class TestUrlManager(unittest.TestCase):
#Setup an instance of UrlManager
def setUp(self):
self.urlmanager = UrlManager()
#Test getList method of UrlManager class - should return a list of vulnerabilites
#found on the search results page
def test_getList(self):
l = [92445,89684,89659,89878,81401,90453,76466,73954,71943,71936,71938,70588,90044,7128]
l2 = self.urlmanager.getList('http://www.osvdb.org/search/search?search%5Bvuln_title%5D=&search%5Btext_type%5D=titles&search%5Bs_date%5D=&search%5Be_date%5D=May+13%2C+2009&search%5Brefid%5D=&search%5Breferencetypes%5D=&search%5Bvendors%5D=&search%5Bcvss_score_from%5D=&search%5Bcvss_score_to%5D=&search%5Bcvss_av%5D=L&search%5Bcvss_ac%5D=*&search%5Bcvss_a%5D=M&search%5Bcvss_ci%5D=*&search%5Bcvss_ii%5D=*&search%5Bcvss_ai%5D=*&location_local=1&kthx=search')
count = 0
for element in l:
assert str(element) == str(l2[count])
count+=1
#Test getVulnerability method of UrlManager class - should return a vulenrability
#object based on the vulnerability url page
def test_getVulnerability(self):
v = Vulnerability(7128,'MySQL show database Database Name Exposure',719,'2002-01-01','MySQL contains a flaw that may lead to an unauthorized information disclosure.The issue is triggered when an attacker issues the "show databases" command. In multiuser environments, this may expose the names of every databaseresulting in a loss of confidentiality.','Local Access Required, Remote / Network Access','Information Disclosure','Loss of Confidentiality',None,'Exploit Public',None,'Concern','Upgrade to version 4.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.','Unknown or Incomplete',None,None,None,None,None,None,None)
boolean = self.urlmanager.getVulnerability(7128) == v
assert boolean is True
def tearDown(self):
pass
print("***********OSDVB Parser**************")
database = DatabaseManager()
urlManager = UrlManager()
exit = False
while exit is False:
userUrl = raw_input("Enter Url String from OSDVB search: ")
if userUrl.find('http://www.osvdb.org/search/')!=0: #not the best validation
print('Invalid Url Input...')
continue
vulList = urlManager.getList(userUrl)
if vulList == None:
print('Url cannot be parsed. Please check input...')
continue
for v in vulList:
vul = urlManager.getVulnerability(v)
if vul == None:
print('Failed in adding vulnerability '+ v +' to database')
continue
fail = database.addVulnerability(vul)
if(fail == True):
print('Failed in adding vulnerability '+ v + ' to database')
continue
print("Add another search (y/n)?")
user_in = input().upper()
while user_in != 'N' and user_in != 'Y':
print ("Invalid input.Try Again")
print("Add another search (y/n)?")
user_in = input().upper()
if user_in == 'N':
