class TestNVTICache(TestCase): @patch('ospd_openvas.db.MainDB') def setUp(self, MockMainDB): # pylint: disable=arguments-differ self.db = MockMainDB() self.nvti = NVTICache(self.db) self.nvti._ctx = 'foo' def test_set_index(self, MockOpenvasDB): self.nvti._nvti_cache_name = '20.4' self.nvti._ctx = None MockOpenvasDB.find_database_by_pattern.return_value = ('foo', 22) ctx = self.nvti.ctx self.assertIsNotNone(ctx) self.assertEqual(ctx, 'foo') self.assertEqual(self.nvti.index, 22) def test_get_feed_version(self, MockOpenvasDB): self.nvti._nvti_cache_name = '20.4' MockOpenvasDB.get_single_item.return_value = '1234' resp = self.nvti.get_feed_version() self.assertEqual(resp, '1234') MockOpenvasDB.get_single_item.assert_called_with('foo', '20.4') def test_get_feed_version_not_available(self, MockOpenvasDB): pmock = PropertyMock(return_value=123) type(self.db).max_database_index = pmock self.nvti._nvti_cache_name = '20.4' self.nvti._ctx = None MockOpenvasDB.find_database_by_pattern.return_value = (None, None) resp = self.nvti.get_feed_version() self.assertIsNone(resp) MockOpenvasDB.find_database_by_pattern.assert_called_with('20.4', 123) def test_get_oids(self, MockOpenvasDB): MockOpenvasDB.get_filenames_and_oids.return_value = ['oids'] resp = self.nvti.get_oids() self.assertEqual(resp, ['oids']) def test_parse_metadata_tag_missing_value(self, MockOpenvasDB): logging.Logger.error = Mock() tags = 'tag1' ret = NVTICache._parse_metadata_tags( # pylint: disable=protected-access tags, '1.2.3') self.assertEqual(ret, {}) assert_called(logging.Logger.error) def test_parse_metadata_tag(self, MockOpenvasDB): tags = 'tag1=value1' ret = NVTICache._parse_metadata_tags( # pylint: disable=protected-access tags, '1.2.3') self.assertEqual(ret, {'tag1': 'value1'}) def test_parse_metadata_tags(self, MockOpenvasDB): tags = 'tag1=value1|foo=bar' ret = NVTICache._parse_metadata_tags( # pylint: disable=protected-access tags, '1.2.3') self.assertEqual(ret, {'tag1': 'value1', 'foo': 'bar'}) def test_get_nvt_params(self, MockOpenvasDB): prefs1 = ['1|||dns-fuzz.timelimit|||entry|||default'] prefs2 = ['1|||dns-fuzz.timelimit|||entry|||'] prefs3 = ['1|||dns-fuzz.timelimit|||entry'] timeout = '300' out_dict1 = { '1': { 'id': '1', 'type': 'entry', 'default': 'default', 'name': 'dns-fuzz.timelimit', 'description': 'Description', }, '0': { 'type': 'entry', 'id': '0', 'default': '300', 'name': 'timeout', 'description': 'Script Timeout', }, } out_dict2 = { '1': { 'id': '1', 'type': 'entry', 'default': '', 'name': 'dns-fuzz.timelimit', 'description': 'Description', }, '0': { 'type': 'entry', 'id': '0', 'default': '300', 'name': 'timeout', 'description': 'Script Timeout', }, } MockOpenvasDB.get_list_item.return_value = prefs1 MockOpenvasDB.get_single_item.return_value = timeout resp = self.nvti.get_nvt_params('1.2.3.4') self.assertEqual(resp, out_dict1) MockOpenvasDB.get_list_item.return_value = prefs2 resp = self.nvti.get_nvt_params('1.2.3.4') self.assertEqual(resp, out_dict2) MockOpenvasDB.get_list_item.return_value = prefs3 resp = self.nvti.get_nvt_params('1.2.3.4') self.assertEqual(resp, out_dict2) def test_get_nvt_params_timeout_none(self, MockOpenvasDB): prefs = ['1|||dns-fuzz.timelimit|||entry|||default'] timeout = None MockOpenvasDB.get_single_item.return_value = timeout MockOpenvasDB.get_list_item.return_value = prefs resp = self.nvti.get_nvt_params('1.2.3.4') self.assertIsNone(resp) def test_get_nvt_metadata(self, MockOpenvasDB): metadata = [ 'mantis_detect.nasl', '', '', 'Settings/disable_cgi_scanning', '', 'Services/www, 80', 'find_service.nasl, http_version.nasl', 'cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N' '/A:N|last_modification=1533906565' '|creation_date=1237458156' '|summary=Detects the ins' 'talled version of\n Mantis a free popular web-based ' 'bugtracking system.