def test_read_path_empty(self):
empty = file_path(__file__, '')
storage = Storage(empty)
self.assertEqual(
storage.list_directories('securityfocus/samples') -
{'__pycache__'}, set())
def test_import_wp_vulnerabilities(self):
self.importer.load_wordpress(
file_path(__file__, 'vane-vulnerability-sample.json'))
wordpress = self.manager.files["VaneImporter"]["wordpress"]
self.assertEqual(wordpress.vulnerabilities[0].id, "5963")
self.assertEqual(wordpress.vulnerabilities[-1].id, "5967")
def test_import_themes_sample_file(self):
# Same sample file as plugins, same format
self.importer.load_themes(
file_path(__file__, 'vane-plugin-vulnerability-sample.json'))
theme_my_login = self.manager.files["VaneImporter"][
"themes/theme-my-login"]
self.assertEqual(theme_my_login.vulnerabilities[0].id, "6043")
def test_parse_discussion_3_paragraphs(self):
parser = DiscussionTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_discussion_3_paragraphs.html"))
self.assertEqual(parser.get_discussion(), "W3 Total Cache plugin for WordPress is prone to a cross-site scripting"
" vulnerability because it fails to properly sanitize user-supplied "
"input. An attacker may leverage this issue to execute arbitrary script"
" code in the browser of an unsuspecting user in the context of the "
"affected site. This can allow the attacker to steal cookie-based "
"authentication credentials and to launch other attacks. W3 Total "
"Cache 0.9.4.1 and prior are vulnerable.")
async def test_execute_ls(self, loop):
svn = Subversion(loop=loop)
svn.build_ls = MagicMock()
svn.build_ls.return_value = [
"cat", file_path(__file__, "svn.ls.empty.txt")
]
out = await svn.ls("foobar")
self.assertEqual([], out)
svn.build_ls.assert_called_once_with("foobar")
def test_parse_exploit_description_2_paragraphs(self):
parser = ExploitTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_description_2_paragraphs.html"))
self.assertEqual(parser.get_exploit_description(), "The following exploit URL is available: https://www.example"
".com/wordpress/wp-admin/admin.php?page=w3tc_support&"
"request_type=bug_report&payment&url=http://"
"example1.com&name=test&email=test%40example2"
".com&twitter&phone&subject=test&"
"amp;description=test&forum_url&wp_login&"
"amp;wp_password&ftp_host&ftp_login&"
"ftp_password&subscribe_releases&subscribe_"
"customer&w3tc_error=support_request&request"
"_id=<XSS>")
def test_parse_plugin_vuln_no_cve(self):
parser = InfoTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_no_cve.html"))
self.assertEqual(parser.get_title(), "WordPress WassUp Plugin 'main.php' Cross Site Scripting Vulnerability")
self.assertEqual(parser.get_bugtraq_id(), "73931")
self.assertEqual(parser.get_vuln_class(), "Input Validation Error")
self.assertEqual(parser.get_cve_id(), [])
self.assertEqual(parser.is_vuln_remote(), "Yes")
self.assertEqual(parser.is_vuln_local(), "No")
self.assertEqual(parser.get_publication_date(), datetime(2009, 12, 7, 0, 0))
self.assertEqual(parser.get_last_update_date(), datetime(2016, 9, 2, 20, 0))
self.assertEqual(parser.get_credit(), "Henri Salo")
self.assertEqual(parser.get_vulnerable_versions(), ["WordPress WassUp 1.7.2"])
self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress WassUp 1.7.2.1"])
def test_parse_wordpress_vuln_no_cve(self):
parser = InfoTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_no_cve.html"))
self.assertEqual(parser.get_title(), "WordPress Cross Site Scripting And Directory Traversal Vulnerabilities")
self.assertEqual(parser.get_bugtraq_id(), "92841")
self.assertEqual(parser.get_vuln_class(), "Input Validation Error")
self.assertEqual(parser.get_cve_id(), [])
self.assertEqual(parser.is_vuln_remote(), "Yes")
self.assertEqual(parser.is_vuln_local(), "No")
self.assertEqual(parser.get_publication_date(), datetime(2016, 9, 7, 0, 0))
self.assertEqual(parser.get_last_update_date(), datetime(2016, 9, 7, 0, 0))
self.assertEqual(parser.get_credit(), "SumOfPwn researcher Cengiz Han Sahin and Dominik Schilling of WordPress.")
