def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), [u'web', u'sql', u'blind',
u'injection', u'database'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
[u'https://cwe.mitre.org/data/definitions/89.html'])
self.assertEqual(i.get_cwe_ids(), [u'89'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(list(i.get_owasp_top_10_references()),
[(u'2013', 1,
'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name', vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
title = 'OWASP'
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), ['web', 'file', 'inclusion', 'error',
'injection'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
['https://cwe.mitre.org/data/definitions/98.html'])
self.assertEqual(i.get_cwe_ids(), [u'98'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(list(i.get_owasp_top_10_references()),
[(u'2013', 1,
'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [
Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS
]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(),
[u'web', u'sql', u'blind', u'injection', u'database'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
[u'https://cwe.mitre.org/data/definitions/89.html'])
self.assertEqual(i.get_cwe_ids(), [u'89'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()),
[(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info('Blind SQL injection vulnerability',
MockInfo.LONG_DESC,
1,
'plugin_name',
vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
title = 'OWASP'
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(),
['web', 'file', 'inclusion', 'error', 'injection'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
['https://cwe.mitre.org/data/definitions/98.html'])
self.assertEqual(i.get_cwe_ids(), [u'98'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()),
[(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [Reference(d["url"], d["title"]) for d in BLIND_SQLI_REFS]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), [u"web", u"sql", u"blind", u"injection", u"database"])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()), [u"https://cwe.mitre.org/data/definitions/89.html"])
self.assertEqual(i.get_cwe_ids(), [u"89"])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
)
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name", vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = "https://www.owasp.org/index.php/PHP_File_Inclusion"
title = "OWASP"
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), ["web", "file", "inclusion", "error", "injection"])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()), ["https://cwe.mitre.org/data/definitions/98.html"])
self.assertEqual(i.get_cwe_ids(), [u"98"])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
)
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
