): empty = file_path(__file__, '') storage = Storage(empty) self.assertEqual( storage.list_directories('securityfocus/samples') - {'__pycache__'}, set())
def test_import_wp_vulnerabilities(self): self.importer.load_wordpress( file_path(__file__, 'vane-vulnerability-sample.json')) wordpress = self.manager.files["VaneImporter"]["wordpress"] self.assertEqual(wordpress.vulnerabilities[0].id, "5963") self.assertEqual(wordpress.vulnerabilities[-1].id, "5967")
def test_import_themes_sample_file(self): # Same sample file as plugins, same format self.importer.load_themes( file_path(__file__, 'vane-plugin-vulnerability-sample.json')) theme_my_login = self.manager.files["VaneImporter"][ "themes/theme-my-login"] self.assertEqual(theme_my_login.vulnerabilities[0].id, "6043")
def test_parse_discussion_3_paragraphs(self): parser = DiscussionTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_discussion_3_paragraphs.html")) self.assertEqual(parser.get_discussion(), "W3 Total Cache plugin for WordPress is prone to a cross-site scripting" " vulnerability because it fails to properly sanitize user-supplied " "input. An attacker may leverage this issue to execute arbitrary script" " code in the browser of an unsuspecting user in the context of the " "affected site. This can allow the attacker to steal cookie-based " "authentication credentials and to launch other attacks. W3 Total " "Cache 0.9.4.1 and prior are vulnerable.")
async def test_execute_ls(self, loop): svn = Subversion(loop=loop) svn.build_ls = MagicMock() svn.build_ls.return_value = [ "cat", file_path(__file__, "svn.ls.empty.txt") ] out = await svn.ls("foobar") self.assertEqual([], out) svn.build_ls.assert_called_once_with("foobar")
def test_parse_exploit_description_2_paragraphs(self): parser = ExploitTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_description_2_paragraphs.html")) self.assertEqual(parser.get_exploit_description(), "The following exploit URL is available: https://www.example" ".com/wordpress/wp-admin/admin.php?page=w3tc_support&" "request_type=bug_report&payment&url=http://" "example1.com&name=test&email=test%40example2" ".com&twitter&phone&subject=test&" "amp;description=test&forum_url&wp_login&" "amp;wp_password&ftp_host&ftp_login&" "ftp_password&subscribe_releases&subscribe_" "customer&w3tc_error=support_request&request" "_id=<XSS>")
def test_parse_plugin_vuln_no_cve(self): parser = InfoTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_no_cve.html")) self.assertEqual(parser.get_title(), "WordPress WassUp Plugin 'main.php' Cross Site Scripting Vulnerability") self.assertEqual(parser.get_bugtraq_id(), "73931") self.assertEqual(parser.get_vuln_class(), "Input Validation Error") self.assertEqual(parser.get_cve_id(), []) self.assertEqual(parser.is_vuln_remote(), "Yes") self.assertEqual(parser.is_vuln_local(), "No") self.assertEqual(parser.get_publication_date(), datetime(2009, 12, 7, 0, 0)) self.assertEqual(parser.get_last_update_date(), datetime(2016, 9, 2, 20, 0)) self.assertEqual(parser.get_credit(), "Henri Salo") self.assertEqual(parser.get_vulnerable_versions(), ["WordPress WassUp 1.7.2"]) self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress WassUp 1.7.2.1"])
def test_parse_wordpress_vuln_no_cve(self): parser = InfoTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_no_cve.html")) self.assertEqual(parser.get_title(), "WordPress Cross Site Scripting And Directory Traversal Vulnerabilities") self.assertEqual(parser.get_bugtraq_id(), "92841") self.assertEqual(parser.get_vuln_class(), "Input Validation Error") self.assertEqual(parser.get_cve_id(), []) self.assertEqual(parser.is_vuln_remote(), "Yes") self.assertEqual(parser.is_vuln_local(), "No") self.assertEqual(parser.get_publication_date(), datetime(2016, 9, 7, 0, 0)) self.assertEqual(parser.get_last_update_date(), datetime(2016, 9, 7, 0, 0)) self.assertEqual(parser.get_credit(), "SumOfPwn researcher Cengiz Han Sahin and Dominik Schilling of WordPress.") # TODO add tests for vulnerable versions. self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress WordPress 4.6.1"])
def test_parse_plugin_vuln_with_cve(self): parser = InfoTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_with_cve.html")) self.assertEqual(parser.get_title(), "WordPress Nofollow Links Plugin 'nofollow-links.php' Cross Site Scripting Vulnerability") self.assertEqual(parser.get_bugtraq_id(), "92077") self.assertEqual(parser.get_vuln_class(), "Input Validation Error") self.assertEqual(parser.get_cve_id(), ["CVE-2016-4833"]) self.assertEqual(parser.is_vuln_remote(), "Yes") self.assertEqual(parser.is_vuln_local(), "No") self.assertEqual(parser.get_publication_date(), datetime(2016, 7, 20, 0, 0)) self.assertEqual(parser.get_last_update_date(), datetime(2016, 7, 20, 0, 0)) self.assertEqual(parser.get_credit(), "Gen Sato of TRADE WORKS Co.,Ltd. Security Dept.") self.assertEqual(parser.get_vulnerable_versions(), ["WordPress Nofollow Links 1.0.10"]) self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress Nofollow Links 1.0.11"])
