Skip to content

Commit

Permalink
Add snapshot tests for NVD provider (#340)
Browse files Browse the repository at this point in the history
* enable multiple snapshot tests

Signed-off-by: Alex Goodman <[email protected]>

* add snapshot tests for nvd provider

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: Alex Goodman <[email protected]>
  • Loading branch information
wagoodman authored Oct 18, 2023
1 parent 526a8c7 commit 89de0a1
Show file tree
Hide file tree
Showing 42 changed files with 3,553 additions and 5 deletions.
14 changes: 10 additions & 4 deletions tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ def result_files(self):

def _snapshot_files(self):
snapshot_files = []

for root, _dirs, files in os.walk(self.snapshot.snapshot_dir):
for filename in files:
snapshot_files.append(os.path.join(root, filename))
Expand Down Expand Up @@ -133,9 +134,6 @@ def __init__(self, request, tmpdir, snapshot):
# docs: https://docs.pytest.org/en/6.2.x/reference.html#std-fixture-request
self.request = request
self.tmpdir = tmpdir

# any snapshot tests should be stored in the same place
snapshot.snapshot_dir = self.local_dir("test-fixtures/snapshots")
self.snapshot = snapshot

def local_dir(self, path: str):
Expand All @@ -157,12 +155,20 @@ def local_dir(self, path: str):
parent = os.path.realpath(os.path.dirname(current_test_filepath))
return os.path.join(parent, path)

def provider_workspace_helper(self, name: str, create: bool = True, input_fixture: str | None = None) -> WorkspaceHelper:
def provider_workspace_helper(
self, name: str, create: bool = True, input_fixture: str | None = None, snapshot_prefix: str = ""
) -> WorkspaceHelper:
root = self.tmpdir
if create:
os.makedirs(root / name / "input")
os.makedirs(root / name / "results")

# any snapshot tests should be stored in the same place
snapshot_path = "test-fixtures/snapshots"
if snapshot_prefix:
snapshot_path = os.path.join(snapshot_path, snapshot_prefix)
self.snapshot.snapshot_dir = self.local_dir(snapshot_path)

h = WorkspaceHelper(root, name, self.snapshot)

if input_fixture:
Expand Down
3,458 changes: 3,458 additions & 0 deletions tests/unit/providers/nvd/test-fixtures/full-page.json

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-20581","item":{"cve":{"id":"CVE-2021-20581","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:09.813","lastModified":"2023-10-18T17:58:51.443","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un usuario obtener información confidencial debido a una expiración insuficiente de la sesión. ID de IBM X-Force: 199324."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/199324","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-29913","item":{"cve":{"id":"CVE-2021-29913","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:09.910","lastModified":"2023-10-18T17:59:20.763","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premise 11.5 podría permitir que un usuario autenticado obtenga información confidencial o realice acciones no autorizadas debido a una validación de entrada incorrecta. ID de IBM X-Force: 207898."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.3,"impactScore":4.7}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/207898","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2021/cve-2021-38859","item":{"cve":{"id":"CVE-2021-38859","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.000","lastModified":"2023-10-18T17:59:31.703","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un usuario obtener información del número de versión mediante una solicitud HTTP especialmente manipulada que podría usarse en futuros ataques contra el System. ID de IBM X-Force: 207899."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/207899","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22375","item":{"cve":{"id":"CVE-2022-22375","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.090","lastModified":"2023-10-18T17:59:45.190","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el System enviando una solicitud especialmente manipulada. ID de IBM X-Force: 221681."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221681","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22377","item":{"cve":{"id":"CVE-2022-22377","sourceIdentifier":"[email protected]","published":"2023-10-17T01:15:09.687","lastModified":"2023-10-18T17:57:47.170","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827."},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir que un atacante remoto obtenga información confidencial, causada por no habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial utilizando técnicas de intermediario. ID de IBM X-Force: 221827."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-311"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221827","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/nvd/schema-1.0.0.json","identifier":"2022/cve-2022-22380","item":{"cve":{"id":"CVE-2022-22380","sourceIdentifier":"[email protected]","published":"2023-10-17T02:15:10.177","lastModified":"2023-10-18T18:00:02.107","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"\nIBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.\n\n"},{"lang":"es","value":"IBM Security Verify Privilege On-Premises 11.5 podría permitir a un atacante falsificar una entidad de confianza debido a una validación incorrecta de los certificados. ID de IBM X-Force: 221957."}],"metrics":{"cvssMetricV31":[{"source":"[email protected]","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"[email protected]","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":5.0,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"[email protected]","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"[email protected]","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5","matchCriteriaId":"CEE9CBED-455C-4B83-A735-76EE4C7E331A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/221957","source":"[email protected]","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7047202","source":"[email protected]","tags":["Patch","Vendor Advisory"]}]}}}
Loading

0 comments on commit 89de0a1

Please sign in to comment.