def test_invalid_repository_disabled_color(monkeypatch,
table_only_cli_output_formatter):
table_only_cli_output_formatter.opt.unresolved = True
sysinfo = MockSysInfo()
sysinfo.esm_infra_enabled = True
run_repository_color_test(monkeypatch, table_only_cli_output_formatter,
sysinfo, "CVE-2020-1011", False)
def test_ua_infra_unknown_text(monkeypatch, table_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_infra_enabled = None
sr = filter_scan_results_by_cve_ids("CVE-2020-1010")
(results_msg,
return_code) = table_only_cli_output_formatter.format_output(sr, sysinfo)
assert "(disabled)" not in results_msg
def test_ua_apps_disabled_text(monkeypatch, table_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = False
sysinfo.esm_infra_enabled = True
sr = filter_scan_results_by_cve_ids("CVE-2020-1009")
(results_msg,
return_code) = table_only_cli_output_formatter.format_output(sr, sysinfo)
assert "(disabled)" in results_msg
def test_critical_color(monkeypatch, table_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = True
sysinfo.esm_infra_enabled = True
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
sysinfo,
"CVE-2020-1007",
const.CRITICAL,
)
def test_summary_esm_disabled_color(monkeypatch,
summary_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = False
sysinfo.esm_infra_enabled = False
run_esm_color_code_test(
monkeypatch,
summary_only_cli_output_formatter,
sysinfo,
const.REPOSITORY_DISABLED_COLOR_CODE,
"No",
)
def test_summary_manifest_esm_unknown_color(monkeypatch,
summary_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = None
sysinfo.esm_infra_enabled = None
run_esm_color_code_test(
monkeypatch,
summary_only_cli_output_formatter,
sysinfo,
const.REPOSITORY_UNKNOWN_COLOR_CODE,
"Unknown",
)
def test_summary_fixes_applied_color(monkeypatch,
summary_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = True
sysinfo.esm_infra_enabled = True
run_fixes_not_applied_color_code_test(
monkeypatch,
summary_only_cli_output_formatter,
sysinfo,
const.REPOSITORY_ENABLED_COLOR_CODE,
0,
)
def test_summary_fixes_unknown_color(monkeypatch,
summary_only_cli_output_formatter):
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = None
sysinfo.esm_infra_enabled = None
run_fixes_not_applied_color_code_test(
monkeypatch,
summary_only_cli_output_formatter,
sysinfo,
const.REPOSITORY_UNKNOWN_COLOR_CODE,
3,
unknown=True,
)
def test_csv():
sr = filter_scan_results_by_cve_ids(
["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"])
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
formatter = CSVOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
expected_csv_results = "CVE ID,PRIORITY,PACKAGE,FIXED_VERSION,REPOSITORY"
expected_csv_results += "\nCVE-2020-1000,low,pkg3,,"
expected_csv_results += (
"\nCVE-2020-1001,high,pkg1,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive")
expected_csv_results += (
"\nCVE-2020-1001,high,pkg2,1:1.2.3-4+deb9u2ubuntu0.2,Ubuntu Archive")
expected_csv_results += ("\nCVE-2020-1005,low,pkg1,1:1.2.3-4+deb9u3,%s" %
const.UA_APPS)
expected_csv_results += ("\nCVE-2020-1005,low,pkg2,1:1.2.3-4+deb9u3,%s" %
const.UA_APPS)
expected_csv_results += ("\nCVE-2020-1005,low,pkg3,10.2.3-2ubuntu0.1,%s" %
const.UA_INFRA)
assert results_msg == expected_csv_results
def test_high_color(monkeypatch, table_only_cli_output_formatter):
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1001",
const.HIGH,
)
def test_medium_color(monkeypatch, table_only_cli_output_formatter):
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1003",
const.MEDIUM,
)
def test_negligible_color(monkeypatch, table_only_cli_output_formatter):
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1008",
const.NEGLIGIBLE,
)
def test_untriaged_color(monkeypatch, table_only_cli_output_formatter):
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1006",
const.UNTRIAGED,
)
def test_no_tty_no_color(monkeypatch, table_only_cli_output_formatter):
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"])
(results_msg, return_code) = table_only_cli_output_formatter.format_output(
sr, MockSysInfo())
assert "\u001b" not in results_msg
def test_no_patch_available_infra_experimental(cve_output_formatter):
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"])
sr.append(ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UA_INFRA),)
cve_output_formatter.opt.experimental_mode = False
msg, rc = cve_output_formatter.format_output(sr, MockSysInfo())
assert msg == "Vulnerable to CVE-2020-1000. There is no fix available, yet."
assert rc == 3
def test_low_color(monkeypatch, table_only_cli_output_formatter):
run_priority_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1005",
const.LOW,
)
def test_summary_priority_all(monkeypatch, summary_only_cli_output_formatter):
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
cof = summary_only_cli_output_formatter
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"])
(results_msg, return_code) = cof.format_output(sr, MockSysInfo())
assert re.search(r"CVE Priority\s+All", results_msg)
def test_suggestions_empty_no_experimental_infra_enabled(
monkeypatch, suggestions_only_cli_output_formatter):
cof = suggestions_only_cli_output_formatter
cof.opt.priority = const.LOW
cof.opt.experimental_mode = False
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = False
sysinfo.esm_infra_enabled = True
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1010"])
(results_msg, return_code) = cof.format_output(sr, sysinfo)
assert (
"additional security patch(es) are available if ESM for Infrastructure is enabled with\nUbuntu Advantage."
not in results_msg)
def test_vulnerable_patch_available_infra(cve_output_formatter):
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"])
sr.append(ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UA_INFRA),)
msg, rc = cve_output_formatter.format_output(sr, MockSysInfo())
assert (
msg
== f"Vulnerable to CVE-2020-1000, but fixes are available from {const.UA_INFRA}."