\n\n This script sends HTTP GET r' 'equest and try to get the version from the\n respons' 'e, and sets the result in KB.|qod_type=remote_banner', '', '', 'URL:http://www.mantisbt.org/', '3', '0', 'Product detection', 'Mantis Detection', ] custom = { 'category': '3', 'creation_date': '1237458156', 'cvss_base_vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:N', 'dependencies': 'find_service.nasl, http_version.nasl', 'excluded_keys': 'Settings/disable_cgi_scanning', 'family': 'Product detection', 'filename': 'mantis_detect.nasl', 'last_modification': ('1533906565'), 'name': 'Mantis Detection', 'qod_type': 'remote_banner', 'required_ports': 'Services/www, 80', 'summary': ('Detects the installed version of\n Mantis a ' 'free popular web-based bugtracking system.\n' '\n This script sends HTTP GET request and t' 'ry to get the version from the\n response, ' 'and sets the result in KB.'), 'timeout': '0', } MockOpenvasDB.get_list_item.return_value = metadata resp = self.nvti.get_nvt_metadata('1.2.3.4') self.assertEqual(resp, custom) def test_get_nvt_metadata_fail(self, MockOpenvasDB): MockOpenvasDB.get_list_item.return_value = [] resp = self.nvti.get_nvt_metadata('1.2.3.4') self.assertIsNone(resp) def test_get_nvt_refs(self, MockOpenvasDB): refs = ['', '', 'URL:http://www.mantisbt.org/'] out_dict = { 'cve': [''], 'bid': [''], 'xref': ['URL:http://www.mantisbt.org/'], } MockOpenvasDB.get_list_item.return_value = refs resp = self.nvti.get_nvt_refs('1.2.3.4') self.assertEqual(resp, out_dict) def test_get_nvt_refs_fail(self, MockOpenvasDB): MockOpenvasDB.get_list_item.return_value = [] resp = self.nvti.get_nvt_refs('1.2.3.4') self.assertIsNone(resp) def test_get_nvt_prefs(self, MockOpenvasDB): prefs = ['dns-fuzz.timelimit|||entry|||default'] MockOpenvasDB.get_list_item.return_value = prefs resp = self.nvti.get_nvt_prefs('1.2.3.4') self.assertEqual(resp, prefs) def test_get_nvt_timeout(self, MockOpenvasDB): MockOpenvasDB.get_single_item.return_value = '300' resp = self.nvti.get_nvt_timeout('1.2.3.4') self.assertEqual(resp, '300') def test_get_nvt_tags(self, MockOpenvasDB): tag = ('last_modification=1533906565' '|creation_date=1517443741|cvss_bas' 'e_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P|solution_type=V' 'endorFix|qod_type=package|affected=rubygems on Debi' 'an Linux|solution_method=DebianAPTUpgrade') out_dict = { 'last_modification': '1533906565', 'creation_date': '1517443741', 'cvss_base_vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P', 'solution_type': 'VendorFix', 'qod_type': 'package', 'affected': 'rubygems on Debian Linux', 'solution_method': 'DebianAPTUpgrade', } MockOpenvasDB.get_single_item.return_value = tag resp = self.nvti.get_nvt_tags('1.2.3.4') self.assertEqual(out_dict, resp) @patch('ospd_openvas.nvticache.Openvas.get_gvm_libs_version') def test_set_nvti_cache_name(self, mock_version, MockOpenvasDB): self.assertIsNone(self.nvti._nvti_cache_name) mock_version.return_value = '20.10' self.nvti._set_nvti_cache_name() self.assertTrue(mock_version.called) self.assertEqual(self.nvti._nvti_cache_name, 'nvticache20.10') mock_version.reset_mock() mock_version.return_value = '10.0.1' with self.assertRaises(OspdOpenvasError): self.nvti._set_nvti_cache_name() self.assertTrue(mock_version.called) @patch('ospd_openvas.nvticache.Openvas.get_gvm_libs_version') def test_set_nvti_cache_name_raise_error(self, mock_version: