def process_file(self, path) -> List[Advisory]:
with open(path) as f:
json_doc = json.load(f)
if self.vuln_id_from_desc(json_doc["description"]):
vuln_id = self.vuln_id_from_desc(json_doc["description"])
else:
return
affected_packages = []
for pkg in json_doc["packages"]:
affected_packages.append(
AffectedPackage(
vulnerable_package=PackageURL(name=pkg["id"],
version=pkg["affected"],
type="nuget"),
patched_package=PackageURL(name=pkg["id"],
version=pkg["fix"],
type="nuget"),
))
vuln_reference = [Reference(url=json_doc["link"], )]
return Advisory(
vulnerability_id=vuln_id,
summary=json_doc["description"],
affected_packages=affected_packages,
references=vuln_reference,
)
def test_load_advisory(self):
md_path = os.path.join(TEST_DATA, "RUSTSEC-2021-0032.md")
data = self.data_src._load_advisory(md_path)
expected_data = Advisory(
summary="",
vulnerability_id="CVE-2021-28033",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="cargo",
name="byte_struct",
version="0.6.0",
),
patched_package=PackageURL(
type="cargo",
name="byte_struct",
version="0.6.1",
),
)
],
references=[
Reference(
reference_id="",
url="https://github.com/wwylele/byte-struct-rs/issues/1",
severities=[],
),
Reference(
reference_id="RUSTSEC-2021-0032",
url="https://rustsec.org/advisories/RUSTSEC-2021-0032.html",
severities=[],
),
],
)
assert expected_data == data
def test_to_advisory(self):
expected_advisories = [
Advisory(
summary=
"A serious problem exists when a client sends a large number of "
"headers with the same header name. Apache uses up memory faster than the "
"amount of memory required to simply store the received data itself. That "
"is, memory use increases faster and faster as more headers are received, "
"rather than increasing at a constant rate. This makes a denial of service "
"attack based on this method more effective than methods which cause Apache"
" to use memory at a constant rate, since the attacker has to send less data.",
affected_packages=[
AffectedPackage(vulnerable_package=PackageURL(
type="apache",
name="httpd",
version="1.3.0",
), ),
AffectedPackage(vulnerable_package=PackageURL(
type="apache",
name="httpd",
version="1.3.1",
), ),
],
references=[
Reference(
url=
"https://httpd.apache.org/security/json/CVE-1999-1199.json",
severities=[
VulnerabilitySeverity(
system=scoring_systems["apache_httpd"],
value="important",
),
],
reference_id="CVE-1999-1199",
),
],
vulnerability_id="CVE-1999-1199",
)
]
found_advisories = [self.data_src.to_advisory(self.data)]
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_ImportRunner_new_package_version_affected_by_existing_vulnerability(
db):
"""
Another version of a package existing in the database is added to the impacted packages of a
vulnerability that also already existed in the database.