)
def test_ubuntu_repository_enabled_color(monkeypatch,
table_only_cli_output_formatter):
run_repository_color_test(
monkeypatch,
table_only_cli_output_formatter,
MockSysInfo(),
"CVE-2020-1001",
True,
)
def test_summary_experimental_filter(monkeypatch,
summary_only_cli_output_formatter):
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
cof = summary_only_cli_output_formatter
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = False
sysinfo.esm_infra_enabled = True
cof.opt.experimental_mode = False
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001"])
(results_msg, return_code) = cof.format_output(sr, sysinfo)
assert "Vulnerabilities Fixable by ESM" not in results_msg
# Disable this test for now
# assert "UA Apps Enabled" not in results_msg
# assert "UA Infra Enabled" not in results_msg
assert "Available Fixes Not Applied" not in results_msg
def test_returns_json_light():
opt = MockOpt()
opt.syslog_light = True
formatter = MockSyslogOutputFormatter(opt, null_logger(),
MockJSONOutputFormatter())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert results_msg == "5 vulnerabilites can be fixed by running `sudo apt upgrade`"
assert return_code == 0
def test_return_code():
opt = MockOpt()
json_output_formatter = MockJSONOutputFormatter()
json_output_formatter.return_code = 1
formatter = SyslogOutputFormatter(opt, null_logger(),
json_output_formatter)
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert return_code == 1
def test_returns_json():
opt = MockOpt()
opt.syslog = True
formatter = SyslogOutputFormatter(opt, null_logger(),
MockJSONOutputFormatter())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert results_msg == expected_output
assert return_code == 0
def test_csv_show_links_header():
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
opt.show_links = True
formatter = CSVOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output([], MockSysInfo())
assert "URL" in results_msg
def test_always_show_links():
sr = filter_scan_results_by_cve_ids(["CVE-2020-1004", "CVE-2020-1005"])
opt = MockOpt()
opt.unresolved = True
opt.show_links = False
formatter = JSONOutputFormatter(opt, null_logger())
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
assert const.UCT_URL % "CVE-2020-1004" in results_msg
assert const.UCT_URL % "CVE-2020-1005" in results_msg
def test_summary_nounresolved(monkeypatch, summary_only_cli_output_formatter):
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
cof = summary_only_cli_output_formatter
cof.opt.priority = const.LOW
cof.opt.unresolved = False
sysinfo = MockSysInfo()
sysinfo.esm_apps_enabled = False
sysinfo.esm_infra_enabled = False
sr = filter_scan_results_by_cve_ids([
"CVE-2020-1001",
"CVE-2020-1002",
"CVE-2020-1003",
"CVE-2020-1005",
"CVE-2020-1009",
"CVE-2020-1010",
])
(results_msg, return_code) = cof.format_output(sr, sysinfo)
assert re.search(r"Ubuntu Release\s+bionic", results_msg)
assert re.search(r"Installed Packages\s+100", results_msg)
assert re.search(r"CVE Priority\s+low or higher", results_msg)
assert re.search(r"Unique Packages Fixable by Patching\s+6", results_msg)
assert re.search(r"Unique CVEs Fixable by Patching\s+5", results_msg)
assert re.search(r"Vulnerabilities Fixable by Patching\s+10", results_msg)
assert re.search(r"Vulnerabilities Fixable by %s\s+6" % const.UA_APPS,
results_msg)
assert re.search(r"Vulnerabilities Fixable by %s\s+2" % const.UA_INFRA,
results_msg)
# Disabling for now
# assert re.search(r"UA Apps Enabled\s+No", results_msg)
# assert re.search(r"UA Infra Enabled\s+No", results_msg)
assert re.search(r"Fixes Available by `apt-get upgrade`\s+2", results_msg)
assert re.search(r"Available Fixes Not Applied by `apt-get upgrade`\s+8",
results_msg)
def test_vulnerable_patch_available_repository(cve_output_formatter):
sr = filter_scan_results_by_cve_ids(["CVE-2020-1001", "CVE-2020-1003"])
sr.append(
ScanResult("CVE-2020-1000", "low", "pkg3", "1.2.3-4", const.UBUNTU_ARCHIVE),
)
msg, rc = cve_output_formatter.format_output(sr, MockSysInfo())
expected_msg = (
"Vulnerable to CVE-2020-1000, but fixes are available from "
"the Ubuntu Archive."
)
assert msg == expected_msg
assert rc == 4
def run_json_format_test(indent):
sr = filter_scan_results_by_cve_ids(
["CVE-2020-1000", "CVE-2020-1001", "CVE-2020-1005"])
opt = MockOpt()
opt.priority = "all"
opt.unresolved = True
formatter = JSONOutputFormatter(opt, null_logger(), indent=indent)
(results_msg, return_code) = formatter.format_output(sr, MockSysInfo())
expected_output = json.dumps(sample_output, indent=indent, sort_keys=False)
assert results_msg == expected_output
def test_no_results_no_header(monkeypatch):
header_regex = r"CVE ID\s+PRIORITY\s+PACKAGE\s+FIXED VERSION\s+REPOSITORY"
monkeypatch.setattr(sys.stdout, "isatty", lambda: False)
cof = CLIOutputFormatter(MockOpt(), null_logger())
sysinfo = MockSysInfo()
cof.opt.experimental_mode = True
cof.opt.unresolved = False
sr = filter_scan_results_by_cve_ids(["CVE-2020-1003"])
(results_msg, return_code) = cof.format_output(sr, sysinfo)
assert not re.search(header_regex, results_msg)
