def test_ImportRunner_new_package_version_affected_by_existing_vulnerability(
db):
"""
Another version of a package existing in the database is added to the impacted packages of a
vulnerability that also already existed in the database.
"""
vuln = models.Vulnerability.objects.create(
vulnerability_id="MOCK-CVE-2020-1337",
summary="vulnerability description here")
models.VulnerabilityReference.objects.create(
vulnerability=vuln,
url="https://example.com/with/more/info/MOCK-CVE-2020-1337")
models.PackageRelatedVulnerability.objects.create(
vulnerability=vuln,
package=models.Package.objects.create(name="mock-webserver",
type="pypi",
version="1.2.33"),
is_vulnerable=True,
)
models.PackageRelatedVulnerability.objects.create(
vulnerability=vuln,
package=models.Package.objects.create(name="mock-webserver",
type="pypi",
version="1.2.34"),
is_vulnerable=False,
)
advisories = deepcopy(ADVISORIES)
advisories[0].impacted_package_urls.append(
PackageURL(name="mock-webserver", type="pypi", version="1.2.33a"))
runner = make_import_runner(updated_advs=advisories)
runner.run()
assert runner.importer.last_run is not None
assert runner.importer.saved
assert models.Package.objects.all().count() == 3
assert models.Vulnerability.objects.count() == 1
assert models.VulnerabilityReference.objects.count() == 1
assert models.PackageRelatedVulnerability.objects.count() == 3
qs = models.Package.objects.filter(name="mock-webserver",
version="1.2.33a")
assert len(qs) == 1
added_package = qs[0]
qs = models.PackageRelatedVulnerability.objects.filter(
package=added_package, is_vulnerable=True)
assert len(qs) == 1
impacted_package = qs[0]
assert impacted_package.vulnerability.vulnerability_id == "MOCK-CVE-2020-1337"
def _get_or_create_package(p: PackageURL) -> Tuple[models.Package, bool]:
query_kwargs = {}
for key, val in p.to_dict().items():
if not val:
if key == "qualifiers":
query_kwargs[key] = {}
else:
query_kwargs[key] = ""
else:
query_kwargs[key] = val
return models.Package.objects.get_or_create(**query_kwargs)
license: str = "license to test"
saved: bool = False
def make_data_source(self, *_, **__):
return self.data_source
def save(self):
self.saved = True
ADVISORIES = [
Advisory(
vulnerability_id="CVE-2020-13371337",
summary="vulnerability description here",
references=[Reference(url="https://example.com/with/more/info/CVE-2020-13371337")],
impacted_package_urls=[PackageURL(name="mock-webserver", type="pypi", version="1.2.33")],
resolved_package_urls=[PackageURL(name="mock-webserver", type="pypi", version="1.2.34")],
)
]
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(
data_source=MockDataSource(2, added_advs=added_advs, updated_advs=updated_advs)
)
return ImportRunner(importer, 5)
def save(self):
self.saved = True
ADVISORIES = [
Advisory(
vulnerability_id="CVE-2020-13371337",
summary="vulnerability description here",
references=[
Reference(
url="https://example.com/with/more/info/CVE-2020-13371337")
],
affected_packages=[
AffectedPackage(
vulnerable_package=PackageURL(name="mock-webserver",
type="pypi",
version="1.2.33"),
patched_package=PackageURL(name="mock-webserver",
type="pypi",
version="1.2.34"),
)
],
)
]
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(data_source=MockDataSource(
return self.data_source
def save(self):
self.saved = True
ADVISORIES = [
Advisory(
cve_id='MOCK-CVE-2020-1337',
summary='vulnerability description here',
vuln_references=[
Reference(
url='https://example.com/with/more/info/MOCK-CVE-2020-1337')
],
impacted_package_urls=[
PackageURL(name='mock-webserver', type='pypi', version='1.2.33')
],
resolved_package_urls=[
PackageURL(name='mock-webserver', type='pypi', version='1.2.34')
],
)
]
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(data_source=MockDataSource(
2, added_advs=added_advs, updated_advs=updated_advs))
return self.data_source
def save(self):
self.saved = True
ADVISORIES = [
Advisory(
vulnerability_id="MOCK-CVE-2020-1337",
summary="vulnerability description here",
references=[
Reference(
url="https://example.com/with/more/info/MOCK-CVE-2020-1337")
],
impacted_package_urls=[
PackageURL(name="mock-webserver", type="pypi", version="1.2.33")
],
resolved_package_urls=[
PackageURL(name="mock-webserver", type="pypi", version="1.2.34")
],
)
]
def make_import_runner(added_advs=None, updated_advs=None):
added_advs = added_advs or []
updated_advs = updated_advs or []
importer = MockImporter(data_source=MockDataSource(
2, added_advs=added_advs, updated_advs=updated_advs))