"""
vuln = models.Vulnerability.objects.create(
vulnerability_id="CVE-2020-13371337",
summary="vulnerability description here")
models.VulnerabilityReference.objects.create(
vulnerability=vuln,
url="https://example.com/with/more/info/CVE-2020-13371337")
models.PackageRelatedVulnerability.objects.create(
vulnerability=vuln,
package=models.Package.objects.create(name="mock-webserver",
type="pypi",
version="1.2.33"),
patched_package=models.Package.objects.create(name="mock-webserver",
type="pypi",
version="1.2.34"),
)
advisories = deepcopy(ADVISORIES)
advisories[0].affected_packages.append(
AffectedPackage(vulnerable_package=PackageURL(
name="mock-webserver", type="pypi", version="1.2.33a")))
runner = make_import_runner(updated_advs=advisories)
runner.run()
assert runner.importer.last_run is not None
assert runner.importer.saved
assert models.Package.objects.all().count() == 3
assert models.Vulnerability.objects.count() == 1
assert models.VulnerabilityReference.objects.count() == 1
assert models.PackageRelatedVulnerability.objects.count() == 2
qs = models.Package.objects.filter(name="mock-webserver",
version="1.2.33a")
assert len(qs) == 1
added_package = qs[0]
qs = models.PackageRelatedVulnerability.objects.filter(
package=added_package)
assert len(qs) == 1
impacted_package = qs[0]
assert impacted_package.vulnerability.vulnerability_id == "CVE-2020-13371337"
def test_to_advisory(self):
data_source = ApacheKafkaDataSource(batch_size=1)
data_source.version_api = GitHubTagsAPI(cache={"apache/kafka": ["2.1.2", "0.10.2.2"]})
expected_advisories = [
Advisory(
summary="In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually\n craft a Produce request which bypasses transaction/idempotent ACL validation.\n Only authenticated clients with Write permission on the respective topics are\n able to exploit this vulnerability. Users should upgrade to 2.1.1 or later\n where this vulnerability has been fixed.",
vulnerability_id="CVE-2018-17196",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="apache",
namespace=None,
name="kafka",
version="0.10.2.2",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="apache",
namespace=None,
name="kafka",
version="2.1.2",
qualifiers={},
subpath=None,
),
)
],
references=[
Reference(
reference_id="", url="https://kafka.apache.org/cve-list", severities=[]
),
Reference(
reference_id="CVE-2018-17196",
url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196",
severities=[],
),
],
)
]
with open(TEST_DATA) as f:
found_advisories = data_source.to_advisory(f)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_process_file(self):
expected_advisories = [
Advisory(
summary=("A command injection vulnerability in "
"Subversion may allow remote\n "
"attackers to execute arbitrary code.\n "),
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="ebuild",
namespace="dev-vcs",
name="subversion",
version="0.1.1",
),
patched_package=PackageURL(
type="ebuild",
namespace="dev-vcs",
name="subversion",
version="1.9.7",
),
)
],
references=[
Reference(
url="https://security.gentoo.org/glsa/201709-09",
reference_id="GLSA-201709-09",
)
],
vulnerability_id="CVE-2017-9800",
)
]
found_advisories = self.data_src.process_file(TEST_DATA)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_process_file(self):
path = os.path.join(BASE_DIR,
"test_data/elixir_security/test_file.yml")
expected_advisory = Advisory(
summary=
('The Coherence library has "Mass Assignment"-like vulnerabilities.\n'
),
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.1.0",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.1.1",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.1.2",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.1.3",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.2.0",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.3.0",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.3.1",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.4.0",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.0",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.1",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="hex",
namespace=None,
name="coherence",
version="0.5.2",
qualifiers={},
subpath=None,
),
),
],
references=[
Reference(
reference_id="2aae6e3a-24a3-4d5f-86ff-b964eaf7c6d1", ),
Reference(
url="https://github.com/smpallen99/coherence/issues/270"),
],
vulnerability_id="CVE-2018-20301",
)
found_advisory = self.data_src.process_file(path)
assert expected_advisory.normalized() == found_advisory.normalized()
def test_import(self):
data_src = SafetyDbDataSource(1,
config={
"url": "https://gmail.com/",
"etags": ""
})
with open(os.path.join(TEST_DATA, "insecure_full.json")) as f:
raw_data = json.load(f)
