def test_csv():
sr = filter_scan_results_by_cve_ids(
["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"])
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
formatter = CSVOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
expected_csv_results = "CVE ID,PRIORITY,PACKAGE,FIXED_VERSION,REPOSITORY"
expected_csv_results += "\nCVE-2020-1000,low,pkg3,,"
expected_csv_results += (
"\nCVE-2020-1001,high,pkg1,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive")
expected_csv_results += (
"\nCVE-2020-1001,high,pkg2,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive")
expected_csv_results += ("\nCVE-2020-1005,low,pkg1,1:1.2.3-4+deb9u3,%s" %
const.UA_APPS)
expected_csv_results += ("\nCVE-2020-1005,low,pkg2,1:1.2.3-4+deb9u3,%s" %
const.UA_APPS)
expected_csv_results += ("\nCVE-2020-1005,low,pkg3,10.2.3-2ubuntu0.1,%s" %
const.UA_INFRA)
assert results_msg == expected_csv_results
def test_nagios_no_cves_all():
opt = MockOpt()
opt.priority = "all"
nof = NagiosOutputFormatter(opt, None)
(results_msg, return_code) = nof.format_output(list(), None)
assert "priority" not in results_msg
assert return_code == const.NAGIOS_OK_RETURN_CODE
def test_nagios_no_cves_medium():
opt = MockOpt()
opt.priority = "medium"
nof = NagiosOutputFormatter(opt, None)
(results_msg, return_code) = nof.format_output(list(), None)
assert '"medium" or higher priority' in results_msg
assert return_code == const.NAGIOS_OK_RETURN_CODE
def test_csv_show_links_header():
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
opt.show_links = True
formatter = CSVOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert "URL" in results_msg
def test_returns_json():
opt = MockOpt()
opt.syslog = True
formatter = SyslogOutputFormatter(opt, null_logger(),
MockJSONOutputFormatter())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert results_msg == expected_output
assert return_code == 0
def test_returns_json_light():
opt = MockOpt()
opt.syslog_light = True
formatter = MockSyslogOutputFormatter(opt, null_logger(),
MockJSONOutputFormatter())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert results_msg == "5 vulnerabilites can be fixed by running `sudo apt upgrade`"
assert return_code == 0
def test_nagios_warning_medium():
opt = MockOpt()
opt.priority = "medium"
sr = [ScanResult("CVE-2020-1000", "medium", "pkg1", None, None)]
nof = NagiosOutputFormatter(opt, None)
(results_msg, return_code) = nof.format_output(sr, None)
assert '"medium" or higher priority' in results_msg
assert return_code == const.NAGIOS_WARNING_RETURN_CODE
def test_always_show_links():
sr = filter_scan_results_by_cve_ids(["CVE-2020-1004", "CVE-2020-1005"])
opt = MockOpt()
opt.unresolved = True
opt.show_links = False
formatter = JSONOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
assert const.UCT_URL % "CVE-2020-1004" in results_msg
assert const.UCT_URL % "CVE-2020-1005" in results_msg
def test_nagios_cves_sorted(shuffled_scan_results):
opt = MockOpt()
opt.unresolved = True
opt.priority = "all"
cve_list = ("CVE-2020-1000\nCVE-2020-1002\nCVE-2020-1005\nCVE-2020-2000\n"
"CVE-2020-10000")
nof = NagiosOutputFormatter(opt, None, CVEScanResultSorter())
(results_msg, return_code) = nof.format_output(shuffled_scan_results, None)
assert cve_list in results_msg
assert return_code == const.NAGIOS_CRITICAL_RETURN_CODE
def test_nagios_critical_medium():
opt = MockOpt()
opt.priority = "medium"
sr = [
ScanResult("CVE-2020-1000", "medium", "pkg1", "1.2.3-2",
const.UBUNTU_ARCHIVE)
]
nof = NagiosOutputFormatter(opt, None)
(results_msg, return_code) = nof.format_output(sr, None)
assert '"medium" or higher priority' in results_msg
assert return_code == const.NAGIOS_CRITICAL_RETURN_CODE
def run_json_format_test(indent):
sr = filter_scan_results_by_cve_ids(
["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"])
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
formatter = JSONOutputFormatter(opt, null_logger(), indent=indent)
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
expected_output = json.dumps(sample_output, indent=indent, sort_keys=False)
assert results_msg == expected_output
def test_return_code():
opt = MockOpt()
json_output_formatter = MockJSONOutputFormatter()
json_output_formatter.return_code = 1
formatter = SyslogOutputFormatter(opt, null_logger(),
json_output_formatter)
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert return_code == 1
def test_no_results_no_header(monkeypatch):
header_regex = r"CVE ID\s+PRIORITY\s+PACKAGE\s+FIXED VERSION\s+REPOSITORY"
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
cof = CLIOutputFormatter(MockOpt(), null_logger())
sysinfo = MockSysInfo()
cof.opt.experimental_mode = True
cof.opt.unresolved = False
sr = filter_scan_results_by_cve_ids(["CVE-2020-1003"])
(results_msg, return_code) = cof.format_output(sr, sysinfo)
assert not re.search(header_regex, results_msg)
def suggestions_only_cli_output_formatter():
return SuggestionsOnlyCLIOutputFormatter(MockOpt(), null_logger())
def summary_only_cli_output_formatter():
return SummaryOnlyCLIOutputFormatter(MockOpt(), null_logger())
def table_only_cli_output_formatter():
return TableOnlyCLIOutputFormatter(MockOpt(), null_logger())
def test_json_format():
sr = filter_scan_results_by_cve_ids(
["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"])
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
formatter = JSONOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
expected_output = json.dumps(
{
"summary": {
"ubuntu_release": "bionic",
"num_installed_packages": 100,
"num_cves": 2,
"num_affected_packages": 3,
"num_patchable_vulnerabilities": 5,
},
"cves": {
"CVE-2020-1000": {
"url":
"https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1000",
"packages": {
"pkg3": {
"priority": "low",
"fixed_version": "",
"repository": "",
}
},
},
"CVE-2020-1001": {
"url":
"https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1001",
"packages": {
"pkg1": {
"priority": "high",
"fixed_version": "1:1.2.3-4+deb9u2ubuntu0.2",
"repository": "Ubuntu Archive",
},
"pkg2": {
"priority": "high",
"fixed_version": "1:1.2.3-4+deb9u2ubuntu0.2",
"repository": "Ubuntu Archive",
},
},
},
"CVE-2020-1005": {
"url":
"https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1005",
"packages": {
"pkg1": {
"priority": "low",
"fixed_version": "1:1.2.3-4+deb9u3",
"repository": const.UA_APPS,
},
"pkg2": {
"priority": "low",
"fixed_version": "1:1.2.3-4+deb9u3",
"repository": const.UA_APPS,
},
"pkg3": {
"priority": "low",
"fixed_version": "10.2.3-2ubuntu0.1",
"repository": const.UA_INFRA,
},
},
},
},
},
indent=4,
sort_keys=False,
)
assert results_msg == expected_output
def cve_output_formatter():
opt = MockOpt()
opt.cve = "CVE-2020-1000"
opt.priority = "medium"
return CVEOutputFormatter(opt, null_logger())