def test_can_lower_case_should_be_ok(self): cve_str = "can-2011-0346" self.assertTrue(CVEID.correct_cve_str(cve_str)) cve = CVEID(cve_str) self.assertEqual(cve.get_year(), 2011) self.assertEqual(cve.is_candidate(), True) self.assertEqual(str(cve), cve_str)
def get_cve_by_cpe(cls, cpe_id): """ Return list of CVE-ID by CPEID @param cve_id: string with CPEID instance @return: list of tuples (CVE-ID instance), Official name) """ if not isinstance(cpe_id, CPEID): cpe_id = CPEID(cpe_id) query = """ SELECT cve_id, summary FROM vulnerabilities AS vulns JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id JOIN products AS pr ON pr.id = concr_pr.product_id WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s' AND concr_pr.version='%s' AND concr_pr.pr_update='%s' AND concr_pr.edition='%s' AND language='%s' """ % (cpe_id.get_part_info(), cpe_id.get_vendor_info(), cpe_id.get_product_info(), cpe_id.get_version_info(), cpe_id.get_update_info(), cpe_id.get_edition_info(), cpe_id.get_language_info()) res = cls._cur.execute(query).fetchall() ret = [] for row in res: cve_id = CVEID(row[0]) #ret.append(str(cve_id)) ret.append((str(cve_id), str(row[1]))) return ret
def get_cpe_by_cve(cls, cve_id): """ Return list of CPEID by CVE-ID @param cve_id: string with CVE-ID or CVEID instance @return: list of tuples (CPEID instance, Official name) """ if not isinstance(cve_id, CVEID): cve_id = CVEID(cve_id) sql = """ SELECT pr.part, pr.vendor, pr.product, concr_pr.version, concr_pr.pr_update, concr_pr.edition, concr_pr.language, pr.official_name FROM vulnerabilities AS vulns JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id JOIN products AS pr ON pr.id = concr_pr.product_id WHERE cve_id='%s' """ % cve_id res = cls._cur.execute(sql).fetchall() ret = [] for row in res: cpeid = CPEID('', row['part'], row['vendor'], row['product'], row['version'], row['pr_update'], row['edition'], row['language']) #ret.append((cpeid, row['official_name'])) old version ret.append(str(cpeid)) return ret
def parseEntry(entry): vulnObject = vuln.Vulnerability() cve_id = entry.get('id') vulnObject.cve = CVEID(cve_id) for elem in entry: if elem.tag == tag_dict['vuln:vulnerable-configuration']: vulnObject.condition.conidtion_variants.append( parseVulnConfig(elem)) elif elem.tag == tag_dict['vuln:vulnerable-software-list']: vulnObject.products = parseVulnSoftwareList(elem) elif elem.tag == tag_dict['vuln:cve-id']: pass elif elem.tag == tag_dict['vuln:published-datetime']: vulnObject.published_datetime = parsePublishedDateTime(elem) elif elem.tag == tag_dict['vuln:last-modified-datetime']: vulnObject.last_modified_datetime = parseLastModifDateTime(elem) elif elem.tag == tag_dict['vuln:cvss']: vulnObject.cvss_base_metrics = parseCVSS(elem) elif elem.tag == tag_dict['vuln:cwe']: vulnObject.cwe = CWEID(elem.get('id')) elif elem.tag == tag_dict['vuln:references']: vulnObject.references.append(parseVulnerabilityReference(elem)) elif elem.tag == tag_dict['vuln:summary']: vulnObject.summary = elem.text #parse first 'cpe-lang:logical-test' (should be OR) if entry.find(tag_dict['vuln:vulnerable-software-list']) is None: vuln_conf_elem = entry.find( tag_dict['vuln:vulnerable-configuration']) vulnObject.products = parseVulnConfigSoftwareList(vuln_conf_elem) if vulnObject.cve is None or \ vulnObject.products is None or \ len(vulnObject.products) == 0 or \ len(vulnObject.condition.conidtion_variants) == 0 or \ vulnObject.cvss_base_metrics is None: return None return vulnObject
def test_can_should_be_bad_name_2(self): cve_str = "CANN-2011-0346" self.assertFalse(CVEID.correct_cve_str(cve_str)) self.assertRaises(ValueError, CVEID, cve_str)
def test_cve_should_be_bad_number(self): cve_str = "CVE-20110346" self.assertFalse(CVEID.correct_cve_str(cve_str)) self.assertRaises(ValueError, CVEID, cve_str)
def test_cve_equal_should_be_ok(self): cve_str = "CVE-2011-0346" cve = CVEID(cve_str) self.assertEqual(cve, CVEID(cve_str)) self.assertNotEqual(cve, CVEID("CVE-2010-0346"))