data_src._api_response = raw_data
data_src._versions = MOCK_VERSION_API
expected_data = [
Advisory(
summary=
"The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \\x08javascript: URL.",
vulnerability_id="CVE-2015-2317",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.4.19",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.4.22",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.5.1",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.8.14",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.6.9",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.8.14",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.8",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.8.14",
qualifiers={},
subpath=None,
),
),
],
references=[
Reference(reference_id="pyup.io-25713",
url="",
severities=[])
],
),
Advisory(
summary=
"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.",
vulnerability_id="CVE-2016-6186",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="pypi",
namespace=None,
name="django",
version="1.8.14",
qualifiers={},
subpath=None,
),
patched_package=None,
)
],
references=[
Reference(reference_id="pyup.io-25721",
url="",
severities=[])
],
),
]
found_data = []
# FIXME: This is messed up
for adv_batch in data_src.updated_advisories():
found_data.extend(adv_batch)
# found_data = [list(adv) for adv in data_src.updated_advisories()]
print(expected_data)
print("\n", found_data)
assert expected_data == found_data
def test_to_advisory(self):
data = load_test_data()
expected_advisories = [
Advisory(
summary='Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d.',
vulnerability_id="CVE-2020-1967",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1d",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1g",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1g",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1f",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1g",
),
),
],
references=[
Reference(
reference_id="",
url="https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1",
severities=[],
)
],
),
Advisory(
summary="There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.",
vulnerability_id="CVE-2019-1551",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2a",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2b",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2c",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2d",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2e",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2f",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2g",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2h",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2i",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2j",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2k",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2l",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2m",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2n",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2o",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2p",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2q",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2r",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2s",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2t",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.0.2u",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1",
),
patched_package=None,
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1a",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1b",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1c",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1d",
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="openssl",
version="1.1.1e",
),
),
],
references=[
Reference(
reference_id="",
url="https://github.com/openssl/openssl/commit/419102400a2811582a7a3d4a4e317d72e5ce0a8f",
severities=[],
),
Reference(
reference_id="",
url="https://github.com/openssl/openssl/commit/f1c5eea8a817075d31e43f5876993c6710238c98",
severities=[],
),
],
),
]
found_advisories = OpenSSLDataSource.to_advisories(data)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_to_advisory(self):
data = load_test_data()
expected_advisories = [
Advisory(
summary="CVE-2016-9401 bash: popd controlled free",
vulnerability_id="CVE-2016-9401",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="rpm",
namespace="redhat",
name="bash",
version="4.1.2-48.el6",
),
patched_package=None,
),
AffectedPackage(
vulnerable_package=PackageURL(
type="rpm",
namespace="redhat",
name="bash",
version="4.2.46-28.el7",
),
patched_package=None,
),
],
references=[
Reference(
reference_id="",
