def test_parse_file_with_many_vulns2(self):
testfile = open("unittests/scans/jfrogxray/many_vulns2.json")
parser = JFrogXrayParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(2, len(findings))
item = findings[0]
self.assertEqual("No CVE - pip:9.0.1", item.title)
description = '''pip PyPI (Python Packaging Index) PipXmlrpcTransport._download_http_url() Function Content-Disposition Header Path Traversal Arbitrary File Write Weakness
**Provider:** JFrog'''
self.assertEqual(description, item.description)
self.assertEqual("High", item.severity)
self.assertEqual("pip", item.component_name)
self.assertEqual("9.0.1", item.component_version)
self.assertIsNone(item.cve)
self.assertIsNone(item.cwe)
self.assertEqual("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
item.cvssv3)
item = findings[1]
self.assertEqual("CVE-2020-14386 - ubuntu:bionic:linux:4.15.0-88.88",
item.title)
description = '''A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
**Versions that are vulnerable:**
< 4.15.0-117.118
**Provider:** JFrog'''
self.assertEqual(description, item.description)
self.assertEqual("High", item.severity)
self.assertEqual("ubuntu:bionic:linux", item.component_name)
self.assertEqual("4.15.0-88.88", item.component_version)
self.assertEqual("CVE-2020-14386", item.cve)
self.assertEqual(787, item.cwe)
self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
item.cvssv3)
def test_parse_file_with_one_vuln(self):
testfile = open("dojo/unittests/scans/jfrogxray/one_vuln.json")
parser = JFrogXrayParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))
item = findings[0]
self.assertEquals("debian:stretch:libx11", item.component_name)
self.assertEquals("2:1.6.4-3", item.component_version)
self.assertEquals("CVE-2018-14600", item.cve)
self.assertEquals(787, item.cwe)
def test_parse_file_with_many_vulns2(self):
testfile = open("dojo/unittests/scans/jfrogxray/many_vulns2.json")
parser = JFrogXrayParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(2, len(findings))
item = findings[0]
self.assertEquals("pip", item.component_name)
self.assertEquals("9.0.1", item.component_version)
item = findings[1]
self.assertEquals("ubuntu:bionic:linux", item.component_name)
self.assertEquals("4.15.0-88.88", item.component_version)
self.assertEquals("CVE-2020-14386", item.cve)
self.assertEquals(787, item.cwe)
self.assertEquals("AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", item.cvssv3)
def test_parse_file_with_many_vulns(self):
testfile = open("dojo/unittests/scans/jfrogxray/many_vulns.json")
parser = JFrogXrayParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(3, len(findings))