def test_parse_wordpress_vuln_with_cve(self): parser = InfoTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_with_cve.html")) self.assertEqual(parser.get_title(), "WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability") self.assertEqual(parser.get_bugtraq_id(), "92572") self.assertEqual(parser.get_vuln_class(), "Input Validation Error") self.assertEqual(parser.get_cve_id(), ["CVE-2016-6897"]) self.assertEqual(parser.is_vuln_remote(), "Yes") self.assertEqual(parser.is_vuln_local(), "No") self.assertEqual(parser.get_publication_date(), datetime(2016, 8, 20, 0, 0)) self.assertEqual(parser.get_last_update_date(), datetime(2016, 8, 20, 0, 0)) self.assertEqual(parser.get_credit(), "Yorick Koster") self.assertEqual(parser.get_vulnerable_versions(), ['WordPress WordPress 4.5.3']) self.assertEqual(parser.get_not_vulnerable_versions(), ['WordPress WordPress 4.6'])
def test_parse_wordpress_with_cve(self): parser = ReferenceTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_with_cve_references.html")) references_list = parser.get_references() self.assertEqual(len(references_list), 3) reference = references_list[0] self.assertEqual(reference["description"], " Improve capability checks in wp_ajax_update_plugin() and wp_ajax_delete_plugin( (WordPress)") self.assertEqual(reference["url"], "https://core.trac.wordpress.org/ticket/37490") reference = references_list[1] self.assertEqual(reference["description"], "Path traversal vulnerability in WordPress Core Ajax handlers (sumofpwn.nl)") self.assertEqual(reference["url"], "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html") reference = references_list[2] self.assertEqual(reference["description"], "WordPress HomePage (WordPress)") self.assertEqual(reference["url"], "http://wordpress.com/")
def test_parse_plugin_with_cve(self): parser = ReferenceTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_with_cve_references.html")) references_list = parser.get_references() self.assertEqual(len(references_list), 3) reference = references_list[0] self.assertEqual(reference["description"], "Nofollow Links Changelog Page (WordPress)") self.assertEqual(reference["url"], "https://wordpress.org/plugins/nofollow-links/changelog/") reference = references_list[1] self.assertEqual(reference["description"], "WordPress HomePage (WordPress)") self.assertEqual(reference["url"], "http://wordpress.com/") reference = references_list[2] self.assertEqual(reference["description"], "JVN#13582657 WordPress plugin 'Nofollow Links' vulnerable to cross-site scriptin (JPCERT/CC and IPA)") self.assertEqual(reference["url"], "https://jvn.jp/en/jp/JVN13582657/index.html")
def test_parse_plugin_no_cve(self): parser = ReferenceTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_no_cve_references.html")) references_list = parser.get_references() self.assertEqual(len(references_list), 3) reference = references_list[0] self.assertEqual(reference["description"], "CVE request: WordPress plugin wassup cross-site scripting vulnerability (Henri Salo)") self.assertEqual(reference["url"], "http://seclists.org/oss-sec/2015/q2/51") reference = references_list[1] self.assertEqual(reference["description"], "WassUp Changelog (WordPress)") self.assertEqual(reference["url"], "http://wordpress.org/extend/plugins/wassup/changelog/") reference = references_list[2] self.assertEqual(reference["description"], "WassUp Homepage (WordPress)") self.assertEqual(reference["url"], "http://wordpress.org/extend/plugins/wassup/")
def test_parse_plugin_vuln_multiple_identical_cve(self): parser = InfoTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_multiple_cve.html")) self.assertEqual(parser.get_title(), "WordPress Connections Business Directory Plugin 2016-0770 Cross Site Scripting Vulnerability") self.assertEqual(parser.get_bugtraq_id(), "82355") self.assertEqual(parser.get_vuln_class(), "Input Validation Error") self.assertEqual(parser.get_cve_id(), ["CVE-2016-0770"]) self.assertEqual(parser.is_vuln_remote(), "Yes") self.assertEqual(parser.is_vuln_local(), "No") self.assertEqual(parser.get_publication_date(), datetime(2016, 2, 1, 0, 0)) self.assertEqual(parser.get_last_update_date(), datetime(2016, 7, 6, 12, 13)) self.assertEqual(parser.get_credit(), "Larry Cashdollar.") self.assertEqual(parser.get_vulnerable_versions(), []) self.assertEqual(parser.get_not_vulnerable_versions(), [])