url="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9401.json",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3",
name="CVSSv3 Base Score",
url="https://www.first.org/cvss/v3-0/",
notes="cvssv3 base score",
),
value="3.3",
),
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3_vector",
name="CVSSv3 Vector",
url="https://www.first.org/cvss/v3-0/",
notes="cvssv3 vector, used to get additional info about nature and severity of vulnerability",
),
value="CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
),
],
),
Reference(
reference_id="1396383",
url="https://bugzilla.redhat.com/show_bug.cgi?id=1396383",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="rhbs",
name="RedHat Bugzilla severity",
url="https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity",
notes="",
),
value=2.0,
)
],
),
Reference(
reference_id="RHSA-2017:0725",
url="https://access.redhat.com/errata/RHSA-2017:0725",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="rhas",
name="RedHat Aggregate severity",
url="https://access.redhat.com/security/updates/classification/",
notes="",
),
value=2.2,
)
],
),
Reference(
reference_id="RHSA-2017:1931",
url="https://access.redhat.com/errata/RHSA-2017:1931",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="rhas",
name="RedHat Aggregate severity",
url="https://access.redhat.com/security/updates/classification/",
notes="",
),
value=2.2,
)
],
),
],
)
]
found_advisories = []
mock_resp = unittest.mock.MagicMock()
mock_resp.json = lambda: {
"bugs": [{"severity": 2.0}],
"cvrfdoc": {"aggregate_severity": 2.2},
}
for adv in data:
with unittest.mock.patch(
"vulnerabilities.importers.redhat.requests_session.get", return_value=mock_resp
):
adv = redhat.to_advisory(adv)
found_advisories.append(adv)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_get_data_from_xml_doc(self, mock_write):
expected_advisories = [
Advisory(
summary=
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702.",
vulnerability_id="CVE-2016-8703",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
name="potrace",
version="0.2.0",
),
patched_package=PackageURL(
type="deb",
name="potrace",
version="2.14-2",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
name="potrace",
version="0.3.0",
),
patched_package=PackageURL(
type="deb",
name="potrace",
version="2.14-2",
),
),
],
references=[
Reference(
reference_id="",
url=
"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8703.html",
severities=[],
),
Reference(
reference_id="",
url=
"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
severities=[],
),
Reference(
reference_id="",
url=
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8703",
severities=[],
),
],
),
Advisory(
summary=
"Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.",
vulnerability_id="CVE-2016-8860",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
name="tor",
version="0.2.0",
),
patched_package=PackageURL(
type="deb",
name="tor",
version="0.3.0",
),
)
],
references=[
Reference(
reference_id="",
url=
"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8860.html",
severities=[],
),
Reference(
reference_id="",
url=
"http://www.openwall.com/lists/oss-security/2016/10/18/11",
severities=[],
),
Reference(
reference_id="",
url=
"https://blog.torproject.org/blog/tor-0289-released-important-fixes",
severities=[],
),
Reference(
reference_id="",
url=
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860",
severities=[],
),
Reference(
reference_id="",
url=
"https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce",
severities=[],
),
Reference(
reference_id="",
url=
"https://trac.torproject.org/projects/tor/ticket/20384",
severities=[],
),
],
),
]
xml_doc = ET.parse(os.path.join(TEST_DATA, "ubuntu_oval_data.xml"))
# Dirty quick patch to mock batch_advisories
with patch(
"vulnerabilities.importers.ubuntu.UbuntuDataSource.batch_advisories",
new=return_adv):
found_advisories = [
i for i in self.ubuntu_data_src.get_data_from_xml_doc(
xml_doc, {"type": "deb"})
]
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_to_advisories(self):
expected_advisories = [
Advisory(
summary="",
vulnerability_id="CVE-2015-5351",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="8.0.0.M1",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M1",
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M2",
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
),
),
],
references=[
Reference(
reference_id="",
url=
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1720652",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1720655",
severities=[],
),
],
),
Advisory(
summary="",
vulnerability_id="CVE-2016-0706",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M1",
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
