def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), [u'web', u'sql', u'blind',
u'injection', u'database'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
[u'https://cwe.mitre.org/data/definitions/89.html'])
self.assertEqual(i.get_cwe_ids(), [u'89'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(list(i.get_owasp_top_10_references()),
[(u'2013', 1,
'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_to_json(self):
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
i['test'] = 'foo'
i.add_to_highlight('abc', 'def')
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd['name'], i.get_name())
self.assertEqual(jd['url'], str(i.get_url()))
self.assertEqual(jd['var'], i.get_token_name())
self.assertEqual(jd['response_ids'], i.get_id())
self.assertEqual(jd['vulndb_id'], i.get_vulndb_id())
self.assertEqual(jd['desc'], i.get_desc(with_id=False))
self.assertEqual(jd['long_description'], i.get_long_description())
self.assertEqual(jd['fix_guidance'], i.get_fix_guidance())
self.assertEqual(jd['fix_effort'], i.get_fix_effort())
self.assertEqual(jd['tags'], i.get_tags())
self.assertEqual(jd['wasc_ids'], i.get_wasc_ids())
self.assertEqual(jd['wasc_urls'], list(i.get_wasc_urls()))
self.assertEqual(jd['cwe_urls'], list(i.get_cwe_urls()))
self.assertEqual(jd['references'], BLIND_SQLI_REFS)
self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd['plugin_name'], i.get_plugin_name())
self.assertEqual(jd['severity'], i.get_severity())
self.assertEqual(jd['attributes'], i.copy())
self.assertEqual(jd['highlight'], list(i.get_to_highlight()))
def test_to_json(self):
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
i['test'] = 'foo'
i.add_to_highlight('abc', 'def')
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd['name'], i.get_name())
self.assertEqual(jd['url'], str(i.get_url()))
self.assertEqual(jd['var'], i.get_token_name())
self.assertEqual(jd['response_ids'], i.get_id())
self.assertEqual(jd['vulndb_id'], i.get_vulndb_id())
self.assertEqual(jd['desc'], i.get_desc(with_id=False))
self.assertEqual(jd['long_description'], i.get_long_description())
self.assertEqual(jd['fix_guidance'], i.get_fix_guidance())
self.assertEqual(jd['fix_effort'], i.get_fix_effort())
self.assertEqual(jd['tags'], i.get_tags())
self.assertEqual(jd['wasc_ids'], i.get_wasc_ids())
self.assertEqual(jd['wasc_urls'], list(i.get_wasc_urls()))
self.assertEqual(jd['cwe_urls'], list(i.get_cwe_urls()))
self.assertEqual(jd['references'], BLIND_SQLI_REFS)
self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd['plugin_name'], i.get_plugin_name())
self.assertEqual(jd['severity'], i.get_severity())
self.assertEqual(jd['attributes'], i.copy())
self.assertEqual(jd['highlight'], list(i.get_to_highlight()))
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name', vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
title = 'OWASP'
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), ['web', 'file', 'inclusion', 'error',
'injection'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
['https://cwe.mitre.org/data/definitions/98.html'])
self.assertEqual(i.get_cwe_ids(), [u'98'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(list(i.get_owasp_top_10_references()),
[(u'2013', 1,
'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [
Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS
]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(),
[u'web', u'sql', u'blind', u'injection', u'database'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
[u'https://cwe.mitre.org/data/definitions/89.html'])
self.assertEqual(i.get_cwe_ids(), [u'89'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()),
[(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info('Blind SQL injection vulnerability',
MockInfo.LONG_DESC,
1,
'plugin_name',
vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
title = 'OWASP'
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(),
['web', 'file', 'inclusion', 'error', 'injection'])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()),
['https://cwe.mitre.org/data/definitions/98.html'])
self.assertEqual(i.get_cwe_ids(), [u'98'])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()),
[(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_to_json(self):
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")
i["test"] = "foo"
i.add_to_highlight("abc", "def")
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd["name"], i.get_name())
self.assertEqual(jd["url"], str(i.get_url()))
self.assertEqual(jd["var"], i.get_token_name())
self.assertEqual(jd["response_ids"], i.get_id())
self.assertEqual(jd["vulndb_id"], i.get_vulndb_id())
self.assertEqual(jd["desc"], i.get_desc(with_id=False))
self.assertEqual(jd["long_description"], i.get_long_description())
self.assertEqual(jd["fix_guidance"], i.get_fix_guidance())
self.assertEqual(jd["fix_effort"], i.get_fix_effort())
self.assertEqual(jd["tags"], i.get_tags())
self.assertEqual(jd["wasc_ids"], i.get_wasc_ids())
self.assertEqual(jd["wasc_urls"], list(i.get_wasc_urls()))
self.assertEqual(jd["cwe_urls"], list(i.get_cwe_urls()))
self.assertEqual(jd["references"], BLIND_SQLI_REFS)
self.assertEqual(jd["owasp_top_10_references"], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd["plugin_name"], i.get_plugin_name())
self.assertEqual(jd["severity"], i.get_severity())
self.assertEqual(jd["attributes"], i.copy())
self.assertEqual(jd["highlight"], list(i.get_to_highlight()))
def test_vulndb_id_get_from_name(self):
# Since there is no vulndb_id set, the name wins:
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")
# lazy calculation
self.assertIsNone(i._vulndb)
expected_references = [Reference(d["url"], d["title"]) for d in BLIND_SQLI_REFS]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 46)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), [u"web", u"sql", u"blind", u"injection", u"database"])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()), [u"https://cwe.mitre.org/data/definitions/89.html"])
self.assertEqual(i.get_cwe_ids(), [u"89"])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
)
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
def test_vulndb_id_set(self):
# The vulndb_id overrides the 'Blind SQL injection vulnerability' name
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name", vulndb_id=17)
# lazy calculation
self.assertIsNone(i._vulndb)
url = "https://www.owasp.org/index.php/PHP_File_Inclusion"
title = "OWASP"
expected_references = [Reference(url, title)]
self.assertTrue(i.has_db_details())
self.assertEqual(i.get_vulndb_id(), 17)
self.assertIsInstance(i.get_long_description(), basestring)
self.assertIsInstance(i.get_fix_guidance(), basestring)
self.assertEqual(i.get_fix_effort(), 50)
self.assertEqual(i.get_tags(), ["web", "file", "inclusion", "error", "injection"])
self.assertEqual(i.get_wasc_ids(), [])
self.assertEqual(list(i.get_wasc_urls()), [])
self.assertEqual(list(i.get_cwe_urls()), ["https://cwe.mitre.org/data/definitions/98.html"])
self.assertEqual(i.get_cwe_ids(), [u"98"])
self.assertEqual(i.get_references(), expected_references)
self.assertEqual(
list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
)
self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)
# lazy calculation success
self.assertIsNotNone(i._vulndb)
