def test_blackduck_graph():
bl_list = []
p = Package.load_from_json(serve_static_json)
assert p.save() is not None
v = Version.load_from_json(serve_static_json, package=p)
v.save()
p.create_version_edge(v)
assert p.last_updated is not None
assert v.last_updated is not None
bl_list = bl.load_from_json(input_json['analyses'])
assert len(bl_list) == 1
objBlackduck = bl.add_blackduck_issue(bl_list[0])
v.add_blackduck_cve_edge(objBlackduck.id)
bl_criteria = {'vulnerability_name': 'CVE-2015-1164'}
obj_fetch = SecurityDetails.find_by_criteria('CVE', bl_criteria)
assert obj_fetch.last_updated == objBlackduck.last_updated
SecurityDetails.delete_by_id(obj_fetch.id)
Version.delete_by_id(v.id)
Package.delete_by_id(p.id)
def add_blackduck_issue(issue):
blcve_criteria = {'cve_id': issue['vulnerabilityName']}
obj_returned = SecurityDetails.find_by_criteria('CVE', blcve_criteria)
if obj_returned is None:
obj_returned = SecurityDetails(issue['vulnerabilityName'])
obj_returned.save()
obj_returned.add_blackduck_data(issue)
return obj_returned
def test_support_vector_security():
p = Package.load_from_json(serve_static_json)
assert p.save() is not None
v = Version.load_from_json(serve_static_json, package=p)
v.save()
p.create_version_edge(v)
assert p.last_updated is not None
assert v.last_updated is not None
security_data = serve_static_json["analyses"]["security_issues"]
security_list, cvss_score, cve_ids = SecurityDetails.load_from_json(
security_data)
ts_list = []
for s, cvss, cve in zip(security_list, cvss_score, cve_ids):
s.save()
assert s.last_updated is not None
ts_list.append(s.last_updated)
v.add_security_edge(s, cvss)
security_before = SecurityDetails.count()
assert (security_before == 1)
present_security = SecurityDetails.find_by_criteria(
'CVE', {'cve_id': 'CVE-2015-1164'})
assert (len(present_security.references) == 5)
ref_list = [
"https://github.com/expressjs/serve-static/issues/26",
"https://bugzilla.redhat.com/show_bug.cgi?id=1181917",
"http://xforce.iss.net/xforce/xfdb/99936",
"http://www.securityfocus.com/bid/72064",
"http://nodesecurity.io/advisories/serve-static-open-redirect"
]
assert (all(r in ref_list for r in present_security.references))
repeat_security_detail = SecurityDetails(cve_id='CVE-2015-1164',
cvss=4.3,
summary='')
repeat_security_detail.issue_has_access('authentication', '')
repeat_security_detail.issue_has_access('vector', 'NETWORK')
repeat_security_detail.issue_has_access('complexity', 'MEDIUM')
repeat_security_detail.issue_has_impact('integrity', 'partial')
repeat_security_detail.issue_has_impact('confidentiality', '')
repeat_security_detail.issue_has_impact('availability', '')
repeat_security_detail.save()
assert repeat_security_detail.id == s.id
assert repeat_security_detail.last_updated >= ts_list[0]
assert (SecurityDetails.count() == 1)
for s in security_list:
SecurityDetails.delete_by_id(s.id)
SecurityDetails.delete_by_id(repeat_security_detail.id)
Version.delete_by_id(v.id)
Package.delete_by_id(p.id)