def test_confusing_ranges(self):
        vuln = Vulnerability(id=1, title="Some Plugin 1.5 - XSS")
        vuln.affected_versions.append(VersionRange(introduced_in="1.2"))
        vuln.affected_versions.append(VersionRange(fixed_in="1.3"))
        vuln.clean()

        self.importer.apply_data(vuln, {
            "title": "Some Plugin 1.5 - XSS",
        })

        self.assertFalse(vuln.dirty)
        self.assertNotIn(VersionRange(introduced_in="1.5"),
                         vuln.affected_versions)
    def test_test_collect_wordpress_vulnerabilities(self):
        self.importer.manager.filter_for_version = MagicMock()
        self.importer.manager.filter_for_version.return_value = [
            Vulnerability(id="1121"),
            Vulnerability(id="9920"),
            Vulnerability(id="1231"),
        ]

        obtained = self.importer.dump_wordpress_vulnerabilities_for_version(
            "some input data", "2.1")

        self.assertEqual(["1121", "9920", "1231"], [x["id"] for x in obtained])

        self.importer.manager.filter_for_version.assert_called_with(
            "2.1", "some input data")
    def test_no_version_data_is_no_data(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "title": "Some Plugin - XSS",
        })

        self.assertEqual(vuln.affected_versions, [])
 def test_apply_check_exploitdb_as_int(self):
     vuln = Vulnerability(id=1)
     self.importer.apply_data(vuln, {
         "exploitdb": 12345,
     })
     self.assertEqual(vuln.references[0].type, "exploitdb")
     self.assertEqual(vuln.references[0].id, "12345")
    def test_apply_dates(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(
            vuln, {
                "created_at": "2014-08-01T10:58:35.000Z",
                "updated_at": "2014-08-01T11:58:35.000Z",
            })

        self.assertEqual(
            vuln.created_at,
            datetime(year=2014,
                     month=8,
                     day=1,
                     hour=10,
                     minute=58,
                     second=35,
                     microsecond=0))
        self.assertEqual(
            vuln.updated_at,
            datetime(year=2014,
                     month=8,
                     day=1,
                     hour=11,
                     minute=58,
                     second=35,
                     microsecond=0))
        self.assertTrue(vuln.dirty)
    def test_vuln_type(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "vuln_type": "LFI",
        })

        self.assertEqual(vuln.reported_type, 'LFI')
        self.assertTrue(vuln.dirty)
 def test_apply_check_metaspoit(self):
     vuln = Vulnerability(id=1)
     self.importer.apply_data(vuln, {
         "metasploit": ["exploit/unix/webapp/php_wordpress_optimizepress"],
     })
     self.assertEqual(vuln.references[0].type, "metasploit")
     self.assertEqual(vuln.references[0].id,
                      "exploit/unix/webapp/php_wordpress_optimizepress")
     self.assertTrue(vuln.dirty)
 def test_dump_vulnerability_current_branch_not_fixed(self):
     v = Vulnerability(id="1234",
                       affected_versions=[
                           VersionRange(fixed_in="1.7"),
                           VersionRange(introduced_in="2.0"),
                       ])
     self.assertEqual(
         self.importer.dump_vulnerability(v, for_version="2.2"), {
             "id": "1234",
         })
    def test_vulnerability_only_has_fixed_fixed_in(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "fixed_in": "1.2.3.4",
        })

        self.assertTrue(vuln.dirty)
        self.assertEqual(vuln.affected_versions, [
            VersionRange(fixed_in="1.2.3.4"),
        ])
    def test_no_menttion_of_fixed_in(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "title": "Some Plugin 1.2.0.1 - XSS",
        })

        self.assertTrue(vuln.dirty)
        self.assertEqual(vuln.affected_versions, [
            VersionRange(introduced_in="1.2.0.1"),
        ])
    def test_consider_key_as_convention(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "title": "Some Plugin - XSS",
        },
                                 key="1.4")

        self.assertEqual(vuln.affected_versions, [
            VersionRange(introduced_in="1.4", fixed_in="1.5"),
        ])
 def test_dump_vulnerabilities_dates(self):
     v = Vulnerability(id="1234",
                       created_at=datetime.now() -
                       timedelta(days=2, hours=3),
                       updated_at=datetime.now())
     self.assertEqual(
         self.importer.dump_vulnerability(v), {
             "id": "1234",
             "updated_at": "2016-08-12T10:31:22.123Z",
             "created_at": "2016-08-10T07:31:22.123Z",
         })
    def test_title_contains_introduction_date(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "title": "Some Plugin 1.2.0 - XSS",
            "fixed_in": "1.2.3.4",
        })

