def test_extract_summary_with_single_summary(self):
expected_summary = (
"Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools "
"before 0.4 make it easier for context-dependent attackers to perform memory-related "
"attacks such as buffer overflows via a large size value, which causes less memory to "
"be allocated than expected.")
cve_item = self.nvd_data["CVE_Items"][0]
assert len(cve_item["cve"]["description"]["description_data"]) == 1
found_summary = NVDDataSource.extract_summary(cve_item)
assert found_summary == expected_summary
def test_extract_summary_with_multiple_summary(self):
expected_summary = (
"SHA-1 is not collision resistant, which makes it easier for context-dependent "
"attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1"
" in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing "
"this SHA-1 issue; the existence of an identifier is not, by itself, a technology "
"recommendation.")
cve_item = self.nvd_data["CVE_Items"][1]
assert len(cve_item["cve"]["description"]["description_data"]) > 1
found_summary = NVDDataSource.extract_summary(cve_item)
assert found_summary == expected_summary
def test_extract_cpes(self):
expected_cpes = {
"cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:google:chrome:*:*:*:*:*:*:*:*",
"cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*",
}
found_cpes = set()
for cve_item in self.nvd_data["CVE_Items"]:
found_cpes.update(NVDDataSource.extract_cpes(cve_item))
assert expected_cpes == found_cpes
def setUpClass(cls):
data_source_cfg = {"etags": {}}
cls.data_src = NVDDataSource(1, config=data_source_cfg)
with open(TEST_DATA) as f:
cls.nvd_data = json.load(f)