def test_parse_wordpress_no_cve(self): parser = ReferenceTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_no_cve_references.html")) references_list = parser.get_references() self.assertEqual(len(references_list), 4) reference = references_list[0] self.assertEqual(reference["description"], "Media: Sanitize upload filename. (WordPress)") self.assertEqual(reference["url"], "https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0") reference = references_list[1] self.assertEqual(reference["description"], "WordPress HomePage (WordPress)") self.assertEqual(reference["url"], "http://wordpress.org/") reference = references_list[2] self.assertEqual(reference["description"], "Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. (WordPress)") self.assertEqual(reference["url"], "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e") reference = references_list[3] self.assertEqual(reference["description"], "WordPress 4.6.1 Security and Maintenance Release (WordPress)") self.assertEqual(reference["url"], "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/")
async def test_fetch_list_of_first_page_vuln(self): fetcher = SecurityFocusFetcher() with open( file_path(__file__, "samples/first_page_of_wordpress_vuln.html"), "rt") as html_page: list_of_vuln = await fetcher.get_vulnerability_list(file=html_page) self.assertEqual(list_of_vuln, [ "http://www.securityfocus.com/bid/93104", "http://www.securityfocus.com/bid/92841", "http://www.securityfocus.com/bid/73931", "http://www.securityfocus.com/bid/92572", "http://www.securityfocus.com/bid/92077", "http://www.securityfocus.com/bid/82355", "http://www.securityfocus.com/bid/91405", "http://www.securityfocus.com/bid/91076", ])
def test_import_plugins_sample_file(self): self.importer.load_plugins( file_path(__file__, 'vane-plugin-vulnerability-sample.json')) theme_my_login = self.manager.files["VaneImporter"][ "plugins/theme-my-login"] login_rebuilder = self.manager.files["VaneImporter"][ "plugins/login-rebuilder"] self.assertEqual(theme_my_login.vulnerabilities[0].id, "6043") self.assertEqual(theme_my_login.vulnerabilities[0].title, "Theme My Login 6.3.9 - Local File Inclusion") self.assertEqual(theme_my_login.vulnerabilities[0].references[1].url, "http://packetstormsecurity.com/files/127302/") self.assertEqual(theme_my_login.vulnerabilities[0].references[2].url, "http://seclists.org/fulldisclosure/2014/Jun/172") self.assertEqual(theme_my_login.vulnerabilities[0].references[3].type, "bugtraqid") self.assertEqual(theme_my_login.vulnerabilities[0].references[3].id, "68254") self.assertEqual( theme_my_login.vulnerabilities[0].references[4].url, "https://security.dxw.com/advisories/lfi-in-theme-my-login/") self.assertEqual(theme_my_login.vulnerabilities[0].references[0].url, None) self.assertEqual(theme_my_login.vulnerabilities[0].references[0].type, "osvdb") self.assertEqual(theme_my_login.vulnerabilities[0].references[0].id, "108517") self.assertEqual(login_rebuilder.vulnerabilities[0].id, "6044") self.assertEqual(login_rebuilder.vulnerabilities[0].references[0].type, "cve") self.assertEqual(login_rebuilder.vulnerabilities[0].references[0].id, "2014-3882") self.assertEqual( login_rebuilder.vulnerabilities[0].references[0].url, "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3882")
def test_read_path_with_data(self): empty = file_path(__file__, '') storage = Storage(empty) self.assertIn('common_test', storage.list_directories('..'))
def test_parse_discussion_2_paragraphs(self): parser = DiscussionTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_discussion_2_paragraphs.html")) self.assertEqual(parser.get_discussion(), "OneLogin SAML SSO Plugin for WordPress is prone to an authentication " "bypass vulnerability. An attacker can exploit this issue to bypass " "the authentication mechanism and perform unauthorized actions .")
def test_parse_exploit_description_1_paragraph(self): parser = ExploitTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_description_1_paragraph.html")) self.assertEqual(parser.get_exploit_description(), "To exploit this issue an attacker must entice an unsuspecting" " victim to follow a malicious URI.")
def setUp(self): self.rebuild = VaneVersionRebuild( file_path(__file__, "wp_versions.xml"))
def test_parse_solution_no_solution(self): parser = SolutionTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_solution_no_solution.html")) self.assertEqual(parser.get_solution(), None)
def test_parse_solution(self): parser = SolutionTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_solution.html")) self.assertEqual(parser.get_solution(), "Updates are available. Please see the references or vendor advisory " "for more information.")
def test_parse_exploit_no_exploit(self): parser = ExploitTabParser() parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_no_exploit.html")) self.assertEqual(parser.get_exploit_description(), None)
def test_read_path_does_not_exist(self): empty = file_path(__file__, '') storage = Storage(empty) self.assertEqual( storage.list_directories('plugins') - {'__pycache__'}, set())