-
Notifications
You must be signed in to change notification settings - Fork 231
/
Copy pathtest_apache_httpd.py
153 lines (125 loc) · 5.17 KB
/
test_apache_httpd.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#
# Copyright (c) nexB Inc. and others. All rights reserved.
# VulnerableCode is a trademark of nexB Inc.
# SPDX-License-Identifier: Apache-2.0
# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
# See https://github.com/aboutcode-org/vulnerablecode for support or download.
# See https://aboutcode.org for more information about nexB OSS projects.
#
import json
import os
from unittest import mock
from unittest.mock import patch
import pytest
from univers.version_constraint import VersionConstraint
from univers.version_range import ApacheVersionRange
from univers.versions import SemverVersion
from vulnerabilities.importer import AdvisoryData
from vulnerabilities.importers.apache_httpd import ApacheHTTPDImporter
from vulnerabilities.improvers.default import DefaultImprover
from vulnerabilities.improvers.valid_versions import ApacheHTTPDImprover
from vulnerabilities.tests import util_tests
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
TEST_DATA = os.path.join(BASE_DIR, "test_data", "apache_httpd")
def test_to_version_ranges():
data = [
{
"version_affected": "?=",
"version_value": "1.3.0",
},
{
"version_affected": "=",
"version_value": "1.3.1",
},
{
"version_affected": "<=",
"version_value": "2.3.4",
},
]
fixed_versions = ["1.3.2"]
affected_version_range = ApacheHTTPDImporter().to_version_ranges(data, fixed_versions)
assert (
ApacheVersionRange(
constraints=(
VersionConstraint(comparator="=", version=SemverVersion(string="1.3.1")),
VersionConstraint(comparator="<=", version=SemverVersion(string="2.3.4")),
VersionConstraint(comparator="!=", version=SemverVersion(string="1.3.2")),
)
)
== affected_version_range
)
def unknown_comparator():
data = [
{
"version_affected": "?=",
"version_value": "1.3.0",
},
{
"version_affected": "=",
"version_value": "1.3.1",
},
{
"version_affected": "#=",
"version_value": "2.3.4",
},
]
fixed_versions = ["1.3.2"]
affected_version_range = ApacheHTTPDImporter().to_version_ranges(data, fixed_versions)
def test_unknown_comparator_exception():
with pytest.raises(ValueError) as excinfo:
unknown_comparator()
assert "unknown comparator found! #=" in str(excinfo.value)
def test_to_advisory_CVE_1999_1199():
with open(os.path.join(TEST_DATA, "CVE-1999-1199.json")) as f:
data = json.load(f)
advisories = ApacheHTTPDImporter().to_advisory(data)
result = advisories.to_dict()
expected_file = os.path.join(TEST_DATA, f"CVE-1999-1199-apache-httpd-expected.json")
util_tests.check_results_against_json(result, expected_file)
def test_to_advisory_CVE_2021_44224():
with open(os.path.join(TEST_DATA, "CVE-2021-44224.json")) as f:
data = json.load(f)
advisories = ApacheHTTPDImporter().to_advisory(data)
result = advisories.to_dict()
expected_file = os.path.join(TEST_DATA, f"CVE-2021-44224-apache-httpd-expected.json")
util_tests.check_results_against_json(result, expected_file)
def test_to_advisory_CVE_2017_9798():
with open(os.path.join(TEST_DATA, "CVE-2017-9798.json")) as f:
data = json.load(f)
advisories = ApacheHTTPDImporter().to_advisory(data)
result = advisories.to_dict()
expected_file = os.path.join(TEST_DATA, f"CVE-2017-9798-apache-httpd-expected.json")
util_tests.check_results_against_json(result, expected_file)
def test_to_advisory_CVE_2022_28614():
with open(os.path.join(TEST_DATA, "CVE-2022-28614.json")) as f:
data = json.load(f)
advisories = ApacheHTTPDImporter().to_advisory(data)
result = advisories.to_dict()
expected_file = os.path.join(TEST_DATA, f"CVE-2022-28614-apache-httpd-expected.json")
util_tests.check_results_against_json(result, expected_file)
def test_apache_httpd_importer():
importer = ApacheHTTPDImporter()
with open(os.path.join(TEST_DATA, "CVE-2021-44224.json")) as f:
data = json.load(f)
advisory = importer.to_advisory(data)
expected_file = os.path.join(TEST_DATA, "CVE-2021-44224-apache-httpd-expected.json")
util_tests.check_results_against_json([advisory.to_dict()], expected_file)
@patch("vulnerabilities.improvers.valid_versions.apache_httpd.ApacheHTTPDImprover.get_package_versions")
def test_apache_httpd_improver(mock_response):
advisory_file = os.path.join(TEST_DATA, "CVE-2021-44224-apache-httpd-expected.json")
expected_file = os.path.join(TEST_DATA, "apache-httpd-improver-expected.json")
with open(advisory_file) as exp:
advisory = AdvisoryData.from_dict(json.load(exp))
mock_response.return_value = [
"2.4.8",
"2.4.9",
"2.4.10",
"2.4.53",
"2.4.54",
]
improvers = [ApacheHTTPDImprover(), DefaultImprover()]
result = []
for improver in improvers:
inference = [data.to_dict() for data in improver.get_inferences(advisory)]
result.extend(inference)
util_tests.check_results_against_json(result, expected_file)