# TODO add tests for vulnerable versions.
self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress WordPress 4.6.1"])
def test_parse_plugin_vuln_with_cve(self):
parser = InfoTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_with_cve.html"))
self.assertEqual(parser.get_title(), "WordPress Nofollow Links Plugin 'nofollow-links.php' Cross Site Scripting Vulnerability")
self.assertEqual(parser.get_bugtraq_id(), "92077")
self.assertEqual(parser.get_vuln_class(), "Input Validation Error")
self.assertEqual(parser.get_cve_id(), ["CVE-2016-4833"])
self.assertEqual(parser.is_vuln_remote(), "Yes")
self.assertEqual(parser.is_vuln_local(), "No")
self.assertEqual(parser.get_publication_date(), datetime(2016, 7, 20, 0, 0))
self.assertEqual(parser.get_last_update_date(), datetime(2016, 7, 20, 0, 0))
self.assertEqual(parser.get_credit(), "Gen Sato of TRADE WORKS Co.,Ltd. Security Dept.")
self.assertEqual(parser.get_vulnerable_versions(), ["WordPress Nofollow Links 1.0.10"])
self.assertEqual(parser.get_not_vulnerable_versions(), ["WordPress Nofollow Links 1.0.11"])
def test_parse_wordpress_vuln_with_cve(self):
parser = InfoTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_with_cve.html"))
self.assertEqual(parser.get_title(), "WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability")
self.assertEqual(parser.get_bugtraq_id(), "92572")
self.assertEqual(parser.get_vuln_class(), "Input Validation Error")
self.assertEqual(parser.get_cve_id(), ["CVE-2016-6897"])
self.assertEqual(parser.is_vuln_remote(), "Yes")
self.assertEqual(parser.is_vuln_local(), "No")
self.assertEqual(parser.get_publication_date(), datetime(2016, 8, 20, 0, 0))
self.assertEqual(parser.get_last_update_date(), datetime(2016, 8, 20, 0, 0))
self.assertEqual(parser.get_credit(), "Yorick Koster")
self.assertEqual(parser.get_vulnerable_versions(), ['WordPress WordPress 4.5.3'])
self.assertEqual(parser.get_not_vulnerable_versions(), ['WordPress WordPress 4.6'])
def test_parse_wordpress_with_cve(self):
parser = ReferenceTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_with_cve_references.html"))
references_list = parser.get_references()
self.assertEqual(len(references_list), 3)
reference = references_list[0]
self.assertEqual(reference["description"], " Improve capability checks in wp_ajax_update_plugin() and wp_ajax_delete_plugin( (WordPress)")
self.assertEqual(reference["url"], "https://core.trac.wordpress.org/ticket/37490")
reference = references_list[1]
self.assertEqual(reference["description"], "Path traversal vulnerability in WordPress Core Ajax handlers (sumofpwn.nl)")
self.assertEqual(reference["url"], "https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html")
reference = references_list[2]
self.assertEqual(reference["description"], "WordPress HomePage (WordPress)")
self.assertEqual(reference["url"], "http://wordpress.com/")
def test_parse_plugin_with_cve(self):
parser = ReferenceTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_with_cve_references.html"))
references_list = parser.get_references()
self.assertEqual(len(references_list), 3)
reference = references_list[0]
self.assertEqual(reference["description"], "Nofollow Links Changelog Page (WordPress)")
self.assertEqual(reference["url"], "https://wordpress.org/plugins/nofollow-links/changelog/")
reference = references_list[1]
self.assertEqual(reference["description"], "WordPress HomePage (WordPress)")
self.assertEqual(reference["url"], "http://wordpress.com/")
reference = references_list[2]
self.assertEqual(reference["description"], "JVN#13582657 WordPress plugin 'Nofollow Links' vulnerable to cross-site scriptin (JPCERT/CC and IPA)")
self.assertEqual(reference["url"], "https://jvn.jp/en/jp/JVN13582657/index.html")
def test_parse_plugin_no_cve(self):
parser = ReferenceTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_no_cve_references.html"))
references_list = parser.get_references()
self.assertEqual(len(references_list), 3)
reference = references_list[0]
self.assertEqual(reference["description"], "CVE request: WordPress plugin wassup cross-site scripting vulnerability (Henri Salo)")
self.assertEqual(reference["url"], "http://seclists.org/oss-sec/2015/q2/51")
reference = references_list[1]
self.assertEqual(reference["description"], "WassUp Changelog (WordPress)")
self.assertEqual(reference["url"], "http://wordpress.org/extend/plugins/wassup/changelog/")
reference = references_list[2]
self.assertEqual(reference["description"], "WassUp Homepage (WordPress)")
self.assertEqual(reference["url"], "http://wordpress.org/extend/plugins/wassup/")
def test_parse_plugin_vuln_multiple_identical_cve(self):
parser = InfoTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_plugin_vuln_multiple_cve.html"))
self.assertEqual(parser.get_title(),
"WordPress Connections Business Directory Plugin 2016-0770 Cross Site Scripting Vulnerability")
self.assertEqual(parser.get_bugtraq_id(), "82355")
self.assertEqual(parser.get_vuln_class(), "Input Validation Error")
self.assertEqual(parser.get_cve_id(), ["CVE-2016-0770"])
self.assertEqual(parser.is_vuln_remote(), "Yes")
self.assertEqual(parser.is_vuln_local(), "No")
self.assertEqual(parser.get_publication_date(), datetime(2016, 2, 1, 0, 0))
self.assertEqual(parser.get_last_update_date(), datetime(2016, 7, 6, 12, 13))
self.assertEqual(parser.get_credit(), "Larry Cashdollar.")
