def test_url_is_not_404(self):
all_urls = set()
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_vuln = DBVuln.from_id(vuln_id)
if db_vuln.wasc:
for wasc_id in db_vuln.wasc:
all_urls.add(db_vuln.get_wasc_url(wasc_id))
if db_vuln.cwe:
for cwe_id in db_vuln.cwe:
all_urls.add(db_vuln.get_cwe_url(cwe_id))
for _, _, link in db_vuln.get_owasp_top_10_references():
all_urls.add(link)
for reference in db_vuln.references:
all_urls.add(reference.url)
session = requests.Session()
for url in all_urls:
if self.url_is_404(session, url):
invalid.append(url)
self.assertEqual(invalid, [])
def test_url_is_not_404(self):
all_urls = set()
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_vuln = DBVuln.from_id(vuln_id)
if db_vuln.wasc:
for wasc_id in db_vuln.wasc:
all_urls.add(db_vuln.get_wasc_url(wasc_id))
if db_vuln.cwe:
for cwe_id in db_vuln.cwe:
all_urls.add(db_vuln.get_cwe_url(cwe_id))
for _, _, link in db_vuln.get_owasp_top_10_references():
all_urls.add(link)
for reference in db_vuln.references:
all_urls.add(reference.url)
session = requests.Session()
for url in all_urls:
if self.url_is_404(session, url):
invalid.append(url)
self.assertEqual(invalid, [])
def set_vulndb_id(self, vulndb_id):
if vulndb_id is None:
self._vulndb_id = None
return
if not DBVuln.is_valid_id(vulndb_id):
all_db_ids = DBVuln.get_all_db_ids()
msg = ('Invalid vulnerability DB id %s. There are %s entries in'
' the vulnerability database but none is the specified one.')
args = (vulndb_id, len(all_db_ids))
raise ValueError(msg % args)
self._vulndb_id = vulndb_id
def set_vulndb_id(self, vulndb_id):
if vulndb_id is None:
self._vulndb_id = None
return
if not DBVuln.is_valid_id(vulndb_id):
all_db_ids = DBVuln.get_all_db_ids()
msg = ('Invalid vulnerability DB id %s. There are %s entries in'
' the vulnerability database but none is the specified one.')
args = (vulndb_id, len(all_db_ids))
raise ValueError(msg % args)
self._vulndb_id = vulndb_id
def test_no_multiple_spaces(self):
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_vuln = DBVuln.from_id(vuln_id)
if ' ' in db_vuln.fix_guidance:
invalid.append((db_vuln.db_file, 'fix_guidance'))
if ' ' in db_vuln.description:
invalid.append((db_vuln.db_file, 'description'))
self.assertEqual(invalid, [])
def test_no_multiple_spaces(self):
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_vuln = DBVuln.from_id(vuln_id)
if ' ' in db_vuln.fix_guidance:
invalid.append((db_vuln.db_file, 'fix_guidance'))
if ' ' in db_vuln.description:
invalid.append((db_vuln.db_file, 'description'))
self.assertEqual(invalid, [])
def test_id_match(self):
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_path_file = DBVuln.get_file_for_id(vuln_id)
json_data = json.loads(file(db_path_file).read())
json_id = json_data['id']
db_file = os.path.split(db_path_file)[1]
if not db_file.startswith('%s-' % json_id):
invalid.append(db_file)
self.assertEqual(invalid, [])
def test_id_match(self):
invalid = []
for vuln_id in DBVuln.get_all_db_ids():
db_path_file = DBVuln.get_file_for_id(vuln_id)
json_data = json.loads(file(db_path_file).read())
json_id = json_data['id']
db_file = os.path.split(db_path_file)[1]
if not db_file.startswith('%s-' % json_id):
invalid.append(db_file)
self.assertEqual(invalid, [])
###
# Name: VulnDB_Json_serpico
# Description: Script to Parse VulnDB to Serpico Vulnerability Findings
# Author: SAINTz
# Twitter: @__SAINTz__
# Version: 0.1 - 17 August 2018
# License: GNU/GPL
##
import json
from vulndb import DBVuln
DB_IDs = DBVuln.get_all_db_ids()
export_json = []
for x in DB_IDs:
dbv = DBVuln.from_id(x)
data_tmp = {
"affected_hosts": "null",
"affected_users": 10,
"approved": "true",
"damage": 10,
"discoverability": 10,
"dread_total": 0,
"effort": "Planned",
"exploitability": 10,
"id": dbv.id,
"overview": "<paragraph>" + dbv.description + "</paragraph>",
"poc": "<paragraph></paragraph>",
"references": dbv.references,
"remediation": "<paragraph>" + dbv.fix_guidance + "</paragraph>",
