def test_vulndb_id_get_from_name(self): # Since there is no vulndb_id set, the name wins: i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1, 'plugin_name') # lazy calculation self.assertIsNone(i._vulndb) expected_references = [Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 46) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), [u'web', u'sql', u'blind', u'injection', u'database']) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), [u'https://cwe.mitre.org/data/definitions/89.html']) self.assertEqual(i.get_cwe_ids(), [u'89']) self.assertEqual(i.get_references(), expected_references) self.assertEqual(list(i.get_owasp_top_10_references()), [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')]) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self): # The vulndb_id overrides the 'Blind SQL injection vulnerability' name i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1, 'plugin_name', vulndb_id=17) # lazy calculation self.assertIsNone(i._vulndb) url = 'https://www.owasp.org/index.php/PHP_File_Inclusion' title = 'OWASP' expected_references = [Reference(url, title)] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 17) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), ['web', 'file', 'inclusion', 'error', 'injection']) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), ['https://cwe.mitre.org/data/definitions/98.html']) self.assertEqual(i.get_cwe_ids(), [u'98']) self.assertEqual(i.get_references(), expected_references) self.assertEqual(list(i.get_owasp_top_10_references()), [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')]) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)
def test_vulndb_id_get_from_name(self): # Since there is no vulndb_id set, the name wins: i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1, 'plugin_name') # lazy calculation self.assertIsNone(i._vulndb) expected_references = [ Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS ] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 46) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), [u'web', u'sql', u'blind', u'injection', u'database']) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), [u'https://cwe.mitre.org/data/definitions/89.html']) self.assertEqual(i.get_cwe_ids(), [u'89']) self.assertEqual(i.get_references(), expected_references) self.assertEqual( list(i.get_owasp_top_10_references()), [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')]) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self): # The vulndb_id overrides the 'Blind SQL injection vulnerability' name i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1, 'plugin_name', vulndb_id=17) # lazy calculation self.assertIsNone(i._vulndb) url = 'https://www.owasp.org/index.php/PHP_File_Inclusion' title = 'OWASP' expected_references = [Reference(url, title)] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 17) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), ['web', 'file', 'inclusion', 'error', 'injection']) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), ['https://cwe.mitre.org/data/definitions/98.html']) self.assertEqual(i.get_cwe_ids(), [u'98']) self.assertEqual(i.get_references(), expected_references) self.assertEqual( list(i.get_owasp_top_10_references()), [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')]) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)
def test_vulndb_id_get_from_name(self): # Since there is no vulndb_id set, the name wins: i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name") # lazy calculation self.assertIsNone(i._vulndb) expected_references = [Reference(d["url"], d["title"]) for d in BLIND_SQLI_REFS] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 46) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), [u"web", u"sql", u"blind", u"injection", u"database"]) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), [u"https://cwe.mitre.org/data/definitions/89.html"]) self.assertEqual(i.get_cwe_ids(), [u"89"]) self.assertEqual(i.get_references(), expected_references) self.assertEqual( list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")] ) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self): # The vulndb_id overrides the 'Blind SQL injection vulnerability' name i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name", vulndb_id=17) # lazy calculation self.assertIsNone(i._vulndb) url = "https://www.owasp.org/index.php/PHP_File_Inclusion" title = "OWASP" expected_references = [Reference(url, title)] self.assertTrue(i.has_db_details()) self.assertEqual(i.get_vulndb_id(), 17) self.assertIsInstance(i.get_long_description(), basestring) self.assertIsInstance(i.get_fix_guidance(), basestring) self.assertEqual(i.get_fix_effort(), 50) self.assertEqual(i.get_tags(), ["web", "file", "inclusion", "error", "injection"]) self.assertEqual(i.get_wasc_ids(), []) self.assertEqual(list(i.get_wasc_urls()), []) self.assertEqual(list(i.get_cwe_urls()), ["https://cwe.mitre.org/data/definitions/98.html"]) self.assertEqual(i.get_cwe_ids(), [u"98"]) self.assertEqual(i.get_references(), expected_references) self.assertEqual( list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")] ) self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln) # lazy calculation success self.assertIsNotNone(i._vulndb)