),
)
],
references=[
Reference(
reference_id="",
url=
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1722799",
severities=[],
),
],
),
Advisory(
summary="",
vulnerability_id="CVE-2016-0714",
affected_packages={},
references=[
Reference(
reference_id="",
url=
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1725263",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1725914",
severities=[],
),
],
),
Advisory(
summary="",
vulnerability_id="CVE-2016-0763",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M1",
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M2",
),
patched_package=PackageURL(
type="maven",
namespace="apache",
name="tomcat",
version="9.0.0.M3",
),
),
],
references=[
Reference(
reference_id="",
url=
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763",
severities=[],
),
Reference(
reference_id="",
url=
"https://svn.apache.org/viewvc?view=rev&rev=1725926",
severities=[],
),
],
),
]
with open(TEST_DATA) as f:
found_advisories = self.data_src.to_advisories(f)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
self.saved = True
ADVISORIES = [
Advisory(
vulnerability_id="CVE-2020-13371337",
summary="vulnerability description here",
references=[
Reference(
url="https://example.com/with/more/info/CVE-2020-13371337")
],
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(name="mock-webserver",
type="pypi",
version="1.2.33"),
patched_package=PackageURL(name="mock-webserver",
type="pypi",
version="1.2.34"),
)
],
)
]
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(data_source=MockDataSource(
2, added_advs=added_advs, updated_advs=updated_advs))
def test_process_file(self):
path = os.path.join(BASE_DIR, "test_data/istio/test_file.md")
expected_data = [
Advisory(
summary="Incorrect access control.",
vulnerability_id="CVE-2019-12243",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="golang",
name="istio",
version="1.1.0",
),
patched_package=PackageURL(
type="golang",
name="istio",
version="1.1.17",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="golang",
name="istio",
version="1.1.1",
),
patched_package=PackageURL(
type="golang",
name="istio",
version="1.1.17",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="golang",
name="istio",
version="1.2.1",
),
patched_package=PackageURL(
type="golang",
name="istio",
version="1.2.7",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="golang",
name="istio",
version="1.3.0",
),
patched_package=PackageURL(
type="golang",
name="istio",
version="1.3.2",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="golang",
name="istio",
version="1.3.1",
),
patched_package=PackageURL(
type="golang",
name="istio",
version="1.3.2",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="github",
name="istio",
version="1.1.0",
),
patched_package=PackageURL(
type="github",
name="istio",
version="1.1.17",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="github",
name="istio",
version="1.1.1",
),
patched_package=PackageURL(
type="github",
name="istio",
version="1.1.17",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="github",
name="istio",
version="1.2.1",
),
patched_package=PackageURL(
type="github",
name="istio",
version="1.2.7",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="github",
name="istio",
version="1.3.0",
),
patched_package=PackageURL(
type="github",
name="istio",
version="1.3.2",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="github",
name="istio",
version="1.3.1",
),
patched_package=PackageURL(
type="github",
name="istio",
version="1.3.2",
),
),
],
references=[
Reference(
reference_id="ISTIO-SECURITY-2019-001",
url=
"https://istio.io/latest/news/security/ISTIO-SECURITY-2019-001/",
)
],
)
]
found_data = self.data_src.process_file(path)
assert expected_data == found_data
def test_process_file(self, mock_write):
expected_advisories = [
Advisory(
summary=
"An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb\nin Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash\ncharacters.\n",
vulnerability_id="CVE-2018-7212",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="1.8.0",
),
patched_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="2.0.3",
),
)
],
references=[
Reference(
reference_id="",
url="https://github.com/sinatra/sinatra/pull/1379",
severities=[],
)
],
),
Advisory(
summary=
"Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.\n",
vulnerability_id="CVE-2018-11627",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="1.0.0",
),
patched_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="2.0.3",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="1.8.0",
),
patched_package=PackageURL(
type="gem",
namespace=None,
name="sinatra",
version="2.0.3",
),
),