        self.assertTrue(vuln.dirty)
        self.assertEqual(vuln.affected_versions, [
            VersionRange(introduced_in="1.2.0", fixed_in="1.2.3.4"),
        ])
    def test_version_was_already_present(self):
        vuln = Vulnerability(id=1)
        vuln.affected_versions.append(VersionRange(introduced_in="1.2"))
        self.importer.apply_data(vuln, {
            "title": "Some Plugin 1.2 - XSS",
        })

        self.assertTrue(vuln.dirty)
        self.assertEqual(vuln.affected_versions, [
            VersionRange(introduced_in="1.2"),
        ])
    def test_fixed_in_has_precedence(self):
        vuln = Vulnerability(id=1)
        self.importer.apply_data(vuln, {
            "title": "Some Plugin 1.4.1 - XSS",
            "fixed_in": "1.4.2"
        },
                                 key="1.4")

        self.assertEqual(vuln.affected_versions, [
            VersionRange(introduced_in="1.4", fixed_in="1.4.2"),
        ])
 def test_dump_vulnerabilities_refs(self):
     v = Vulnerability(id="1234",
                       references=[
                           Reference(type="cve",
                                     id="2015-1234",
                                     url="https://example.com/test123"),
                           Reference(type="osvdb", id="12345"),
                       ])
     self.assertEqual(self.importer.dump_vulnerability(v), {
         "id": "1234",
         "cve": ["2015-1234"],
         "osvdb": ["12345"],
     })
 def test_dump_vulnerability_pick_highest_when_nothing_relative_specified_with_closed_range(
         self):
     v = Vulnerability(id="1234",
                       title="My Description",
                       affected_versions=[
                           VersionRange(introduced_in="2.0",
                                        fixed_in="2.4"),
                           VersionRange(introduced_in="3.0",
                                        fixed_in="3.3"),
                       ])
     self.assertEqual(self.importer.dump_vulnerability(v), {
         "id": "1234",
         "title": "My Description (2.0+)",
         "fixed_in": "3.3",
     })
 def test_dump_vulnerabilities_urls(self):
     v = Vulnerability(id="1234",
                       references=[
                           Reference(type="other",
                                     url="https://example.com/test123"),
                           Reference(type="other",
                                     url="https://example.com/test456"),
                       ])
     self.assertEqual(
         self.importer.dump_vulnerability(v), {
             "id":
             "1234",
             "url":
             ["https://example.com/test123", "https://example.com/test456"],
         })
 def test_dump_vulnerability_finds_appropriate_fixed_in(self):
     v = Vulnerability(id="1234",
                       title="My Description",
                       affected_versions=[
                           VersionRange(fixed_in="1.7"),
                           VersionRange(introduced_in="2.0",
                                        fixed_in="2.4"),
                           VersionRange(introduced_in="3.0",
                                        fixed_in="3.3"),
                       ])
     dumped = self.importer.dump_vulnerability(v, for_version="2.2")
     self.assertEqual(dumped, {
         "id": "1234",
         "title": "My Description (2.0+)",
         "fixed_in": "2.4",
     })
 def test_dump_vulnerabilities_basic(self):
     v = Vulnerability(id="1234", title="Hello World")
     self.assertEqual(self.importer.dump_vulnerability(v), {
         "id": "1234",
         "title": "Hello World",
     })
 def test_dump_vulnerability_no_appropriate_fix(self):
     v = Vulnerability(id="1234")
     self.assertEqual(
         self.importer.dump_vulnerability(v, for_version="2.2"), {
             "id": "1234",
         })
 def test_reference_matches_by_url(self):
     refs = [Reference(type="test", url="1234")]
     self.assertTrue(
         Vulnerability(id="1234", references=refs).matches(
             match_reference=Reference(type="test", url="1234")))
 def test_no_filters(self):
     self.assertTrue(Vulnerability(id="1234").matches())
 def test_reference_does_not_match(self):
     self.assertFalse(
         Vulnerability(id="1234").matches(
             match_reference=Reference(type="test", id="1234")))
 def test_vuln_type(self):
     v = Vulnerability(id="1234", reported_type="LFI")
     self.assertEqual(self.importer.dump_vulnerability(v), {
         "id": "1234",
         "vuln_type": "LFI",
     })
 def test_reference_matches_by_id_but_not_type(self):
     refs = [Reference(type="test", id="1234")]
     self.assertFalse(
         Vulnerability(id="1234", references=refs).matches(
             match_reference=Reference(type="test2", id="1234")))
 def test_vuln_cvss(self):
     v = Vulnerability(id="1234", cvss=2.6)
     self.assertEqual(self.importer.dump_vulnerability(v), {
         "id": "1234",
         "cvss": 2.6,
     })