예제 #1
0
class TestVulnerability(unittest.TestCase):
    def setUp(self) -> None:
        self.v1 = Vulnerability()
        self.v1.set_vector("AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L")
        self.v1.set_metric("E", "P")
        self.v1.set_metric("RL", "T")
        self.v1.set_metric("RC", "X")
        self.v1.set_metric("MAC", "H")
        self.v1.set_metric("MUI", "R")
        self.v1.set_metric("MI", "N")
        # AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:T/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:H/MPR:X/MUI:R/MS:X/MC:X/MI:N/MA:X 4.3 3.9 3.1
        self.v2 = Vulnerability()
        self.v2.set_vector("AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L")
        self.v2.set_metric("RL", "U")
        self.v2.set_metric("CR", "L")
        self.v2.set_metric("IR", "L")
        self.v2.set_metric("MAV", "A")
        self.v2.set_metric("MAC", "H")
        self.v2.set_metric("MPR", "N")
        self.v2.set_metric("MUI", "R")
        self.v2.set_metric("MS", "U")
        # AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:X/RL:U/RC:X/CR:L/IR:L/AR:X/MAV:A/MAC:H/MPR:N/MUI:R/MS:U/MC:X/MI:X/MA:X 2.6 2.6 2.6
        self.v3 = Vulnerability()
        self.v3.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H")
        self.v3.set_metric("E", "P")
        self.v3.set_metric("AR", "H")
        self.v3.set_metric("MPR", "H")
        self.v3.set_metric("MUI", "N")
        self.v3.set_metric("MS", "U")
        # AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:X/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:H/MUI:N/MS:U/MC:X/MI:X/MA:X 5.8 5.5 6.0
        self.v4 = Vulnerability()
        self.v4.set_vector("AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H")
        self.v4.set_metric("E", "P")
        self.v4.set_metric("RL", "U")
        self.v4.set_metric("AR", "H")
        self.v4.set_metric("MUI", "R")
        self.v4.set_metric("MS", "U")
        self.v4.set_metric("MC", "L")
        self.v4.set_metric("MI", "N")
        self.v4.set_metric("MA", "N")
        # AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:U/RC:X/CR:X/IR:X/AR:H/MAV:X/MAC:X/MPR:X/MUI:R/MS:U/MC:L/MI:N/MA:N 6.1 5.8 3.0
        self.v5 = Vulnerability()
        self.v5.set_vector("AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H")
        self.v5.set_metric("E", "P")
        self.v5.set_metric("RL", "O")
        self.v5.set_metric("IR", "M")
        self.v5.set_metric("MAV", "N")
        self.v5.set_metric("MAC", "H")
        self.v5.set_metric("MC", "L")
        self.v5.set_metric("MA", "N")
        # AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H/E:P/RL:O/RC:X/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:X/MUI:X/MS:X/MC:L/MI:X/MA:N 7.7 6.9 3.6
        self.v6 = Vulnerability()
        self.v6.set_vector("AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H")
        self.v6.set_metric("RL", "W")
        self.v6.set_metric("RC", "R")
        self.v6.set_metric("IR", "M")
        self.v6.set_metric("MAV", "N")
        self.v6.set_metric("MAC", "H")
        self.v6.set_metric("MPR", "L")
        self.v6.set_metric("MUI", "N")
        self.v6.set_metric("MC", "L")
        self.v6.set_metric("MI", "L")
        self.v6.set_metric("MA", "L")
        # AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:X/RL:W/RC:R/CR:X/IR:M/AR:X/MAV:N/MAC:H/MPR:L/MUI:N/MS:X/MC:L/MI:L/MA:L 6.3 5.9 4.7
        self.v7 = Vulnerability()
        self.v7.set_vector("AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N")
        self.v7.set_metric("RL", "U")
        self.v7.set_metric("RC", "U")
        self.v7.set_metric("MAV", "N")
        self.v7.set_metric("MUI", "N")
        self.v7.set_metric("MA", "L")
        # AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:X/RL:U/RC:U/CR:X/IR:X/AR:X/MAV:N/MAC:X/MPR:X/MUI:N/MS:X/MC:X/MI:X/MA:L 6.5 6.0 7.6
        self.v8 = Vulnerability()
        self.v8.set_vector("AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H")
        self.v8.set_metric("E", "F")
        self.v8.set_metric("RL", "T")
        self.v8.set_metric("IR", "L")
        self.v8.set_metric("MAV", "N")
        self.v8.set_metric("MAC", "L")
        self.v8.set_metric("MUI", "N")
        self.v8.set_metric("MC", "L")
        self.v8.set_metric("MI", "N")
        self.v8.set_metric("MA", "L")
        # AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:T/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:N/MS:X/MC:L/MI:N/MA:L 7.0 6.6 5.1
        self.v9 = Vulnerability()
        self.v9.set_vector("AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N")
        self.v9.set_metric("E", "U")
        self.v9.set_metric("RL", "O")
        self.v9.set_metric("IR", "L")
        self.v9.set_metric("MAV", "N")
        self.v9.set_metric("MAC", "L")
        self.v9.set_metric("MUI", "R")
        self.v9.set_metric("MI", "L")
        # AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:X/CR:X/IR:L/AR:X/MAV:N/MAC:L/MPR:X/MUI:R/MS:X/MC:X/MI:L/MA:X 2.1 1.9 2.6
        self.v10 = Vulnerability()
        self.v10.set_vector("AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N")
        self.v10.set_metric("RL", "W")
        self.v10.set_metric("IR", "L")
        self.v10.set_metric("CR", "H")
        self.v10.set_metric("MAV", "N")
        self.v10.set_metric("MAC", "H")
        self.v10.set_metric("MPR", "H")
        self.v10.set_metric("MUI", "R")
        self.v10.set_metric("MC", "L")
        self.v10.set_metric("MI", "N")
        self.v10.set_metric("MA", "N")
        # AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:X/RL:W/RC:X/CR:H/IR:L/AR:X/MAV:N/MAC:H/MPR:H/MUI:R/MS:X/MC:L/MI:N/MA:N 6.7 6.5 3.4
        self.v11 = Vulnerability()
        self.v11.set_vector("AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
        self.v11.set_metric("E", "P")
        self.v11.set_metric("RL", "T")
        self.v11.set_metric("RC", "R")
        self.v11.set_metric("CR", "H")
        self.v11.set_metric("IR", "H")
        self.v11.set_metric("AR", "H")
        self.v11.set_metric("MAV", "A")
        self.v11.set_metric("MAC", "H")
        self.v11.set_metric("MPR", "L")
        self.v11.set_metric("MUI", "R")
        self.v11.set_metric("MS", "C")
        self.v11.set_metric("MC", "H")
        self.v11.set_metric("MI", "H")
        self.v11.set_metric("MA", "H")

