Skip to content

Commit

Permalink
fix: test and remove existing test
Browse files Browse the repository at this point in the history
  • Loading branch information
@mastersans
mastersans committed Jul 26, 2024
1 parent 346f3f2 commit 8977fda
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 207 deletions.
2 changes: 1 addition & 1 deletion cve_bin_tool/output_engine/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -797,10 +797,10 @@ def output_cves(self, outfile, output_type="console"):
self.vex_product_info["product"],
self.vex_product_info["release"],
self.vex_product_info["vendor"],
self.vex_product_info["revision_reason"],
self.vex_filename,
self.vex_type,
self.all_cve_data,
self.vex_product_info["revision_reason"],
logger=self.logger,
)
vexgen.generate_vex()
Expand Down
2 changes: 1 addition & 1 deletion cve_bin_tool/vex_manager/generate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ def __init__(
product: str,
release: str,
vendor: str,
revision_reason: str,
filename: str,
vextype: str,
all_cve_data: Dict[ProductInfo, CVEData],
revision_reason: str = "",
sbom: Optional[str] = None,
logger: Optional[Logger] = None,
validate: bool = True,
Expand Down
205 changes: 0 additions & 205 deletions test/test_input_engine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@

import re
from ast import literal_eval
from collections import defaultdict
from pathlib import Path

import pytest
Expand Down Expand Up @@ -59,148 +58,6 @@ class TestInputEngine:
"paths": {""},
},
}
VEX_TRIAGE_DATA = {
ProductInfo("d.r.commander", "libjpeg-turbo", "2.0.1", "location/to/product"): {
"CVE-2018-19664": {
"comments": "High priority need to resolve fast",
"remarks": Remarks.Confirmed,
"justification": "protected_by_compiler",
"response": ["will_not_fix"],
"severity": "CRITICAL",
},
"paths": {},
},
ProductInfo("gnu", "glibc", "2.33", "location/to/product"): {
"CVE-2021-1234": {
"comments": "",
"remarks": Remarks.Unexplored,
"response": ["workaround_available", "update"],
"severity": "HIGH",
},
"paths": {},
},
}
# cyclonedx currently doesn't have vendors
VEX_TRIAGE_DATA_CYCLONEDX = {
ProductInfo("UNKNOWN", "libjpeg-turbo", "2.0.1", "location/to/product"): {
"CVE-2018-19664": {
"comments": "High priority need to resolve fast",
"remarks": Remarks.Confirmed,
"response": [],
"severity": "CRITICAL",
},
"paths": {},
},
ProductInfo("UNKNOWN", "glibc", "2.33", "location/to/product"): {
"CVE-2021-1234": {
"comments": "",
"remarks": Remarks.Unexplored,
"response": [],
"severity": "HIGH",
},
"paths": {},
},
}
VEX_TRIAGE_DATA_CYCLONEDX_CASE13 = {
ProductInfo(
vendor="UNKNOWN",
product="acme-product",
version="1",
location="location/to/product",
): {
"CVE-2020-25649": {
"comments": "Automated "
"dataflow "
"analysis "
"and "
"manual "
"code "
"review "
"indicates "
"that "
"the "
"vulnerable "
"code "
"is "
"not "
"reachable, "
"either "
"directly "
"or "
"indirectly.",
"justification": "code_not_reachable",
"remarks": Remarks.NotAffected,
"response": ["will_not_fix", "update"],
"severity": "NONE",
},
"paths": {},
},
ProductInfo(
vendor="UNKNOWN",
product="acme-product",
version="2",
location="location/to/product",
): {
"CVE-2020-25649": {
"comments": "Automated "
"dataflow "
"analysis "
"and "
"manual "
"code "
"review "
"indicates "
"that "
"the "
"vulnerable "
"code "
"is "
"not "
"reachable, "
"either "
"directly "
"or "
"indirectly.",
"justification": "code_not_reachable",
"remarks": Remarks.NotAffected,
"response": ["will_not_fix", "update"],
"severity": "NONE",
},
"paths": {},
},
ProductInfo(
vendor="UNKNOWN",
product="acme-product",
version="3",
location="location/to/product",
): {
"CVE-2020-25649": {
"comments": "Automated "
"dataflow "
"analysis "
"and "
"manual "
"code "
"review "
"indicates "
"that "
"the "
"vulnerable "
"code "
"is "
"not "
"reachable, "
"either "
"directly "
"or "
"indirectly.",
"remarks": Remarks.Confirmed,
"response": None,
},
"paths": {},
},
}

MISSING_FIELD_REGEX = re.compile(
r"({[' ,](([a-z])+[' ,]{1,4})+}) are required fields"
)
Expand Down Expand Up @@ -268,65 +125,3 @@ def test_valid_file(self, filepath, parsed_data):
print("Parsed Data Actual:", parsed_data_actual)
print("Expected Data:", parsed_data)
assert parsed_data_actual[product_info] == expected_data

@pytest.mark.parametrize(
"filepath, parsed_data",
(
(str(VEX_PATH / "test_triage.vex"), VEX_TRIAGE_DATA),
(
str(VEX_PATH / "test_triage_cyclonedx_case13.vex"),
VEX_TRIAGE_DATA_CYCLONEDX_CASE13,
),
(str(VEX_PATH / "test_triage_cyclonedx.vex"), VEX_TRIAGE_DATA_CYCLONEDX),
(str(VEX_PATH / "bad.vex"), defaultdict(dict)),
),
)
def test_vex_file(self, filepath, parsed_data):
input_engine = InputEngine(filepath, error_mode=ErrorMode.FullTrace)
assert dict(input_engine.parse_input()) == parsed_data

@pytest.mark.parametrize(
"product, product_result",
(
("gcc", True),
("not_a_bad%product", True),
("12!", False),
("!Superproduct", False),
),
)
def test_valid_product_name(self, product, product_result):
input_engine = InputEngine("temp.txt", error_mode=ErrorMode.FullTrace)
assert input_engine.validate_product(product) == product_result

@pytest.mark.parametrize(
"version",
(
"sky%2fx6069_trx_l601_sky%2fx6069_trx_l601_sky%3a6.0%2fmra58k%2f1482897127%3auser%2frelease-keys",
"v4.02.15%282335dn_mfp%29_11-22-2010",
"_",
"-",
"y",
"2024-01-23",
),
)
def test_cpe_versions(self, version):
# Based on the National Vulnerability Database (NVD)
# official-cpe-dictionary_v2.3.xml (2024-02-28T04:51:31.141Z) the
# following are possible characters is a version string: [a-z0-9.%-_]
input_engine = InputEngine("temp.txt", error_mode=ErrorMode.FullTrace)
vex = {
"vulnerabilities": [
{
"id": "CVE-2018-15007",
"analysis": {
"state": "not_affected",
"response": [],
"justification": "",
"detail": "1",
},
"affects": [{"ref": f"urn:cbt:1/vendor#product:{version}"}],
}
]
}
input_engine.input_vex_cyclone_dx(vex)
assert list(input_engine.parsed_data.keys())[0].version == version

0 comments on commit 8977fda

Please sign in to comment.