-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add snapshot tests for NVD provider (#340)
* enable multiple snapshot tests Signed-off-by: Alex Goodman <[email protected]> * add snapshot tests for nvd provider Signed-off-by: Alex Goodman <[email protected]> --------- Signed-off-by: Alex Goodman <[email protected]>
- Loading branch information
Showing
42 changed files
with
3,553 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3,458 changes: 3,458 additions & 0 deletions
3,458
tests/unit/providers/nvd/test-fixtures/full-page.json
Large diffs are not rendered by default.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2021/cve-2021-20581.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-20581","item":{"cve":{"id":"CVE-2021-20581","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:09.813","lastModified":"2023-10-18T17:58:51.443","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un usuario obtener información confidencial debido a una expiración insuficiente de la sesión. ID de IBM X-Force: 199324."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/199324","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2021/cve-2021-29913.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-29913","item":{"cve":{"id":"CVE-2021-29913","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:09.910","lastModified":"2023-10-18T17:59:20.763","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premise 11.5 podría permitir que un usuario autenticado obtenga información confidencial o realice acciones no autorizadas debido a una validación de entrada incorrecta. ID de IBM X-Force: 207898."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.3,"impactScore":4.7}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/207898","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2021/cve-2021-38859.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-38859","item":{"cve":{"id":"CVE-2021-38859","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.000","lastModified":"2023-10-18T17:59:31.703","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un usuario obtener información del número de versión mediante una solicitud HTTP especialmente manipulada que podría usarse en futuros ataques contra el System. ID de IBM X-Force: 207899."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/207899","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2022/cve-2022-22375.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22375","item":{"cve":{"id":"CVE-2022-22375","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.090","lastModified":"2023-10-18T17:59:45.190","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el System enviando una solicitud especialmente manipulada. ID de IBM X-Force: 221681."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221681","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2022/cve-2022-22377.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22377","item":{"cve":{"id":"CVE-2022-22377","sourceIdentifier":"[email protected]","published":"2023-10-17T01:15:09.687","lastModified":"2023-10-18T17:57:47.170","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827."},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir que un atacante remoto obtenga información confidencial, causada por no habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de intermediario. ID de IBM X-Force: 221827."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-311"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221827","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
1 change: 1 addition & 0 deletions
1
tests/unit/providers/nvd/test-fixtures/snapshots/full-page/2022/cve-2022-22380.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22380","item":{"cve":{"id":"CVE-2022-22380","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.177","lastModified":"2023-10-18T18:00:02.107","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un atacante falsificar una entidad de confianza debido a una validación incorrecta de los certificados. ID de IBM X-Force: 221957."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":5.0,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221957","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}} |
Oops, something went wrong.