self.assertEqual(parser.get_vulnerable_versions(), [])
self.assertEqual(parser.get_not_vulnerable_versions(), [])
def test_parse_wordpress_no_cve(self):
parser = ReferenceTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_wordpress_vuln_no_cve_references.html"))
references_list = parser.get_references()
self.assertEqual(len(references_list), 4)
reference = references_list[0]
self.assertEqual(reference["description"], "Media: Sanitize upload filename. (WordPress)")
self.assertEqual(reference["url"], "https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0")
reference = references_list[1]
self.assertEqual(reference["description"], "WordPress HomePage (WordPress)")
self.assertEqual(reference["url"], "http://wordpress.org/")
reference = references_list[2]
self.assertEqual(reference["description"], "Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. (WordPress)")
self.assertEqual(reference["url"], "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e")
reference = references_list[3]
self.assertEqual(reference["description"], "WordPress 4.6.1 Security and Maintenance Release (WordPress)")
self.assertEqual(reference["url"], "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/")
async def test_fetch_list_of_first_page_vuln(self):
fetcher = SecurityFocusFetcher()
with open(
file_path(__file__,
"samples/first_page_of_wordpress_vuln.html"),
"rt") as html_page:
list_of_vuln = await fetcher.get_vulnerability_list(file=html_page)
self.assertEqual(list_of_vuln, [
"http://www.securityfocus.com/bid/93104",
"http://www.securityfocus.com/bid/92841",
"http://www.securityfocus.com/bid/73931",
"http://www.securityfocus.com/bid/92572",
"http://www.securityfocus.com/bid/92077",
"http://www.securityfocus.com/bid/82355",
"http://www.securityfocus.com/bid/91405",
"http://www.securityfocus.com/bid/91076",
])
def test_import_plugins_sample_file(self):
self.importer.load_plugins(
file_path(__file__, 'vane-plugin-vulnerability-sample.json'))
theme_my_login = self.manager.files["VaneImporter"][
"plugins/theme-my-login"]
login_rebuilder = self.manager.files["VaneImporter"][
"plugins/login-rebuilder"]
self.assertEqual(theme_my_login.vulnerabilities[0].id, "6043")
self.assertEqual(theme_my_login.vulnerabilities[0].title,
"Theme My Login 6.3.9 - Local File Inclusion")
self.assertEqual(theme_my_login.vulnerabilities[0].references[1].url,
"http://packetstormsecurity.com/files/127302/")
self.assertEqual(theme_my_login.vulnerabilities[0].references[2].url,
"http://seclists.org/fulldisclosure/2014/Jun/172")
self.assertEqual(theme_my_login.vulnerabilities[0].references[3].type,
"bugtraqid")
self.assertEqual(theme_my_login.vulnerabilities[0].references[3].id,
"68254")
self.assertEqual(
theme_my_login.vulnerabilities[0].references[4].url,
"https://security.dxw.com/advisories/lfi-in-theme-my-login/")
self.assertEqual(theme_my_login.vulnerabilities[0].references[0].url,
None)
self.assertEqual(theme_my_login.vulnerabilities[0].references[0].type,
"osvdb")
self.assertEqual(theme_my_login.vulnerabilities[0].references[0].id,
"108517")
self.assertEqual(login_rebuilder.vulnerabilities[0].id, "6044")
self.assertEqual(login_rebuilder.vulnerabilities[0].references[0].type,
"cve")
self.assertEqual(login_rebuilder.vulnerabilities[0].references[0].id,
"2014-3882")
self.assertEqual(
login_rebuilder.vulnerabilities[0].references[0].url,
"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3882")
def test_read_path_with_data(self):
empty = file_path(__file__, '')
storage = Storage(empty)
self.assertIn('common_test', storage.list_directories('..'))
def test_parse_discussion_2_paragraphs(self):
parser = DiscussionTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_discussion_2_paragraphs.html"))
self.assertEqual(parser.get_discussion(), "OneLogin SAML SSO Plugin for WordPress is prone to an authentication "
"bypass vulnerability. An attacker can exploit this issue to bypass "
"the authentication mechanism and perform unauthorized actions .")
def test_parse_exploit_description_1_paragraph(self):
parser = ExploitTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_description_1_paragraph.html"))
self.assertEqual(parser.get_exploit_description(), "To exploit this issue an attacker must entice an unsuspecting"
" victim to follow a malicious URI.")
def setUp(self):
self.rebuild = VaneVersionRebuild(
file_path(__file__, "wp_versions.xml"))
def test_parse_solution_no_solution(self):
parser = SolutionTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_solution_no_solution.html"))
self.assertEqual(parser.get_solution(), None)
def test_parse_solution(self):
parser = SolutionTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_solution.html"))
self.assertEqual(parser.get_solution(), "Updates are available. Please see the references or vendor advisory "
"for more information.")
def test_parse_exploit_no_exploit(self):
parser = ExploitTabParser()
parser.set_html_page(file_path(__file__, "samples/securityfocus_exploit_no_exploit.html"))
self.assertEqual(parser.get_exploit_description(), None)
def test_read_path_does_not_exist(self):
empty = file_path(__file__, '')
storage = Storage(empty)
self.assertEqual(
storage.list_directories('plugins') - {'__pycache__'}, set())