def test_snykParser_single_has_no_finding(self): testfile = open( "dojo/unittests/scans/snyk/single_project_no_vulns.json") parser = SnykParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) testfile.close()
def test_snykParser_allprojects_has_many_findings(self): testfile = open( "dojo/unittests/scans/snyk/all-projects_many_vulns.json") parser = SnykParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(4, len(findings))
def test_snykParser_file_path_with_ampersand_is_preserved(self): testfile = open( "unittests/scans/snyk/single_project_one_vuln_with_ampersands.json" ) parser = SnykParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual( "myproject > @angular/localize > @babel/core > lodash", finding.file_path)
def test_snykParser_allprojects_issue4277(self): """Report to linked to issue 4277""" testfile = open( "dojo/unittests/scans/snyk/all_projects_issue4277.json") parser = SnykParser() findings = list(parser.get_findings(testfile, Test())) testfile.close() self.assertEqual(82, len(findings)) with self.subTest(i=0): finding = findings[0] self.assertEqual("High", finding.severity) self.assertEqual("Microsoft.AspNetCore", finding.component_name) self.assertEqual("2.2.0", finding.component_version) self.assertEqual("SNYK-DOTNET-MICROSOFTASPNETCORE-174184", finding.vuln_id_from_tool) self.assertEqual("CVE-2019-0815", finding.cve) self.assertEqual(200, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3) with self.subTest(i=40): finding = findings[40] self.assertEqual("High", finding.severity) self.assertEqual("lodash", finding.component_name) self.assertEqual("4.17.11", finding.component_version) self.assertEqual("SNYK-JS-LODASH-1040724", finding.vuln_id_from_tool) self.assertEqual("CVE-2021-23337", finding.cve) self.assertEqual(78, finding.cwe) self.assertEqual( "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", finding.cvssv3) with self.subTest(i=81): finding = findings[81] self.assertEqual("Medium", finding.severity) self.assertEqual("yargs-parser", finding.component_name) self.assertEqual("5.0.0", finding.component_version) self.assertEqual("SNYK-JS-YARGSPARSER-560381", finding.vuln_id_from_tool) self.assertEqual("CVE-2020-7608", finding.cve) self.assertEqual(400, finding.cwe) self.assertEqual( "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", finding.cvssv3)
def test_snykParser_finding_has_fields(self): testfile = open( "dojo/unittests/scans/snyk/single_project_one_vuln.json") parser = SnykParser() findings = parser.get_findings(testfile, Test()) testfile.close() finding = findings[0] self.assertEqual( "com.test:[email protected]: XML External Entity (XXE) Injection", finding.title, ) self.assertEqual("Medium", finding.severity) self.assertEqual( "Issue severity of: **Medium** from a base CVSS score of: **6.5**", finding.severity_justification, ) self.assertEqual("SNYK-JAVA-ORGAPACHESANTUARIO-460281", finding.vuln_id_from_tool) self.assertEqual("CVE-2019-12400", finding.cve) self.assertEqual(611, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", finding.cvssv3) self.assertEqual( "## Remediation\nUpgrade `org.apache.santuario:xmlsec` to version 2.1.4 or higher.\n", finding.mitigation, ) self.assertEqual( "**SNYK ID**: https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-460281\n\n**GitHub " + "Commit**: https://github.com/apache/santuario-java/commit/52ae824cf5f5c873a0e37bb33fedcc3b387" + "cdba6\n**GitHub Commit**: https://github.com/apache/santuario-java/commit/c5210f77a77105fba81" + "311d16c07ceacc21f39d5\n**Possible Jira Issue**: https://issues.apache.org/jira/browse/SANTUARIO-" + "504?jql=project%20%3D%20SANTUARIO\n**Security Release**: http://santuario.apache.org/secadv.data/" + "CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2\n", finding.references, ) self.assertEqual("com.test:myframework > org.apache.santuario:xmlsec", finding.file_path)