Mock, MockOpenvasDB: Mock): mock_version.return_value = None with self.assertRaises(OspdOpenvasError): self.nvti._set_nvti_cache_name() @patch('ospd_openvas.nvticache.Openvas.get_gvm_libs_version') def test_set_nvti_cache_name_old_version(self, mock_version: Mock, MockOpenvasDB: Mock): mock_version.return_value = '7.0.0' with self.assertRaises(OspdOpenvasError): self.nvti._set_nvti_cache_name() @patch('ospd_openvas.nvticache.Openvas.get_gvm_libs_version') def test_get_nvti_cache_name(self, mock_version, MockOpenvasDB): self.assertIsNone(self.nvti._nvti_cache_name) mock_version.return_value = '20.4' self.assertEqual(self.nvti._get_nvti_cache_name(), 'nvticache20.4') self.assertTrue(mock_version.called) mock_version.reset_mock() mock_version.return_value = '20.10' self.assertEqual(self.nvti._get_nvti_cache_name(), 'nvticache20.4') self.assertFalse(mock_version.called) def test_is_compatible_version(self, MockOpenvasDB): self.assertFalse(self.nvti._is_compatible_version("1.0.0")) self.assertFalse(self.nvti._is_compatible_version("10.0.0")) self.assertTrue(self.nvti._is_compatible_version("11.0.1")) self.assertTrue(self.nvti._is_compatible_version("20.4")) self.assertTrue(self.nvti._is_compatible_version("20.4.2")) self.assertTrue(self.nvti._is_compatible_version("20.04")) self.assertTrue(self.nvti._is_compatible_version("20.10")) def test_get_nvt_files_count(self, MockOpenvasDB): MockOpenvasDB.get_key_count.return_value = 20 self.assertEqual(self.nvti.get_nvt_files_count(), 20) MockOpenvasDB.get_key_count.assert_called_with('foo', 'filename:*') def test_get_nvt_count(self, MockOpenvasDB): MockOpenvasDB.get_key_count.return_value = 20 self.assertEqual(self.nvti.get_nvt_count(), 20) MockOpenvasDB.get_key_count.assert_called_with('foo', 'nvt:*') def test_force_reload(self, _MockOpenvasDB): self.nvti.force_reload() self.db.release_database.assert_called_with(self.nvti) def test_flush(self, _MockOpenvasDB): self.nvti._ctx = Mock() self.nvti.flush() self.nvti._ctx.flushdb.assert_called_with()
class TestNVTICache(TestCase): def setUp(self): self.db = OpenvasDB() self.nvti = NVTICache(self.db) def test_get_feed_version(self, mock_redis): self.nvti._nvti_cache_name = '20.4' with patch.object(OpenvasDB, 'db_find', return_value=mock_redis): with patch.object(OpenvasDB, 'get_single_item', return_value='1234'): resp = self.nvti.get_feed_version() self.assertEqual(resp, '1234') def test_get_oids(self, mock_redis): with patch.object(OpenvasDB, 'get_elem_pattern_by_index', return_value=['oids']): resp = self.nvti.get_oids() self.assertEqual(resp, ['oids']) def test_parse_metadata_tags(self, mock_redis): tags = 'tag1' ret = self.nvti._parse_metadata_tags( # pylint: disable=protected-access tags, '1.2.3') self.assertEqual(ret, {}) def test_get_nvt_params(self, mock_redis): prefs = ['1|||dns-fuzz.timelimit|||entry|||default'] prefs1 = ['1|||dns-fuzz.timelimit|||entry|||'] timeout = '300' out_dict = { '1': { 'id': '1', 'type': 'entry', 'default': 'default', 'name': 'dns-fuzz.timelimit', 'description': 'Description', }, '0': { 'type': 'entry', 'id': '0', 'default': '300', 'name': 'timeout', 'description': 'Script Timeout', }, } out_dict1 = { '1': { 'id': '1', 'type': 'entry', 'default': '', 'name': 'dns-fuzz.timelimit', 'description': 'Description', }, '0': { 'type': 'entry', 'id': '0', 'default': '300', 'name': 'timeout', 'description': 'Script Timeout', }, } with patch.object(OpenvasDB, 'get_kb_context', return_value=mock_redis): with patch.object(NVTICache, 'get_nvt_timeout', return_value=timeout): with patch.object(NVTICache, 