def setUp(self):
self.db = DatabaseLayer(_db="cvedb_test")
self.capec1 = CAPEC(id="10000",
name="test_capec",
summary="no summary",
prerequisites="No prerequisites",
solutions="There's no solution",
weaknesses=["10000"])
self.cwe1 = CWE(id="10000",
name="test_cwe",
description="test cwe",
status="testing",
weakness='Testing')
self.cpe1 = CPE(id="cpe:/a:test:test1",
title="Test CPE 1",
references=[])
self.cpe2 = CPE(id="cpe:2.3:a:test:test2",
title="Test CPE 2",
references=[])
self.cve1 = CVE(id="CVE-0001-0001",
cvss=0.1,
summary="Test Vulnerability",
vulnerable_configuration=[self.cpe1, self.cpe2],
published=datetime.datetime(2017, 1, 1),
impact=Impact("None", "None", "None"),
access=Access("Low", "None", "Local"),
cwe=self.cwe1)
self.db.CAPEC.upsert(self.capec1)
self.db.CWE.upsert(self.cwe1)
self.db.CPE.upsert([self.cpe1, self.cpe2])
self.db.CVE.upsert(self.cve1)
def setUp(self):
self.db = DatabaseLayer(_db="cvedb_test")
self.capec1 = CAPEC(id="10000",
name="test_capec",
summary="no summary",
prerequisites="No prerequisites",
solutions="There's no solution",
weaknesses=[])
self.cwe1 = CWE(id="10000",
name="test_cwe",
description="test cwe",
status="testing",
weakness='Testing')
self.cpe1 = CPE(id="cpe:/a:test:test1",
title="Test CPE 1",
references=[])
self.cpe2 = CPE(id="cpe:2.3:a:test:test2",
title="Test CPE 2",
references=[])
def cpe_regex(self, regex, alternative):
data = list(self.colCPE.find({"id": {"$regex": regex}}))
if alternative:
data.extend(list(self.colCPEOTHER.find({"id": {"$regex": regex}})))
return [CPE(x) for x in self.sanitize(data)] or []
def cpe_getAllAlternative(self):
return [CPE(x) for x in self.sanitize(self.colCPEOTHER.find())] or []
def cpe_getAll(self):
return [CPE.fromDict(x)
for x in self.sanitize(self.colCPE.find())] or []
def cpe_get(self, id):
cpe = self.sanitize(self.colCPE.find_one({"id": id}))
return CPE.fromDict(cpe) if cpe else None
def test_fail_create_cpe(self):
try:
CPE(id=1, title="Test CPE 2", references=())
self.fail("Object should not be created")
except TypeError as e:
assert "id is supposed to be of type str, not int" == str(e)
def test_create_cpe(self):
CPE(id="cpe:/a:test:test1", title="Test CPE 1", references=[])
CPE(id="cpe:2.3:a:test:test2", title="Test CPE 2", references=())
if not indexed:
indexed = 0
if icve and icpeo:
if icpeo == icve:
print("Not modified")
sys.exit(0)
cves = db.CVE.query(skip=indexed, sort=("Published", "asc"))
if not cves:
print("Empty collections, import skipped")
sys.exit(2)
unique = set()
for cve in progressbar(cves):
for cpe in cve.vulnerable_configuration:
unique.add(cpe.id)
indexed_cpe = set()
for cpe in unique:
if db.CPE.get(cpe):
unique.add(cpe)
for cpe in indexed_cpe:
unique.remove(cpe)
if len(unique) > 0:
db.CPE.alternative_upsert([CPE(x) for x in unique])
#update database info after successful program-run
db.CVE.updated(icve)
db.CPE.alternative_updated(icve, (indexed + len(cves)))
def get(self, id):
cpe = self.db.cpe_get(toStringFormattedCPE(id))
return cpe if cpe else CPE(id)
self.referencetag = False
self.href = None
# make parser
parser = make_parser()
ch = CPEHandler()
parser.setContentHandler(ch)
db = DatabaseLayer()
# check modification date
try:
(f, r) = Configuration.getFeedData('cpe')
except:
sys.exit("Cannot open url %s. Bad URL or not connected to the internet?" %
(Configuration.getFeedURL("cpe")))
i = db.CPE.updated()
last_modified = parse_datetime(r.headers['last-modified'], ignoretz=True)
if i is not None:
if last_modified == i:
print("Not modified")
sys.exit(0)
# parse xml and store in database
parser.parse(f)
cpeList = []
for x in progressbar(ch.cpe):
cpeList.append(CPE(x['name'], x['title'][0], x['references']))
db.CPE.upsert(cpeList)
#update database info after successful program-run
db.CPE.updated(last_modified)