],
references=[
Reference(
reference_id="",
url="https://github.com/sinatra/sinatra/issues/1428",
severities=[],
)
],
),
]
found_advisories = []
for p in MOCK_ADDED_FILES:
advisory = self.data_src.process_file(p)
if advisory:
found_advisories.append(advisory)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_process_response(self):
with open(os.path.join(TEST_DATA, "github_api", "response.json")) as f:
resp = json.load(f)
self.data_src.advisories = resp
expected_advisories = [
Advisory(
summary="Denial of Service in Tomcat",
references=[
Reference(
reference_id="GHSA-qcxh-w3j9-58qr",
url="https://github.com/advisories/GHSA-qcxh-w3j9-58qr",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3.1_qr",
name="CVSSv3.1 Qualitative Severity Rating",
url=
"https://www.first.org/cvss/specification-document#Qualitative-Severity-Rating-Scale",
notes=
"A textual interpretation of severity. Has values like HIGH, MODERATE etc", # nopep8
),
value="MODERATE",
)
],
)
],
vulnerability_id="CVE-2019-0199",
),
Advisory(
summary="Denial of Service in Tomcat",
affected_packages=[
AffectedPackage(vulnerable_package=PackageURL(
type="maven",
namespace="org.apache.tomcat.embed",
name="tomcat-embed-core",
version="9.0.2",
qualifiers={},
subpath=None,
))
],
references=[
Reference(
reference_id="GHSA-qcxh-w3j9-58qr",
url="https://github.com/advisories/GHSA-qcxh-w3j9-58qr",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3.1_qr",
name="CVSSv3.1 Qualitative Severity Rating",
url=
"https://www.first.org/cvss/specification-document#Qualitative-Severity-Rating-Scale",
notes=
"A textual interpretation of severity. Has values like HIGH, MODERATE etc", # nopep8
),
value="HIGH",
)
],
)
],
vulnerability_id="CVE-2019-0199",
),
Advisory(
summary="Improper Input Validation in Tomcat",
references=[
Reference(
reference_id="GHSA-c9hw-wf7x-jp9j",
url="https://github.com/advisories/GHSA-c9hw-wf7x-jp9j",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3.1_qr",
name="CVSSv3.1 Qualitative Severity Rating",
url=
"https://www.first.org/cvss/specification-document#Qualitative-Severity-Rating-Scale",
notes=
"A textual interpretation of severity. Has values like HIGH, MODERATE etc", # nopep8
),
value="LOW",
)
],
)
],
vulnerability_id="CVE-2020-1938",
),
Advisory(
summary="Improper Input Validation in Tomcat",
references=[
Reference(
reference_id="GHSA-c9hw-wf7x-jp9j",
url="https://github.com/advisories/GHSA-c9hw-wf7x-jp9j",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3.1_qr",
name="CVSSv3.1 Qualitative Severity Rating",
url=
"https://www.first.org/cvss/specification-document#Qualitative-Severity-Rating-Scale",
notes=
"A textual interpretation of severity. Has values like HIGH, MODERATE etc", # nopep8
),
value="MODERATE",
)
],
)
],
vulnerability_id="CVE-2020-1938",
),
Advisory(
summary="Improper Input Validation in Tomcat",
affected_packages=[
AffectedPackage(vulnerable_package=PackageURL(
type="maven",
namespace="org.apache.tomcat.embed",
name="tomcat-embed-core",
version="9.0.2",
))
],
references=[
Reference(
reference_id="GHSA-c9hw-wf7x-jp9j",
url="https://github.com/advisories/GHSA-c9hw-wf7x-jp9j",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3.1_qr",
name="CVSSv3.1 Qualitative Severity Rating",
url=
"https://www.first.org/cvss/specification-document#Qualitative-Severity-Rating-Scale",
notes=
"A textual interpretation of severity. Has values like HIGH, MODERATE etc", # nopep8
),
value="LOW",
)
],
)
],
vulnerability_id="CVE-2020-1938",
),
]
mock_version_api = MagicMock()
mock_version_api.package_type = "maven"
mock_version_api.get = lambda x: {"1.2.0", "9.0.2"}
with patch("vulnerabilities.importers.github.MavenVersionAPI",
return_value=mock_version_api): # nopep8
with patch(
"vulnerabilities.importers.github.GitHubAPIDataSource.set_api"
):
found_advisories = self.data_src.process_response()
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_to_advisories(self):
# expected_advisories = [Advisory(summary='An error log data are not sanitized', vulnerability_id='CVE-2009-4487', affected_packages=[], references=[]), Advisory(summary='Directory traversal vulnerability', vulnerability_id='CVE-2009-3898', affected_packages=[AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='0.7.52', qualifiers={}, subpath=None), patched_package=None)], references=[]), Advisory(summary='Stack-based buffer overflow with specially crafted request', vulnerability_id='CVE-2013-2028', affected_packages=[AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='1.3.9', qualifiers={}, subpath=None), patched_package=PackageURL(type='generic', namespace=None, name='nginx', version='1.7.0', qualifiers={}, subpath=None))], references=[]), Advisory(summary='The