'get_nvt_prefs', return_value=prefs): resp = self.nvti.get_nvt_params('1.2.3.4') with patch.object(NVTICache, 'get_nvt_prefs', return_value=prefs1): resp1 = self.nvti.get_nvt_params('1.2.3.4') self.assertEqual(resp, out_dict) self.assertEqual(resp1, out_dict1) @patch('ospd_openvas.db.subprocess') def test_get_nvt_metadata(self, mock_subps, mock_redis): metadata = [ 'mantis_detect.nasl', '', '', 'Settings/disable_cgi_scanning', '', 'Services/www, 80', 'find_service.nasl, http_version.nasl', 'cvss_base_vector=AV:N/AC:L/Au:N/C:N/I:N' '/A:N|last_modification=1533906565' '|creation_date=1237458156' '|summary=Detects the ins' 'talled version of\n Mantis a free popular web-based ' 'bugtracking system.\n\n This script sends HTTP GET r' 'equest and try to get the version from the\n respons' 'e, and sets the result in KB.|qod_type=remote_banner', '', '', 'URL:http://www.mantisbt.org/', '3', '0', 'Product detection', 'Mantis Detection', ] custom = { 'category': '3', 'creation_date': '1237458156', 'cvss_base_vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:N', 'dependencies': 'find_service.nasl, http_version.nasl', 'excluded_keys': 'Settings/disable_cgi_scanning', 'family': 'Product detection', 'filename': 'mantis_detect.nasl', 'last_modification': ('1533906565'), 'name': 'Mantis Detection', 'qod_type': 'remote_banner', 'required_ports': 'Services/www, 80', 'summary': ('Detects the installed version of\n Mantis a ' 'free popular web-based bugtracking system.\n' '\n This script sends HTTP GET request and t' 'ry to get the version from the\n response, ' 'and sets the result in KB.'), 'timeout': '0', } mock_subps.check_output.return_value = ( 'use_mac_addr = no\ndb_address = ' '/tmp/redis.sock\ndrop_privileges = no').encode() mock_redis.return_value = mock_redis mock_redis.config_get.return_value = {'databases': '513'} mock_redis.lrange.return_value = metadata mock_redis.keys.return_value = 1 self.db.db_init() resp = self.nvti.get_nvt_metadata('1.2.3.4') self.assertEqual(resp, custom) @patch('ospd_openvas.db.subprocess') def test_get_nvt_metadata_fail(self, mock_subps, mock_redis): mock_subps.check_output.return_value = ( 'use_mac_addr = no\ndb_address = ' '/tmp/redis.sock\ndrop_privileges = no'.encode()) mock_redis.return_value = mock_redis mock_redis.config_get.return_value = {'databases': '513'} mock_redis.lrange.return_value = {} mock_redis.keys.return_value = 1 self.db.db_init() resp = self.nvti.get_nvt_metadata('1.2.3.4') self.assertEqual(resp, None) @patch('ospd_openvas.db.subprocess') def test_get_nvt_refs(self, mock_subps, mock_redis): refs = ['', '', 'URL:http://www.mantisbt.org/'] out_dict = { 'cve': [''], 'bid': [''], 'xref': ['URL:http://www.mantisbt.org/'], } mock_subps.check_output.return_value = ( 'use_mac_addr = no\ndb_address = ' '/tmp/redis.sock\ndrop_privileges = no').encode() mock_redis.return_value = mock_redis mock_redis.config_get.return_value = {'databases': '513'} mock_redis.lrange.return_value = refs mock_redis.keys.return_value = 1 self.db.db_init() resp = self.nvti.get_nvt_refs('1.2.3.4') self.assertEqual(resp, out_dict) @patch('ospd_openvas.db.subprocess') def test_get_nvt_refs_fail(self, mock_subps, mock_redis): mock_subps.check_output.return_value = ( 'use_mac_addr = no\ndb_address = ' '/tmp/redis.sock\ndrop_privileges = no'.encode()) mock_redis.return_value = mock_redis mock_redis.config_get.return_value = {'databases': '513'} mock_redis.lrange.return_value = {} mock_redis.keys.return_value = 1 self.db.db_init() resp = self.nvti.get_nvt_refs('1.2.3.4') self.assertEqual(resp, None) def