示例#1
0
def test_merge_dont_keep_ours(db_small_path, db_python_only):
    """Test VictimsDB().merge(), but override our records."""
    db1 = VictimsDB.from_dir(db_small_path)
    db2 = VictimsDB.from_dir(db_python_only)

    db1.merge(db2, keep_ours=False)
    assert len(db1) == 4
    cve = db1['CVE-2016-10516']
    assert not cve.affects('werkzeug', version='0.11.10')
示例#2
0
def test_merge(db_small_path, db_python_only):
    """Test VictimsDB().merge()."""
    db1 = VictimsDB.from_dir(db_small_path)
    assert len(db1) == 3
    db2 = VictimsDB.from_dir(db_python_only)
    assert len(db2) == 2

    db1.merge(db2)
    assert len(db1) == 4
    cve = db1['CVE-2016-10516']
    assert cve.affects('werkzeug', version='0.11.10')
示例#3
0
def test_iter(db_small_path):
    """Test iter() with VictimsDB()."""
    db = VictimsDB.from_dir(db_small_path)
    wanted = ['CVE-2018-10237', 'CVE-2017-18214', 'CVE-2016-10516']
    for record in db:
        assert record.cve_id in wanted
        wanted.remove(record.cve_id)
示例#4
0
def test_getitem(db_small_path):
    """Test [] on VictimsDB()."""
    db = VictimsDB.from_dir(db_small_path)
    assert 'CVE-2017-18214' == db['CVE-2017-18214'].cve_id

    with pytest.raises(KeyError):
        db['CVE-0000-0000']
示例#5
0
def test_read_yamls_from_git_url(git_url):
    """Test VictimsDB().from_git_url()."""
    db = VictimsDB.from_git_url(git_url)
    assert db
    cves = db.cves_for('werkzeug')
    assert len(cves) == 1
    assert cves[0].cve_id == 'CVE-2016-10516'
示例#6
0
def test_python_vulnerabilities(db_small_path):
    """Test VictimsDB.python_vulnerabilities()."""
    db = VictimsDB.from_dir(db_small_path)
    python_db = db.python_vulnerabilities()

    cves = python_db.cves_for('werkzeug')
    assert len(cves) == 1
    assert cves[0].cve_id == 'CVE-2016-10516'

    assert not python_db.cves_for('not-there', ecosystem='java')
示例#7
0
def test_javascript_vulnerabilities(db_small_path):
    """Test VictimsDB.javascript_vulnerabilities()."""
    db = VictimsDB.from_dir(db_small_path)
    javascript_db = db.javascript_vulnerabilities()

    cves = javascript_db.cves_for('moment')
    assert len(cves) == 1
    assert cves[0].cve_id == 'CVE-2017-18214'

    assert not javascript_db.cves_for('not-there', ecosystem='python')
示例#8
0
def test_java_vulnerabilities(db_small_path):
    """Test VictimsDB.java_vulnerabilities()."""
    db = VictimsDB.from_dir(db_small_path)
    java_db = db.java_vulnerabilities()

    cves = java_db.cves_for('com.google.guava:guava-gwt')
    assert len(cves) == 1
    assert cves[0].cve_id == 'CVE-2018-10237'

    assert not java_db.cves_for('not-there', ecosystem='python')
示例#9
0
def test_contains(db_small_path):
    """Test `in` with VictimsDB()."""
    db = VictimsDB.from_dir(db_small_path)
    assert 'CVE-2018-10237' in db
    assert 'CVE-0000-0000' not in db
    assert None not in db
示例#10
0
def test_len(db_small_path):
    """Test len() on VictimsDB()."""
    db = VictimsDB.from_dir(db_small_path)
    assert len(db) == 3
示例#11
0
def test_from_dir(db_small_path):
    """Test VictimsDB.from_dir()."""
    db = VictimsDB.from_dir(db_small_path)
    assert db
示例#12
0
def test_improper_yaml_parsing(db_path_with_improper_files):
    """Test VictimsDB.cves_for() YAMLs with improper/not parseable files."""
    db = VictimsDB.from_dir(db_path_with_improper_files)
    cves = db.cves_for('xyzzy_unknown_package')
    assert cves is not None
    assert len(cves) == 0
示例#13
0
def test_basic_unknown_package(db_small_path):
    """Test VictimsDB.cves_for() for unknown package."""
    db = VictimsDB.from_dir(db_small_path)
    cves = db.cves_for('xyzzy_unknown_package')
    assert cves is not None
    assert len(cves) == 0
示例#14
0
def test_basic(db_small_path):
    """Test VictimsDB.cves_for() for known package."""
    db = VictimsDB.from_dir(db_small_path)
    cves = db.cves_for('werkzeug')
    assert len(cves) == 1
    assert cves[0].cve_id == 'CVE-2016-10516'