renegotiation vulnerability in SSL protocol', vulnerability_id='CVE-2009-3555', affected_packages=[AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='0.7.52', qualifiers={}, subpath=None), patched_package=None)], references=[]), Advisory(summary='Vulnerabilities with Windows directory aliases', vulnerability_id='CVE-2011-4963', affected_packages=[AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='0.7.52', qualifiers={'os': 'windows'}, subpath=None), patched_package=PackageURL(type='generic', namespace=None, name='nginx', version='1.2.3', qualifiers={}, subpath=None)), AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='1.2.3', qualifiers={'os': 'windows'}, subpath=None), patched_package=PackageURL(type='generic', namespace=None, name='nginx', version='1.3.9', qualifiers={}, subpath=None))], references=[]), Advisory(summary='Vulnerabilities with invalid UTF-8 sequence on Windows', vulnerability_id='CVE-2010-2266', affected_packages=[AffectedPackage(vulnerable_package=PackageURL(type='generic', namespace=None, name='nginx', version='0.7.52', qualifiers={'os': 'windows'}, subpath=None), patched_package=None)], references=[])]
expected_advisories = [
Advisory(
summary="An error log data are not sanitized",
vulnerability_id="CVE-2009-4487",
affected_packages=[],
references=[],
),
Advisory(
summary="Directory traversal vulnerability",
vulnerability_id="CVE-2009-3898",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="0.7.52",
qualifiers={},
subpath=None,
),
patched_package=None,
)
],
references=[],
),
Advisory(
summary=
"Stack-based buffer overflow with specially crafted request",
vulnerability_id="CVE-2013-2028",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="1.3.9",
qualifiers={},
subpath=None,
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="1.7.0",
qualifiers={},
subpath=None,
),
)
],
references=[],
),
Advisory(
summary="The renegotiation vulnerability in SSL protocol",
vulnerability_id="CVE-2009-3555",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="0.7.52",
qualifiers={},
subpath=None,
),
patched_package=None,
)
],
references=[],
),
Advisory(
summary="Vulnerabilities with Windows directory aliases",
vulnerability_id="CVE-2011-4963",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="0.7.52",
qualifiers={"os": "windows"},
subpath=None,
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="1.2.3",
qualifiers={},
subpath=None,
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="1.2.3",
qualifiers={"os": "windows"},
subpath=None,
),
patched_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="1.3.9",
qualifiers={},
subpath=None,
),
),
],
references=[],
),
Advisory(
summary=
"Vulnerabilities with invalid UTF-8 sequence on Windows",
vulnerability_id="CVE-2010-2266",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
namespace=None,
name="nginx",
version="0.7.52",
qualifiers={"os": "windows"},
subpath=None,
),
patched_package=None,
)
],
references=[],
),
]
found_data = self.data_src.to_advisories(self.data)
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
found_data = list(map(Advisory.normalized, found_data))
assert sorted(found_data) == sorted(expected_advisories)
def test_to_advisories(self):
with open(TEST_DATA) as f:
raw_data = f.read()
expected_advisories = [
Advisory(
summary=
"ALTER ... DEPENDS ON EXTENSION is missing authorization checks.more details",
vulnerability_id="CVE-2020-1720",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="10",
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="10.12",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="11",
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="11.7",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="12",
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="12.2",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="9.6",
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="9.6.17",
),
),
],
references=[
Reference(
reference_id="",
url=
"https://www.postgresql.org/about/news/postgresql-122-117-1012-9617-9521-and-9426-released-2011/",
),
Reference(
reference_id="",
url=
"https://www.postgresql.org/support/security/CVE-2020-1720/",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3",
name="CVSSv3 Base Score",
url="https://www.first.org/cvss/v3-0/",
notes="cvssv3 base score",
),
value="3.1",
),
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3_vector",
name="CVSSv3 Vector",
url="https://www.first.org/cvss/v3-0/",
notes=
"cvssv3 vector, used to get additional info about nature and severity of vulnerability",
),
value=["AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"],
),
],
),
],
),
Advisory(
summary=
"Windows installer runs executables from uncontrolled directoriesmore details",