    def test_enter_wrong_metric_for_base_score(self):
        v_wrong = Vulnerability()
        self.assertRaises(ValueError, v_wrong.set_vector,
                          "AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:X/A:L")

    def test_enter_wrong_order_for_base_score(self):
        v_wrong = Vulnerability()
        self.assertRaises(ValueError, v_wrong.set_vector,
                          "AV:A/AC:H/PR:L/UI:R/S:U/C:L/A:L")

    def test_enter_more_more_than_base_score(self):
        v_wrong = Vulnerability()
        self.assertRaises(ValueError, v_wrong.set_vector,
                          "AV:A/AC:H/PR:L/UI:R/S:U/C:L:I:X/A:L/MAV/AC")

    def test_enter_base_score_in_wrong_order(self):
        v_wrong = Vulnerability()
        self.assertRaises(ValueError, v_wrong.set_vector,
                          "AV:A/AC:H/PR:L/UI:R/S:U/I:L/C:L/A:L")

    def test_enter_wrong_metric_value(self):
        v_wrong = Vulnerability()
        self.assertRaises(ValueError, v_wrong.set_metric, "AV", "K")

    def test_enter_wrong_metric_key(self):
        v_wrong = Vulnerability()
        self.assertRaises(KeyError, v_wrong.set_metric, "AX", "N")

    def test_get_environmental_score(self):
        self.assertEqual(self.v1.get_env_score(), 3.1)
        self.assertEqual(self.v2.get_env_score(), 2.6)
        self.assertEqual(self.v3.get_env_score(), 6.0)
        self.assertEqual(self.v4.get_env_score(), 3.0)
        self.assertEqual(self.v5.get_env_score(), 3.6)
        self.assertEqual(self.v6.get_env_score(), 4.7)
        self.assertEqual(self.v7.get_env_score(), 7.6)
        self.assertEqual(self.v8.get_env_score(), 5.1)
        self.assertEqual(self.v9.get_env_score(), 2.6)
        self.assertEqual(self.v10.get_env_score(), 3.4)
        self.assertEqual(self.v11.get_env_score(), 6.7)