test_get_nvt_prefs(self, mock_redis): prefs = ['dns-fuzz.timelimit|||entry|||default'] mock_redis.lrange.return_value = prefs mock_redis.return_value = mock_redis resp = self.nvti.get_nvt_prefs(mock_redis(), '1.2.3.4') self.assertEqual(resp, prefs) def test_get_nvt_timeout(self, mock_redis): mock_redis.lindex.return_value = '300' mock_redis.return_value = mock_redis resp = self.nvti.get_nvt_timeout(mock_redis(), '1.2.3.4') self.assertEqual(resp, '300') def test_get_nvt_tag(self, mock_redis): tag = ('last_modification=1533906565' '|creation_date=1517443741|cvss_bas' 'e_vector=AV:N/AC:L/Au:N/C:P/I:P/A:P|solution_type=V' 'endorFix|qod_type=package|affected=rubygems on Debi' 'an Linux|solution_method=DebianAPTUpgrade') out_dict = { 'last_modification': '1533906565', 'creation_date': '1517443741', 'cvss_base_vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P', 'solution_type': 'VendorFix', 'qod_type': 'package', 'affected': 'rubygems on Debian Linux', 'solution_method': 'DebianAPTUpgrade', } mock_redis.lindex.return_value = tag mock_redis.return_value = mock_redis resp = self.nvti.get_nvt_tag(mock_redis(), '1.2.3.4') self.assertEqual(out_dict, resp) @patch('ospd_openvas.nvticache.NVTICache._get_gvm_libs_version_string') def test_set_nvti_cache_name(self, mock_version, mock_redis): self.assertIsNone(self.nvti._nvti_cache_name) mock_version.return_value = '20.10' self.nvti._set_nvti_cache_name() self.assertTrue(mock_version.called) self.assertEqual(self.nvti._nvti_cache_name, 'nvticache20.10') mock_version.reset_mock() mock_version.return_value = '10.0.1' with self.assertRaises(OspdOpenvasError): self.nvti._set_nvti_cache_name() self.assertTrue(mock_version.called) @patch('ospd_openvas.nvticache.NVTICache._get_gvm_libs_version_string') def test_get_nvti_cache_name(self, mock_version, mock_redis): self.assertIsNone(self.nvti._nvti_cache_name) mock_version.return_value = '20.4' self.assertEqual(self.nvti._get_nvti_cache_name(), 'nvticache20.4') self.assertTrue(mock_version.called) mock_version.reset_mock() mock_version.return_value = '20.10' self.assertEqual(self.nvti._get_nvti_cache_name(), 'nvticache20.4') self.assertFalse(mock_version.called) @patch('ospd_openvas.nvticache.subprocess') def test_get_gvm_libs_version_string(self, mock_subps: Mock, mock_redis: Mock): mock_subps.check_output.return_value = ( 'openvas 20.4.0\ngvm-libs 20.10\n'.encode()) self.assertEqual(self.nvti._get_gvm_libs_version_string(), '20.10') @patch('ospd_openvas.nvticache.subprocess') def test_get_gvm_libs_version_string_subprocess_error( self, mock_subps: Mock, mock_redis: Mock): mock_subps.check_output.side_effect = CalledProcessError(returncode=1, cmd='foo bar') with self.assertRaises(OspdOpenvasError): self.nvti._get_gvm_libs_version_string() @patch('ospd_openvas.nvticache.subprocess') def test_get_gvm_libs_version_string_old_openvas(self, mock_subps: Mock, mock_redis: Mock): mock_subps.check_output.side_effect = CalledProcessError(returncode=1, cmd='foo bar') mock_subps.check_output.return_value = ( 'openvas 7.0.0\nfoo bar\n'.encode()) with self.assertRaises(OspdOpenvasError): self.nvti._get_gvm_libs_version_string() def test_is_compatible_version(self, mock_redis): self.assertFalse(self.nvti._is_compatible_version("1.0.0")) self.assertFalse(self.nvti._is_compatible_version("10.0.0")) self.assertTrue(self.nvti._is_compatible_version("11.0.1")) self.assertTrue(self.nvti._is_compatible_version("20.4")) self.assertTrue(self.nvti._is_compatible_version("20.4.2")) self.assertTrue(self.nvti._is_compatible_version("20.04")) self.assertTrue(self.nvti._is_compatible_version("20.10"))