vulnerability_id="CVE-2020-10733",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="10",
qualifiers={"os": "windows"},
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="10.13",
qualifiers={"os": "windows"},
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="11",
qualifiers={"os": "windows"},
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="11.8",
qualifiers={"os": "windows"},
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="12",
qualifiers={"os": "windows"},
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="12.3",
qualifiers={"os": "windows"},
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="generic",
name="postgresql",
version="9.6",
qualifiers={"os": "windows"},
),
patched_package=PackageURL(
type="generic",
name="postgresql",
version="9.6.18",
qualifiers={"os": "windows"},
),
),
],
references=[
Reference(
reference_id="",
url=
"https://www.postgresql.org/about/news/postgresql-123-118-1013-9618-and-9522-released-2038/",
),
Reference(
reference_id="",
url=
"https://www.postgresql.org/support/security/CVE-2020-10733/",
severities=[
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3",
name="CVSSv3 Base Score",
url="https://www.first.org/cvss/v3-0/",
notes="cvssv3 base score",
),
value="6.7",
),
VulnerabilitySeverity(
system=ScoringSystem(
identifier="cvssv3_vector",
name="CVSSv3 Vector",
url="https://www.first.org/cvss/v3-0/",
notes=
"cvssv3 vector, used to get additional info about nature and severity of vulnerability",
),
value=["AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"],
),
],
),
],
),
]
found_advisories = to_advisories(raw_data)
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)
def test_process_file(self):
path = os.path.join(BASE_DIR, "test_data/retiredotnet/test_file.json")
expected_data = Advisory(
summary=
"Microsoft Security Advisory CVE-2019-0982: ASP.NET Core Denial of Service Vulnerability",
vulnerability_id="CVE-2019-0982",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.0",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.11",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.1",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.11",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.2",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.11",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.3",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.11",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.4",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.0.11",
),
),
AffectedPackage(
vulnerable_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.1.0",
),
patched_package=PackageURL(
type="nuget",
namespace=None,
name=
"Microsoft.AspNetCore.SignalR.Protocols.MessagePack",
version="1.1.5",
),
),
],
references=[
Reference(
reference_id="",
url="https://github.com/aspnet/Announcements/issues/359",
severities=[],
)
],
)
found_data = self.data_src.process_file(path)
assert expected_data == found_data
def test_get_data_from_xml_doc(self, mock_write):
expected_advisories = [
Advisory(
summary="denial of service",
vulnerability_id="CVE-2002-2443",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
namespace=None,
name="krb5",
version="0.11.1+dfsg-5+deb7u1",
qualifiers={"distro": "wheezy"},
subpath=None,
),
patched_package=PackageURL(
type="deb",
namespace=None,
name="krb5",
version="1.11.1+dfsg-5+deb7u1",
qualifiers={"distro": "wheezy"},
subpath=None,
),
)
],
references=[],
),
Advisory(
summary="security update",
vulnerability_id="CVE-2001-1593",
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
namespace=None,
name="a2ps",
version="0.11.1+dfsg-5+deb7u1",
qualifiers={"distro": "wheezy"},
subpath=None,
),
patched_package=None,
),
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
namespace=None,
name="a2ps",
version="1.11.1+dfsg-5+deb7u1",
qualifiers={"distro": "wheezy"},
subpath=None,
),
patched_package=None,
),
AffectedPackage(
vulnerable_package=PackageURL(
type="deb",
namespace=None,
name="a2ps",
version="2.3.9",
qualifiers={"distro": "wheezy"},
subpath=None,
),
patched_package=None,
),
],
references=[],
),
]
xml_doc = ET.parse(os.path.join(TEST_DATA, "debian_oval_data.xml"))
# Dirty quick patch to mock batch_advisories
with patch(
"vulnerabilities.importers.debian_oval.DebianOvalDataSource.batch_advisories",
new=return_adv,
):
found_advisories = [
i for i in self.debian_oval_data_src.get_data_from_xml_doc(
xml_doc, {
"type": "deb",
"qualifiers": {
"distro": "wheezy"
}
})
]
found_advisories = list(map(Advisory.normalized, found_advisories))
expected_advisories = list(
map(Advisory.normalized, expected_advisories))
assert sorted(found_advisories) == sorted(expected_advisories)