예제 #1
0
class TestCveAPI(TestBase):
    """Test CveAPI class."""

    cve = None

    @pytest.fixture(autouse=True)
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail["CVE-2016-0634"] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE
        cve_detail2 = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)

    def test_regex(self):
        """Test finding CVEs by correct regex."""
        assert self.cve.find_cves_by_regex("CVE-2018-5750") == [
            "CVE-2018-5750"
        ]
        assert "CVE-2018-5750" in self.cve.find_cves_by_regex("CVE-2018-5.*")
        assert len(self.cve.find_cves_by_regex("CVE-2018-5.*")) > 1

    def test_wrong_regex(self):
        """Test CVE API with wrong regex."""
        with pytest.raises(Exception) as context:
            self.cve.find_cves_by_regex("*")
        assert "nothing to repeat" in str(context)

    def test_missing_required(self):
        """Test CVE API without required property 'cve_list'."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_json(self):
        """Test CVE API with empty JSON."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_cve_list(self):
        """Test CVE API with with empty 'cve_list' property."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_EMPTY_CVE)
        assert response == EMPTY_RESPONSE

    def test_non_existing_cve(self):
        """Test CVE API response with non-existing CVE."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_NON_EXIST)
        assert response == EMPTY_RESPONSE

    def test_schema(self):
        """Test CVE API response schema."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        assert schemas.cves_schema.validate(response)

    def test_cve_response(self):
        """Test if CVE API response is correct for correct JSON."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        cve, = response["cve_list"].items()
        assert cve[0] == CVE_JSON["cve_list"][0]
        assert tools.match(CORRECT_RESPONSE, cve[1]) is True

    @pytest.mark.skip(
        "Blocked by https://github.com/RedHatInsights/vmaas/issues/419")
    def test_modified_since(self):
        """Test CVE API with 'modified_since' property."""
        cve = CVE_JSON.copy()
        cve["modified_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # without modified date
        cve["cve_list"] = ["CVE-W/O-MODIFIED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True
예제 #2
0
파일: test_cve.py 프로젝트: Josca/vmaas
class TestCveAPI(TestBase):
    """Test CveAPI class."""

    cve = None

    @pytest.fixture(autouse=True)
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail[CVE_NAME]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail[CVE_NAME] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE
        cve_detail2 = self.cache.cve_detail[CVE_NAME]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)

    def test_regex(self):
        """Test finding CVEs by correct regex."""
        assert self.cve.find_cves_by_regex(CVE_NAME) == [CVE_NAME]
        assert self.cve.find_cves_by_regex("CVE-2014-.*") == [CVE_NAME]

    def test_wrong_regex(self):
        """Test CVE API with wrong regex."""
        with pytest.raises(Exception) as context:
            self.cve.find_cves_by_regex("*")
        assert "nothing to repeat" in str(context)

    def test_missing_required(self):
        """Test CVE API without required property 'cve_list'."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_json(self):
        """Test CVE API with empty JSON."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_cve_list(self):
        """Test CVE API with with empty 'cve_list' property."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_EMPTY_CVE)
        assert response == EMPTY_RESPONSE

    def test_non_existing_cve(self):
        """Test CVE API response with non-existing CVE."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_NON_EXIST)
        assert response == EMPTY_RESPONSE

    def test_cve_response(self):
        """Test if CVE API response is correct for correct JSON."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        assert schemas.cves_schema.validate(response)
        assert CVE_NAME in response["cve_list"]
        assert tools.match(CORRECT_RESPONSE,
                           response["cve_list"][CVE_NAME]) is True

    def test_modified_since(self):
        """Test CVE API with 'modified_since' property."""
        cve = CVE_JSON.copy()
        cve["modified_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # without modified date
        cve["cve_list"] = ["CVE-W/O-MODIFIED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

    def test_published_since(self):
        """Test CVE API with 'published_since' property. """
        cve = CVE_JSON_PUBLISHED.copy()
        cve["published_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # correct date since publish of dummy cve
        cve["published_since"] = "2013-01-01T00:00:00+02:00"
        response = self.cve.process_list(api_version=1, data=cve)
        assert response["cve_list"][CVE_NAME]["synopsis"] == CVE_NAME

        # without published date
        cve["cve_list"] = ["CVE-W/O-PUBLISHED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True