    def test_get_temporal_score(self):
        self.assertEqual(self.v1.get_temp_score(), 3.9)
        self.assertEqual(self.v2.get_temp_score(), 2.6)
        self.assertEqual(self.v3.get_temp_score(), 5.5)
        self.assertEqual(self.v4.get_temp_score(), 5.8)
        self.assertEqual(self.v5.get_temp_score(), 6.9)
        self.assertEqual(self.v6.get_temp_score(), 5.9)
        self.assertEqual(self.v7.get_temp_score(), 6.0)
        self.assertEqual(self.v8.get_temp_score(), 6.6)
        self.assertEqual(self.v9.get_temp_score(), 1.9)
        self.assertEqual(self.v10.get_temp_score(), 6.5)
        self.assertEqual(self.v11.get_temp_score(), 8.5)

    def test_get_base_score(self):
        self.assertEqual(self.v1.get_base_score(), 4.3)
        self.assertEqual(self.v2.get_base_score(), 2.6)
        self.assertEqual(self.v3.get_base_score(), 5.8)
        self.assertEqual(self.v4.get_base_score(), 6.1)
        self.assertEqual(self.v5.get_base_score(), 7.7)
        self.assertEqual(self.v6.get_base_score(), 6.3)
        self.assertEqual(self.v7.get_base_score(), 6.5)
        self.assertEqual(self.v8.get_base_score(), 7.0)
        self.assertEqual(self.v9.get_base_score(), 2.1)
        self.assertEqual(self.v10.get_base_score(), 6.7)
        self.assertEqual(self.v11.get_base_score(), 9.8)

    def test_total_score(self):
        self.assertEqual(self.v1.get_total_score(), 3.1)
        self.assertEqual(self.v2.get_total_score(), 2.6)
        self.assertEqual(self.v3.get_total_score(), 6.0)
        self.assertEqual(self.v4.get_total_score(), 3.0)
        self.assertEqual(self.v5.get_total_score(), 3.6)
        self.assertEqual(self.v6.get_total_score(), 4.7)
        self.assertEqual(self.v7.get_total_score(), 7.6)
        self.assertEqual(self.v8.get_total_score(), 5.1)
        self.assertEqual(self.v9.get_total_score(), 2.6)
        self.assertEqual(self.v10.get_total_score(), 3.4)
        self.assertEqual(self.v11.get_total_score(), 6.7)
예제 #2
0
class Controller:
    """
    Controller of the Model View Controller

    ...

    Attributes
    ----------
    model: Vulnerability
        a variable to save all information about the Vulnerability

    username: str
        username is required for login

    password: str
        password is required for login

    msg: str
        msg is required for the login View

    Methods
    -------
    says(sound=None)
        Prints the animals name and what sound it makes

    gui_loop(self)
        the main loop of the calculator application, the root is a Tk Window

    start(self)
        authentication that is required to get access to the program

    check_auth_gui(self)
        is checking if a auth.json (contains userdata) is in the template folder. if true
            the programm will start with the login window otherwise with the sign up window

    set_user(self, user):
        setting the current user

    set_password(self, password):
        setting the current password

    set_msg(self, msg):
        setting the message that is required 

    print_json(self)
        creates an .json file. the name of the file is the same as for model.get_name().    
            the file is saved inside the output folder.

    print_txt(self)
        creates an .json file. the name of the file is the same as for model.get_name().    
            the file is saved inside the output folder.

    get_vector(self) -> str
        return the CVSS 3.1 Vector

    set_metric(self, base_string, value=None)
        is changing the values of the vector. if the value is None (default) the  program is 
            got the base score from the view and is setting it for the model. otherwise
            its just a single metric which sets the value for the base_string 

    get_metric(self, env): -> str
        returns the value of the selected metric BASE, ENV, TEMP

    get_base_score(self):
        returns the base_score

    get_env_score(self):
        return the environmental score

    get_temp_score(self):
        return the temp  score

    set_asset(self):
        set the name of the asset

    set_vul(self):
        set the name  of the vulnerability

    get_user(self):
        get the name of the user

    get_password(self):
        get the name of the password
    """
    def __init__(self):
        self._model = Vulnerability()
        self.username = ""
        self.password = ""
        self.msg = ""
        self.check_auth = False

    def gui_loop(self):
        root = Tk()
        #get_credentials(root, self)
        root.resizable(False, False)
        root.title('cvsslator')
        self._view = CreationView(root, self)
        root.mainloop()

    def start(self):
        self.msg = "LOGIN"
        self.check_auth_gui()

    def check_auth_gui(self):

        if os.path.isfile('../templates/auth.json'):

            GetCredentials(self, self.msg)

            if self.username == "" and self.password == "":
                return False
            else:
                hash_object = hashlib.sha256(self.password.encode('ascii'))
                hash_password = str(hash_object.hexdigest())

                with open('../templates/auth.json') as auth:
                    credentials = json.load(auth)

                if self.username == credentials[
                        'user'] and hash_password == credentials['password']:
                    self.username = ""
                    self.password = ""
                    self.gui_loop()
                    return True

                else:
                    self.username = ""
                    self.password = ""
                    self.msg = "Unknown Combination!"
                    self.check_auth_gui()
                    return False
        else:

            CreateUser(self)

            if self.check_auth:

                hash_object = hashlib.sha256(self.password.encode('ascii'))
                hash_password = str(hash_object.hexdigest())

                credentials = {
                    'user': self.username,
                    'password': hash_password
                }

                with open('../templates/auth.json', 'w') as auth:
                    json.dump(credentials, auth)

                self.username = ""
                self.password = ""

                self.gui_loop()
                return "set"
            else:
                return False

    def set_user(self, username):
        self.username = username

    def set_password(self, password):
        self.password = password

    def set_msg(self, msg):
        self.msg = msg

    def print_json(self):
        with open('../templates/template_output_json.json') as out:
            try:
                JSON_OUT = json.load(out)
            except json.decoder.JSONDecodeError:
                return False

        JSON_OUT['asset_name'] = self._model.get_asset_name()
        JSON_OUT['vuln_name'] = self._model.get_vulnerability_name()
        JSON_OUT['vektor'] = self._model.get_vector()
        JSON_OUT['base_score'] = self._model.get_base_score()
        JSON_OUT['temp_score'] = self._model.get_temp_score()
        JSON_OUT['env_score'] = self._model.get_env_score()
        JSON_OUT['total_score'] = self._model.get_total_score()

        if self._model.get_asset_name() != "N/D":
            create_name = '../output/' + self._model.get_asset_name(
            ) + '_output.json'
        else:
            create_name = "../output/unknown_output.json"

        with open(create_name, 'w') as out2:
            out2.write(json.dumps(JSON_OUT, indent=4))

        return True

    def print_txt(self):
        with open('../templates/template_output_txt.txt', 'r') as file:
            TXT_OUT = file.read()
            TXT_OUT = TXT_OUT.replace('$asset_name$',
                                      self._model.get_asset_name())
            TXT_OUT = TXT_OUT.replace('$vul_name$',
                                      self._model.get_vulnerability_name())
            TXT_OUT = TXT_OUT.replace('$vektor$',
                                      str(self._model.get_vector()))
            TXT_OUT = TXT_OUT.replace('$base_score$',
                                      str(self._model.get_base_score()))
            TXT_OUT = TXT_OUT.replace('$temp_score$',
                                      str(self._model.get_temp_score()))
            TXT_OUT = TXT_OUT.replace('$env_score$',
                                      str(self._model.get_env_score()))
            TXT_OUT = TXT_OUT.replace('$total_score$',
                                      str(self._model.get_total_score()))

            if self._model.get_asset_name() != "N/D":
                create_name = '../output/' + self._model.get_asset_name(
                ) + '_output.txt'
            else:
                create_name = "../output/unknown_output.txt"

            with open(create_name, 'w') as output:
                output.write(TXT_OUT)

    def get_vector(self):
        return self._model.get_vector()

    def set_metric(self, base_string, value=None):
        if value == None:
            self._model.set_vector(base_string)
        else:
            self._model.set_metric(base_string, value)

    def get_metric(self, type):
        if type == "BASE":
            return self._model.get_base_vector()
        elif type == "TEMP":
            return self._model.get_temp_vector()
        elif type == "ENV":
            return self._model.get_env_vector()
        else:
            pass

    def get_base_score(self):
        return self._model.get_base_score()

    def get_env_score(self):
        return self._model.get_env_score()

    def get_temp_score(self):
        return self._model.get_temp_score()

    def set_vul(self, value):
        if value == "":
            self._model.set_asset_name("N/D")
        else:
            self._model.set_vulnerability_name(value)

    def set_asset(self, value):
        if value == "":
            self._model.set_asset_name("N/D")
        else:
            self._model.set_asset_name(value)

    def get_user(self):
        return self.username

    def get_password(self):
        return self.password